2012-03-21 product and content updates
This Rapid7® Nexpose® 5.2 release includes new features and improvements for security configuration assessment, reporting, virtualization support, usability, and administration.
These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. See the third FAQ.
Thanks for choosing Nexpose!
Release 5.2 is the next of many exciting deliveries in 2012 in response to your direct feedback. It incorporates the full commitment of Rapid7 to delivering a great product to you, our customer. The release focuses on a number of enhancements for security configuration assessment, reporting, virtualization security, usability, and administrative capabilities. In terms of coverage, we released checks for more than 4900 vulnerabilities since the 5.1 release. We trust that you’ll find these enhancements useful. Keep an eye out for continued enhancements throughout 2012, and as always, please keep the feedback coming on how we can make Nexpose even better.
Director of Engineering, Rapid7
Security Configuration Assessment | product
Expanded security configuration assessment features give you drill-down capabilities
You can use the Policies dashboard in the Web interface to assess security configuration compliance for your entire environment and then drill down to view compliance results for specific security policies and their elements available in the Advanced Policy Engine. This allows you to determine quickly which assets need to be remediated or which rules are presenting specific compliance issues, so that you can gain insight into your overall compliance posture and risk.
NOTE: Your license must enable the Advanced Policy Engine in order for the Policies dashboard to be visible. To discuss pricing and upgrade options, please contact Rapid7.
Reporting | product
Create custom CSV export reports
With expanded report template capabilities, you can now create custom comma-separated-value (CSV) export reports for better remediation. Choose from more than 30 fields to determine the exact, granular vulnerability information that you want to share with stakeholders in your organization. You can manipulate the exported CSV files with pivot tables to produce multiple views of your vulnerability data. You will find this feature in the report template configuration panel in the Web interface.
NOTE: Customizable CSV Export is only available in Nexpose Enterprise Edition and Nexpose Consultant Edition. To upgrade to one of these editions, please contact Rapid7.
As part of CSV report enhancements, the contents of some of the existing columns have been updated to conform to commonly used CSV-escaping practices.
New XML Export includes new attributes
The new XML Export 2.0 report format includes new attributes that are also available in the extended CSV export, allowing you to export additional critical data for better reporting and remediation of vulnerabilities:
- PCI compliance status
- scan data, including the template used, and the scan ID
- site and asset data, including asset aliases and user-assigned site importance
- asset and vulnerability risk
- vulnerability data
- exploit and malware exposure information
The legacy XML Export and Simple XML formats have been deprecated. After December 31, 2012, Rapid7 will discontinue development and bug fixes for these formats in Nexpose.
For more information see the Report_XML_Export_Schema_2.0, which you can download from the Support page in the Web interface.
Vulnerability filtering makes reports more granular
When adding assets to the scope of a report, you can filter what vulnerabilities you will display for those assets to make the report more granular. For example, you may want to report on only critical vulnerabilities, or you may want to filter out potential vulnerabilities.
Virtualization security | product
vAsset management expands with more granular searches and API integration
Using the asset search filter functionality, you can now search for assets based on virtualization metadata. Creating dynamic asset groups for virtual assets based on specific criteria can be useful for analyzing different segments of your virtual environment. For example, you may want to run reports or assess risk for all the virtual assets used by your accounting department, and they are all supported by a specific resource pool. New search filters are:
- vAsset host
- resource pool
- power state
Additionally, you can now configure virtual asset connections through the API v1.2. For more information, download the API v1.2 guide from the Support page in the Web interface.
NOTE: vAsset discovery is only available in Nexpose Enterprise Edition and Nexpose Consultant Edition. To upgrade to one of these editions, please contact Rapid7.
Usability | product
Create dynamic asset groups for fingerprinted and non-fingerprinted assets
When performing filtered asset searches based on operating system, you can use two new operators (is empty and is not empty) to easily find assets with and without operating system fingerprints. This allows you to create dynamic asset groups for fingerprinted and non-fingerprinted assets. These new operators are also useful for finding assets for which scan authentication may have failed. For more information, download the user's guide from the Support page in the Web interface.
Site-specific vulnerability exceptions provide more flexibility
You can now create an exception for all instances of a vulnerability in a site. Using this scope option, you can exclude all vulnerabilities that share a site-specific compensating control, such as location of all assets behind a firewall.
Additionally, when you create any vulnerability exception, all applicable scope options are now visible, giving you more flexibility when excluding vulnerabilities from reports or risk score calculations.
