Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Rapid7

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
INFOBLOX & RAPID7 NEXPOSE INTEGRATION - DEMO VIDEO & TEMPLATES
[ Edited ]
Adviser
Posts: 171
Registered: ‎09-09-2015
Adviser
Posts: 81

Hi there,

 

Infoblox and Rapid7 Nexpose together enable security and incident response teams to leverage the integration of vulnerability scanners and DNS security to enhance visibility, manage assets, ease compliance and automate remediation. This video shows how the integration with Rapid7 works using Outbound API NIOS 8.1 feature.

 

 

All necessary templates are attached to this post. The templates are provided “as-is”, please check them in you Lab environment and modify for your needs before implementing them in production.

The templates require Extensible Attributes, described in the table below. It is recommended to inherit attributes with the default values from the network view level.

 

Extensible Attribute Description
R7_Sync Defines if an object should be synced with Rapid7 Nexpose. Possible values: true, false
R7_SyncedAt Contains date/time when the object was synchronized, updated by the assets management template
R7_NetToSite Defines if a network should be added to a site (as shown on the video). Possible values: true, false. If R7_NetToSite is false but R7_Sync is true, R7_SiteID will be updated.
R7_RangeToSite Defines if a range should be added to a site. Possible values: true, false. If R7_NetToSite is false but R7_Sync is true, R7_SiteID will be updated.
R7_ScanOnEvent Defines if an asset should be scanned if RPZ or DNS Tunneling events were triggered
R7_ScanOnAdd Defines if an asset should be scanned immediately after creation
R7_ScanTemplate Defines a Rapid7 Nexpose template which should be used for scans initiated by an Infoblox appliance. Possible values: default, full-audit, full-audit-without-web-spider etc (internal templates IDs). If set to “default” then a template configured for a site will be used.
R7_Site Defines a Site name
R7_SiteID Contains an internal site ID. Updated automatically. If the value was inherited from a top level, templates will bypass a few steps retrieving this ID. It should not be manually updated.
R7_LastScan Contains a date when an asset was scanned last time by a request from Infoblox
R7_AddByHostname Defines if a host should be synced with Rapid7 Nexpose using a hostname. The hostname should be resolvable by Nexpose. Possible values: true, false

 

You can use attached PHP script to create these EAs (do not forget to update $NIOS_baseURL, $NIOS_User, $NIOS_PWD, $data variables based on your configuration)

 

The detailed description how the templates work you can find in these posts:

Any feedback and/or questions are appreciated and very welcome.

BR,

Vadim Pavlov

Showing results for 
Search instead for 
Did you mean: