Hi,
We recently configured Rapid7 App on a Search Head. Configuration is pointed to the Nexpose console IP on the default port of 3780. A non-admin user is used for connection to Nexpose. This user has access to all sites/groups.
After letting the nexpose_setup script run for some time, the only two items getting updated slowly in the dashboard are Total Assets & Total Vulnerabilities. Rest of the dashboard is blank. Noticed that under nexpose_setup.conf, hostname field was still left to “localhost”, but changing that to console IP did not make any difference.
Following is repeated in rapid7.log
2016-05-25 10:00:00,675 INFO nexpose_reports:65 - Platform is Linux or Mac
2016-05-25 10:00:00,675 INFO nexpose_reports:70 - Splunk home is </opt/splunk>. Save directories are: </opt/splunk/etc/apps/rapid7/lookups/>, </opt/splunk/etc/apps/rapid7/lookups/vuln_cim_lookups/>, </opt/splunk/etc/apps/rapid7/lookups/asset_cim_lookups/>
2016-05-25 10:00:00,675 INFO nexpose_reports:74 - Created save directory successfully!
2016-05-25 10:00:00,676 INFO nexpose_reports:84 - Created vulnerability save directory successfully!
2016-05-25 10:00:00,676 INFO nexpose_reports:94 - Created asset save directory successfully!
2016-05-25 10:00:01,379 INFO nexpose_setup:34 - Executing nexpose_setup.py
2016-05-25 10:00:01,725 INFO nexpose_setup:34 - Executing nexpose_setup.py
2016-05-25 10:00:02,188 INFO nexpose_setup:34 - Executing nexpose_setup.py
2016-05-25 10:00:02,226 INFO nexpose_reports:163 - Nexpose application enabled. Continuing...
2016-05-25 10:19:44,705 INFO __init__:168 - Using default logging config file: /opt/splunk/etc/log.cfg
2016-05-25 10:19:44,709 INFO __init__:206 - Setting logger=splunk level=INFO
2016-05-25 10:19:44,709 INFO __init__:206 - Setting logger=splunk.appserver level=INFO
2016-05-25 10:19:44,709 INFO __init__:206 - Setting logger=splunk.appserver.controllers level=INFO
2016-05-25 10:19:44,710 INFO __init__:206 - Setting logger=splunk.appserver.controllers.proxy level=INFO
2016-05-25 10:19:44,710 INFO __init__:206 - Setting logger=splunk.appserver.lib level=WARN
2016-05-25 10:19:44,711 INFO __init__:206 - Setting logger=splunk.pdfgen level=INFO
2016-05-25 10:19:44,711 INFO setup:29 - Executing setup.py
2016-05-25 10:38:36,068 INFO nexpose_setup:34 - Executing nexpose_setup.py
2016-05-25 10:38:36,368 INFO nexpose_setup:34 - Executing nexpose_setup.py
2016-05-25 10:38:36,704 INFO nexpose_setup:34 - Executing nexpose_setup.py
2016-05-25 10:38:37,013 INFO nexpose_setup:34 - Executing nexpose_setup.py
2016-05-25 10:38:37,412 INFO nexpose_setup:34 - Executing nexpose_setup.py
2016-05-25 10:38:37,865 INFO nexpose_setup:34 - Executing nexpose_setup.py
Any ideas on what I could have missed? Does this need an admin account on Nexpose?
Thanks,
~ Abhi
... View more