New browsers supported
Support for new browsers expands your options for using the Security Console Web interface:
- Microsoft Internet Explorer 9
- Mozilla Firefox 10
- Google Chrome 16 and 17
After December 31, 2012, Rapid7 will discontinue development and bug fixes in Nexpose for the following browsers:
- Internet Explorer 7
- Firefox 3.5 and 3.6
Administration | product
- You can now specify ticket encryptions for greater control of Kerberos user authentication.
- Improvements to logging files make it easier for you to troubleshoot and debug Security Console and Scan Engine activity:
- The log file format is more readable.
- Log files are consolidated into a single directory.
- More diagnostic information is included in the logs that are sent to Technical Support.
- Unnecessary log messages are reduced.
- Limits to log file size prevent old log data from consuming disk space unnecessarily.
- Log files are consistently archived to their file size limit.
- Log messages configured for standard output display timestamps in the time zone local to the Security Console or Scan Engine installation.
For information on working with Keberos authentication and log files, download the administrator's guide from the Support page in the Web interface.
Other improvements and corrected defects | product
- A Web scanning issue has been resolved so that scans no longer run for an extremely long time when encountering a service other than HTTP on port 80.
- Graphic-rich reports, such as PCI reports, are generated faster.
- The drop-down list for Scan Engine send logs now lists Scan Engines in alphabetical order, making it easier for you to find which engines to send logs for.
- An improved detection method reduces potential false positives for the vulnerability announced in Microsoft Advisory MS10-070.
- Improved tracking of the backup process provides you with better alerts for errors that can occur in the process, such as lack of disk space.
- A number of improvements in the reporting framework prevent out-of-memory errors associated with generating and downloading of large reports.
- The fingerprinting of services that use H.323 protocol no longer causes some scans to hang.
- An issue in which the applying of a new license could disrupt Security Console-to-Scan Engine connections has been corrected.
Update improvements | product
Security Consoles can now receive new built-in policy benchmarks for which they are licensed via content-only updates.
Security content updates since 5.1
- We have released checks for more than 4900 vulnerabilities since the 5.1 release.
- Bi-monthly vulnerability check updates now also include: Adobe, Apache, Apple, BIND, CentOS, Cisco devices, IBM AIX, Java Runtime Environment, Mozilla, OpenSSL, Oracle Linux, PHP, Red Hat Enterprise Linux, Solaris, and VMware.
- Since the 5.1 release, new or expanded vulnerability checks have been created for Microsoft Office products on Mac OS X, Mozilla Thunderbird, and Mozilla SeaMonkey.
- Nexpose now performs more than 85,100 checks for more than 27,700 vulnerabilities.
Product update IDs
- Linux 32 | Update ID: 3036809376
- Linux 64 | Update ID: 2204996165
- Windows 32 | Update ID: 212730562
- Windows 64 | Update ID: 896847687
Content update IDs
Installers Released on March 21, 2012.
md5sum files Download the appropriate md5sum file to ensure that the installer was not corrupted during download:
Frequently asked questions (FAQs)
- How will I know Nexpose has updated with this specific release?
All updates are listed on the News page of the Nexpose Security Console Web interface.
- Why doesn’t the most recent date on the News page match the dates of the current updates on the Administration page?
You may occasionally notice that the most recent date on the News page does not match the dates of the current updates listed on the Nexpose Security Console administration page. The dates on the News page are official release dates. The dates on the console page indicate when updates were actually applied to your Nexpose installation.
- What are content updates, and what are product updates?
Content updates include new checks for vulnerabilities, patch verification, and compliance with security policies. Product updates include performance improvements, bug fixes, and new features in Nexpose.
- Does this dynamic self-updating cause Nexpose to restart?
Yes. You may notice Nexpose taking longer to start for the first time after installation. You may also notice it restarting more than once as it completes a required sequence of updates.
- How can I obtain more information about this release?
If you have purchased Nexpose, contact our Technical Support Team at Support@Rapid7.com. If you are using the Community version of Nexpose, go to http://community.rapid7.com.
- Where can I find announcements for other releases?
You can find all release announcements in the Rapid7 Community at https://community.rapid7.com/community/nexpose/nexpose_release_notes?view=docume nts.
Join the Rapid7 Community!
Learn tips and tricks, engage with your peers,
and keep up with the latest product developments.