Nexpose release announcements for October 2015

Document created by mglinski Employee on Oct 6, 2015Last modified by mglinski Employee on Oct 28, 2015
Version 29Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats, Rapid7 releases coverage updates for Nexpose on a weekly basis. Product IDs and installer links are added the day of the release. This page contains detailed announcements for the most recent Nexpose coverage releases:

 


This Rapid7® Nexpose® 6.0.4 release includes:

  • ability to generate reports in Traditional Chinese
  • improved checks for Microsoft Security updates
  • new and recurring coverage
  • other updates

 

Application improvements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • You can now run and view reports in Traditional Chinese, enabling members of your security team who prefer to read in this language to get the actionable data they need to address threats. Select your desired language on the Report Configuration page or on the User Preferences page, which you access by clicking your user name in the top, right corner of the user interface.
  • Searches on any Common Vulnerability Enumerator (CVE) ID now only return vulnerabilities that contain a reference to that specified CVE, so that you can view only the relevant vulnerability data you need when running these searches.
  • We have resolved an issue in which maintenance tasks related to previously generated reports could delay startup of the Security Console.
  • When you delete or remove an asset, the console now provides a clearer message about whether the asset will be removed entirely from the database, depending on whether the asset belongs to other sites. This feedback gives you a clearer understanding of how your action will affect the assets you are tracking in your environment.
  • We have corrected an issue that prevented the asset-based PCI Host Details report from generating under certain circumstances. If you are an Approved Scan Vendor or preparing for a PCI audit, this fix ensures that you can run one of the integral PCI reports.

 

Scanning improvements | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • If a slow or unresponsive HTTP connection prevents a scan from completing within a specified time period, the connection now times out, so that the scan doesn't "hang". This prevents scan resources from being held up unnecessarily.
  • We have resolved a memory issue that prevented some scans with pooled engines from completing. If you use Scan Engine pools, this improvement ensures better scan performance.
                         

Accuracy improvements | product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Certain policy rule checks for Linux operating systems are now more accurate, helping you better manage compliance for Linux assets.
  • We have fixed an incorrect CVSS score which caused PCI compliance tests to fail.
  • As part of our ongoing commitment to improving Microsoft coverage, we have resolved an issue in which scanning assets with the latest Microsoft Office non-security updates applied could trigger false positives.

 

Recurring coverage | content

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Action required: Do you whitelist the Rapid7 Update Server IP address in your firewall?

If you do, you'll need to add a new IP address, 52.3.118.139, to your whitelist in order to continue to receive Nexpose updates. We are moving the Nexpose update server (updates.rapid7.com) soon for better performance and reliability. Update your whitelist now to avoid interruptions.

 

Reminder: Upgrade the database on all your consoles to receive product updates.

Upgrade now to the latest version of PostgreSQL! You need to upgrade to take advantage of all available security coverage. Use the migration utility in the console for an easy update.

  • Remember to upgrade the database for all your consoles.
  • As of the September 9, 2015, release, you cannot access product updates without upgrading.
  • To access the migration utility, click the Learn more link in the upgrade notification in the Security Console. The utility guides you through the process and estimates how long it will take, based on your database size.
  • Note: Running automatic or manual product updates does not upgrade the database. The only way to upgrade is to use the migration utility.
  • Read this blog post: The easy button for updating your Nexpose database, which describes how easy it is to run the migration, and includes a link to a short video tutorial.
  • Read this blog post: Get on the Path to Superpowers in only 1 Hour! for more information on why it's important to upgrade PostgreSQL.

 

Have you tuned your Nexpose database?

Tuning your Nexpose database is an important best practice to ensure optimal performance for new features and core Nexpose operations, such as integrating scan data and generating reports. After you upgrade your database to the latest version (see preceding note) make sure to tune your PostgreSQL settings. See the section Tuned PostgreSQL settings in the Nexpose Administrator's Guide, which you can download from the Rapid7 community.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

Product Update IDs

  • Linux 64 | Update ID: 4259342416
  • Windows 64 | Update ID: 2888060667

 

Content update ID

  • Update ID: 3328283636

This Rapid7® Nexpose® 6.0.3 release includes:

  • an improvement to how Scan Engine pools handle engine restarts
  • improvements to CIS policy checks for Red Hat Enterprise Linux
  • new and recurring coverage
  • other updates

 

Scanning improvement | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • If a Scan Engine in a pool restarts during a scan, it will resume being available for that scan. This improvement ensures that you have maximum available resources when scanning with a pool.
               

