NeXpose Alerting

Document created by mjc on Apr 6, 2011Last modified by techeditor on May 23, 2011
Version 4Show Document
  • View in full screen mode

Setting up alerts

 

You can set up alerts for certain scan events:

 

  • a scan starting
  • a scan stopping
  • a scan failing to conclude successfully
  • a scan discovering a vulnerability that matches specified criteria

 

Go to the Alerting page and click the New Alert button.

 

alertingPage.png

 

The console displays a New Alert dialog box. Click the Enable alert check box to ensure that NeXpose generates this type of alert. You can click the box again at any time to disable the alert if you prefer not to receive that alert temporarily without having to delete it.

 

Type a name for the alert.

 

Type a value in the Send at most field if you wish to limit the number of this type of alert that you receive during the scan.

 

Select the check boxes for types of events that you wish to generate alerts for. For example, if you select Paused and Resumed, NeXpose generates an alert every time it pauses or resumes a scan.

 

Select a severity level for vulnerabilities that you wish to generate alerts for.

 

Select the Confirmed, Unconfirmed, and/or Potential check boxes to receive only those alerts. You can filter alerts for vulnerabilities based on the level of certainty that those vulnerabilities exist.

 

 

 

When NeXpose scans an asset, it performs a sequence of discoveries, verifying the existence of an asset, port, service, and variety of service (for example, an Apache Web server or an IIS Web server). Then, NeXpose attempts to test the asset for vulnerabilities known to be associated with that asset, based on the information gathered in the discovery phase.

 

If NeXpose is able to verify a vulnerability, it reports a "confirmed" vulnerability. If NeXpose is unable to verify a vulnerability known to be associated with that asset, it reports an "unconfirmed" or "potential" vulnerability. The difference between these latter two classifications is the level of probability. Unconfirmed vulnerabilities are more likely to exist than potential ones, based on the asset's profile.

 

Select a notification method from the dropdown box. NeXpose can send alerts via SMTP e-mail, SNMP message, or Syslog message. Your selection will control which additional fields appear below this box.

 

If you select the e-mail method, enter the addresses of your intended recipients. If your network restricts outbound SMTP traffic, specify a mail relay server for sending the alert e-mails.

 

If you select the option to send SNMP alerts, type the name of the SNMP community and the address of the SNMP server to which NeXpose will send alerts.

 

If you select the option to send a Syslog message, type the address of the Syslog server to which NeXpose will send messages.

 

Click the Limit alert text check box to send the alert without a description of the alert or its solution. Limted-text alerts only include the name and severity. This is a security option for alerts sent over the Internet or as text messages to mobile devices.

 

Click the Save button. The new alert appears on the Alerting page.

 

newAlert.png

Attachments

    Outcomes