NeXpose - Creating A Site

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
24 minutes
Difficulty
Beginner
Video Transcription
00:00
>> In this video, I'm going to be showing you
00:00
how to create a site with the Nexpose.
00:00
In order to run scans,
00:00
you must set up at least one site
00:00
containing at least one asset.
00:00
A site is a group of assets assembled for
00:00
a scan by specific dedicated scan engine.
00:00
The grouping principle maybe
00:00
>> something meaningful to you,
00:00
>> such as a common geographic location,
00:00
a range of IP addresses or a specific type of scan.
00:00
To begin setting up a site,
00:00
click on the "New Site" button on the homepage.
00:00
This will bring you to the general tab
00:00
on the site configuration page.
00:00
Note that only the fields in red are required.
00:00
The first thing you want to do
00:00
is type a name for your site.
00:00
This can be anything you like,
00:00
and can be changed at any time.
00:00
You can also put a brief description for your site,
00:00
and select a level of importance
00:00
>> from the drop-down list.
00:00
>> Importance level [inaudible] wants
00:00
to risk back to the Nexpose,
00:00
you just calculate a risk index for each site.
00:00
Once you've given your site a name,
00:00
click on "Next" in the upper right-hand corner.
00:00
This will bring you to the devices page where you
00:00
list all of your target assets for your new site.
00:00
You can enter the addresses in
00:00
the text box labeled devices to scan.
00:00
Addresses may incorporate any valid Nexpose convention,
00:00
including adding notation,
00:00
fully qualified domain name,
00:00
host name, or just a range of IP addresses.
00:00
You also have the option to import
00:00
a text file that lists the assets you want to scan.
00:00
You can do so by clicking on the Browse button,
00:00
and selecting the appropriate text file.
00:00
Nexpose also has the ability to blacklist
00:00
any devices that do not want scan within the site.
00:00
To prevent assets from being scanned,
00:00
enter the addresses in
00:00
the box labeled devices to exclude.
00:00
You can also import a text file just as before.
00:00
You can also exclude assets
00:00
>> from being scanned in all of
00:00
>> your sites throughout your deployment
00:00
on a global device exclusion page,
00:00
which is found under the administration tab.
00:00
Once you've specified all of your target assets,
00:00
you can move on to the scan settings
00:00
page by clicking on "Next."
00:00
[NOISE] Here you will select,
00:00
scan template and scan engine to perform scans.
00:00
The default is a full audit scan template
00:00
which includes all but policy checks.
00:00
As you can see, there are a number of
00:00
others built-in as well.
00:00
If you like to see more details on any of them,
00:00
you can click on the Browse button right here.
00:00
For the purpose of the video,
00:00
I'm going to go ahead and stick with the full audit.
00:00
Next, you would choose the engine that you would
00:00
like to actually perform the scans.
00:00
The default is a local scan engine,
00:00
which is the one built into the Nexpose console.
00:00
If you've deployed distributed engines,
00:00
there'll be listed here and you can
00:00
specify which one to use.
00:00
If you'd like to automate your scans,
00:00
you can click on the Enable schedule button,
00:00
and specify a time and date.
00:00
[NOISE]
00:00
If you are configuring your recurring scan,
00:00
you would just need to specify
00:00
whether you would like an Nexpose to restart from
00:00
the beginning or continue
00:00
where the last scheduled scan left off.
00:00
[NOISE] Once you've specified all of the scan settings,
00:00
you can go back up and click on Next.
00:00
[NOISE] This will bring you to the alerting tab,
00:00
where you can optionally set up Nexpose
00:00
to alert certain scanned events.
00:00
If you would like to set up an alert,
00:00
click on the "New Alert" button.
00:00
To begin, click on the Enable Alert button
00:00
to ensure that Nexpose generates the alert.
00:00
You can click the box again at
00:00
anytime to disable the alert,
00:00
if you prefer not to receive the alert
00:00
temporarily without having to delete it.
00:00
Next, just type a name for the alert.
00:00
If you'd like to limit the number
00:00
>> of alerts you receive,
00:00
>> you could do so in the box below.
00:00
After that, just choose
00:00
what you'd like to be alerted for,
00:00
and the notification method.
00:00
[NOISE] Nexpose can send alerts via SMTP e-mail,
00:00
SNMP message, or Syslog message.
00:00
Your selection here will control
00:00
what additional fields appear below this box,
00:00
with all just fill in the appropriate information.
00:00
Lastly, you can choose to limit the alert text.
00:00
Limited text alerts only include the name and severity.
00:00
This is a security option for alerts into the Internet,
00:00
or as text message to mobile devices.
00:00
Click the Save button, and
00:00
your new alert will appear in the alerting page.
00:00
The final step to configuring the site,
00:00
is setting up scanning credentials.
00:00
You do so by clicking on Next.
00:00
This step is optional,
00:00
but establishing login credentials via
00:00
scan engine enables it to perform deep checks,
00:00
inspecting assets for
00:00
a wider range of vulnerabilities such
00:00
as policy violations, adware, spyware.
00:00
Additionally, credential scans can check for
00:00
software applications and packages such as hotbeds.
00:00
To setup credentials, click on the New Login button,
00:00
and select the desired type of
00:00
credential from the drop-down.
00:00
You can see there's a wide range of credential options.
00:00
The selection determines
00:00
other fields that appear in the form.
00:00
However, all the forms include fields for
00:00
entering some username and/or your password.
00:00
For this, I'm going to choose Microsoft Windows.
00:00
Also, if you are supplying credentials,
00:00
they do need to be administrative from
00:00
Nexpose to properly run the scans.
00:00
Once you've entered in the username and password,
00:00
you're going to want to enter in a device
00:00
to test the credentials with.
00:00
Once you've done so, click on the Test Login button.
00:00
[NOISE] You should receive a login accepted message,
00:00
if Nexpose applies it's credential successfully.
00:00
Click "Okay" and remove
00:00
the device from the restricted device field.
00:00
Not doing so will cause
00:00
Nexpose to only use your credentials
00:00
on that specific device. Go ahead and click Save.
00:00
[NOISE] The new credentials
00:00
appear in the credentials page.
00:00
Note that Nexpose protects all credentials with
00:00
RSA encryption and Triple DES encryption
00:00
before storing them in its database.
00:00
After you've finished configuring the site,
00:00
click the Save button that appears
00:00
in every page of the wizard.
00:00
Your new site will now appear in the site listing.
00:00
For more information on anything
00:00
>> discussed in this video,
00:00
>> you can click on the support link
00:00
in the upper right-hand corner.
Up Next