Accuracy improvements | content

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Center for Internet Security (CIS) policy checks for Red Hat Enterprise Linux versions 5 and 6 no longer run against assets with different operating systems. If you evaluate these Red Hat systems for CIS compliance, this improvement provides more accurate overall results for a better security assessment.
  • We corrected an issue to ensure that if you enable the rule 7.4. Set Default umask for users for a CIS policy scan of RHEL 6, the scan will evaluate assets for that rule, so that you get the compliance results you need for those Red Hat targets.

 

Application improvements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • We improved the wording in the Executive Summary report to clearly distinguish between the number of assets affected by a specific vulnerability and the number of instances of that vulnerability across all assets. If you use the Executive Summary report, this improvement gives your team more precise vulnerability information to help them make more informed decisions on how to prioritize remediation efforts.
  • The option for sending logs to Technical Support using the Send Logs button on the Troubleshooting page is now enabled by default. If you encounter an issue that you quickly need to resolve, this improvement helps you to provide Support the necessary information as soon as possible.
  • An improved fingerprinting process results in the display of more accurate asset data, so that you have better insight into the software running on assets in your environment.

 

Recurring coverage | content

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Action required: Do you whitelist the Rapid7 Update Server IP address in your firewall?

If you do, you'll need to add a new IP address, 52.3.118.139, to your whitelist in order to continue to receive Nexpose updates. We are moving the Nexpose update server (updates.rapid7.com) soon for better performance and reliability. Update your whitelist now to avoid interruptions.

 

Reminder: Upgrade the database on all your consoles to receive product updates.

Upgrade now to the latest version of PostgreSQL! You need to upgrade to take advantage of all available security coverage. Use the migration utility in the console for an easy update.

  • Remember to upgrade the database for all your consoles.
  • As of the September 9, 2015, release, you cannot access product updates without upgrading.
  • To access the migration utility, click the Learn more link in the upgrade notification in the Security Console. The utility guides you through the process and estimates how long it will take, based on your database size.
  • Note: Running automatic or manual product updates does not upgrade the database. The only way to upgrade is to use the migration utility.
  • Read this blog post: The easy button for updating your Nexpose database, which describes how easy it is to run the migration, and includes a link to a short video tutorial.
  • Read this blog post: Get on the Path to Superpowers in only 1 Hour! for more information on why it's important to upgrade PostgreSQL.

 

Have you tuned your Nexpose database?

Tuning your Nexpose database is an important best practice to ensure optimal performance for new features and core Nexpose operations, such as integrating scan data and generating reports. After you upgrade your database to the latest version (see preceding note) make sure to tune your PostgreSQL settings. See the section Tuned PostgreSQL settings in the Nexpose Administrator's Guide, which you can download from the Rapid7 community.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

Product Update IDs

  • Linux 64 | Update ID: 391154042
  • Windows 64 | Update ID: 4129994532

 

Content update ID

  • Update ID: 1799273049

This Rapid7® Nexpose® 6.0.2 release provides coverage for Microsoft's October, 2015, Patch Tuesday announcement, other new and recurring coverage, and several additional improvements.

           

October Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for October 2015. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for October 2015. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets. These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

 

Accuracy improvements | content & product

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • We have improved the Untrusted TLS/SSL server X.509 certificate check. You can now validate a partial certificate chain by importing the intermediate CA certificate(s) to the trusted root certificates in the Security Console. This ensures that validation succeeds when there is sufficient information in the chain.
  • SSL-related vulnerability checks now run against SSL/TLS-enabled endpoints, even when the underlying protocol was not fingerprinted. This improvement resolves false negatives, allowing you to better understand your security posture with SSL/TLS-related vulnerabilities.
  • The application now fingerprints Cisco IPS running on adaptive security appliances (ASA) as well as standalone intrusion prevention systems (IPS) using SSH protocol, expanding your visibility into these security devices deployed in your environment.
  • The collection of service configuration scan data on SSL/TLS endpoints now includes the protocol versions and associated cipher suites supported by the service. This allows better detection of cipher suite vulnerabilities and more accurate information about what vulnerable ciphers are enabled on each endpoint, facilitating better remediation.
  • The application now fingerprints the following Hewlett-Packard products, so that you can track installations in your scan environment:
    • HP System Management Homepage
    • HP Systems Insight Manager
  • We have improved the accuracy of vulnerability coverage for Microsoft Security Bulletin MS14-011.

 

Recurring coverage | content

New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Korean documentation and Help update | product

We have updated the Korean-language documents and Help to reflect more recently introduced product features and workflows. To select a different language for viewing Help, click your user name. Then, on your Preferences page, select the language from the drop-down list labeled Display user interface in.

 

Action required: Do you whitelist the Rapid7 Update Server IP address in your firewall?

If you do, you'll need to add a new IP address, 52.3.118.139, to your whitelist in order to continue to receive Nexpose updates. We are moving the Nexpose update server (updates.rapid7.com) soon for better performance and reliability. Update your whitelist now to avoid interruptions.

 

Reminder: Upgrade the database on all your consoles to receive product updates.

Upgrade now to the latest version of PostgreSQL! You need to upgrade to take advantage of all available security coverage. Use the migration utility in the console for an easy update.

  • Remember to upgrade the database for all your consoles.
  • As of the September 9, 2015, release, you cannot access product updates without upgrading.
  • To access the migration utility, click the Learn more link in the upgrade notification in the Security Console. The utility guides you through the process and estimates how long it will take, based on your database size.
  • Note: Running automatic or manual product updates does not upgrade the database. The only way to upgrade is to use the migration utility.
  • Read this blog post: The easy button for updating your Nexpose database, which describes how easy it is to run the migration, and includes a link to a short video tutorial.
  • Read this blog post: Get on the Path to Superpowers in only 1 Hour! for more information on why it's important to upgrade PostgreSQL.

 

Have you tuned your Nexpose database?

Tuning your Nexpose database is an important best practice to ensure optimal performance for new features and core Nexpose operations, such as integrating scan data and generating reports. After you upgrade your database to the latest version (see preceding note) make sure to tune your PostgreSQL settings. See the section Tuned PostgreSQL settings in the Nexpose Administrator's Guide, which you can download from the Rapid7 community.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

Product Update IDs

  • Linux 64 | Update ID: 559402868
  • Windows 64 | Update ID: 2075018233

Content update ID

  • Update ID: 649186713

This Rapid7® Nexpose® 6.0.1 release contains corrections for scanning and display issues.

Scanning improvement | product

  • We have corrected an issue in which scans could fail to complete when multiple scans were started simultaneously.

Application improvement | product

  • We have addressed an issue that prevented some users from accessing the navigation menu in the October 7, 2015, release when the console was installed on a machine that did not have access to the Internet.

Action required: Do you whitelist the Rapid7 Update Server IP address in your firewall?

If you do, you'll need to add a new IP address, 52.3.118.139, to your whitelist in order to continue to receive Nexpose updates. We are moving the Nexpose update server (updates.rapid7.com) soon for better performance and reliability. Update your whitelist now to avoid interruptions.

 

Reminder: Upgrade the database on all your consoles to receive product updates.

Upgrade now to the latest version of PostgreSQL! You need to upgrade to take advantage of all available security coverage. Use the migration utility in the console for an easy update.

  • Remember to upgrade the database for all your consoles.
  • As of the September 9, 2015, release, you cannot access product updates without upgrading.
  • To access the migration utility, click the Learn more link in the upgrade notification in the Security Console. The utility guides you through the process and estimates how long it will take, based on your database size.
  • Note: Running automatic or manual product updates does not upgrade the database. The only way to upgrade is to use the migration utility.
  • Read this blog post: The easy button for updating your Nexpose database, which describes how easy it is to run the migration, and includes a link to a short video tutorial.
  • Read this blog post: Get on the Path to Superpowers in only 1 Hour! for more information on why it's important to upgrade PostgreSQL.

 

Have you tuned your Nexpose database?

Tuning your Nexpose database is an important best practice to ensure optimal performance for new features and core Nexpose operations, such as integrating scan data and generating reports. After you upgrade your database to the latest version (see preceding note) make sure to tune your PostgreSQL settings. See the section Tuned PostgreSQL settings in the Nexpose Administrator's Guide, which you can download from the Rapid7 community.

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

Product Update IDs

  • Linux 64 | Update ID: 2151145076
  • Windows 64 | Update ID: 3862812744

Your environment and the security landscape are constantly changing. This Rapid7® Nexpose® 6.0 release gives you the ability to automatically understand your exposure to risk as it changes and to respond effectively.

 

Enjoy the new look | product

Check out the new look-and-feel of our user interface! We've redesigned the navigation for easier use and updated the color scheme, providing you with an option to customize it based on your preference. We have also added the ability to quickly create asset groups, sites, reports, and tags anywhere in the user interface. The first time you log on after this update, take a quick tour that will get you familiar with the work space and tell you about important new features.

s_nx_60_look.jpg s_nx_left_nav.jpg

 

Automate responses to changes affecting security | product

With the Adaptive Security capability, you can create automated actions to continuously monitor, and adapt to, real-time changes in your environment, accelerating insight and action without the headaches.

  • New asset discovered: When a new asset is first discovered in your environment, add it to any site you choose, and then either scan it immediately or simply include it in the next scheduled scan for that site. When creating this action, you can use filters to define exactly what type of asset you want to take action on.
  • Known asset re-discovered: When a previously discovered asset reappears in your environment, as in the case of an employee's laptop that was off the network during a scheduled scan because the employee was working from home, scan the asset immediately, add it to another site, or tag it for future tracking in asset groups or reports. Again, you can target specific assets with filters.
  • New vulnerability coverage available: When new vulnerabilities are released in Nexpose updates, run scans right away to determine which of your sensitive assets are exposed. You can use a minimum severity, risk, or Common Vulnerability Scoring System (CVSS) score as a threshold to make sure you are tracking the threats that concern you the most.

s_nx_auto_actions_trigger_new_asset.png

 

Scan with new coverage, without a restart | content

Apply content updates without a restart! Now you can run a scan with the latest vulnerability coverage immediately, without waiting for the Security Console to shut down and start up again. Please note that some content updates need the latest product updates, and product updates still require restart. If you are a Global Administrator, you can now select whether content updates are applied automatically, whenever they are available. You can enable this setting in the Security Console Updates page, which you access from the Administration page.

 

Troubleshoot accuracy issues | product

Troubleshoot scan accuracy issues with the Asset Configuration Export (ACES) logging feature. By running a scan with ACES enabled, you can collect data related to asset fingerprinting and vulnerability check activity. The feature creates a convenient Zip archive that you can send to Technical Support for thorough analysis, so that you can address scanning issues for better accuracy and more actionable data.

s_nx_scan_template_ACES.png

 

Use Nexpose in multiple languages | product

You can now view the user interface in Korean, Japanese, or Simplified Chinese. Select your desired language by clicking your user name in the upper-right corner to access your preferences page. Multiple-language support lets native speakers of these languages on your security team use the product to gain insight into your security posture and take appropriate action. This complements the previously added ability to run reports in these three languages and share remediation guidance and other actionable information with native speakers in your organization.

 

Take advantage of Project Sonar's unique view of your Internet assets | product

A recent release has made it possible to import asset data collected by the Rapid7 Labs Project Sonar, which is an initiative to scan all Internet sites. Because Sonar provides an "outsider" view of public-facing assets, this is a useful way to get an expanded view of the attack surface of your organization's Internet presence.

  • The import process involves activating a pre-configured connection in which the Security Console queries the Sonar server for asset data from a given domain. Once you import Sonar data, you can organize the assets into dynamic asset groups and scan them for vulnerabilities or policy compliance.
  • Note that assets imported from Project Sonar do not count against your licensed asset scan limit. Any imported assets that you scan with vulnerability or policy checks will count against the limit.
  • For more information on Project Sonar, go to https://sonar.labs.rapid7.com.

 

Recurring coverage | content

  • New and updated vulnerability checks help you protect your environment against the latest threats. See all the operating systems and applications covered by these updates.

 

Action required: Do you whitelist the Rapid7 Update Server IP address in your firewall?

If you do, you'll need to add a new IP address, 52.3.118.139, to your whitelist in order to continue to receive Nexpose updates. We are moving the Nexpose update server (updates.rapid7.com) soon for better performance and reliability. Update your whitelist now to avoid interruptions.

 

Reminder: Upgrade the database on all your consoles to receive product updates.

Upgrade now to the latest version of PostgreSQL! You need to upgrade to take advantage of all available security coverage. Use the migration utility in the console for an easy update.

  • Remember to upgrade the database for all your consoles.
  • As of the September 9, 2015, release, you cannot access product updates without upgrading.
  • To access the migration utility, click the Learn more link in the upgrade notification in the Security Console. The utility guides you through the process and estimates how long it will take, based on your database size.
  • Note: Running automatic or manual product updates does not upgrade the database. The only way to upgrade is to use the migration utility.
  • Read this blog post: The easy button for updating your Nexpose database, which describes how easy it is to run the migration, and includes a link to a short video tutorial.
  • Read this blog post: Get on the Path to Superpowers in only 1 Hour! for more information on why it's important to upgrade PostgreSQL.

 

Have you tuned your Nexpose database?

Tuning your Nexpose database is an important best practice to ensure optimal performance for new features and core Nexpose operations, such as integrating scan data and generating reports. After you upgrade your database to the latest version (see preceding note) make sure to tune your PostgreSQL settings. See the section Tuned PostgreSQL settings in the Nexpose Administrator's Guide, which you can download from the Rapid7 community.

 

Buzz

 

Installer links, md5sum links, and virtual appliance links

Click here for the latest installer links, md5sum links, and virtual appliance links.

 

Product Update IDs

  • Linux 64 | 1138514786
  • Windows 64 | 4009503067

 

Content update ID

  • Update ID: 3816217482

Attachments

    Outcomes