Rapid7 Nexpose

Overview

The Rapid7 Nexpose integration connects the Praetorian Guard Platform (PGP) with your on-premises Nexpose vulnerability scanner, importing discovered assets, open services, and vulnerability scan results into a unified attack surface view. Nexpose (also known as InsightVM when deployed via the Rapid7 Insight platform) is an on-premises vulnerability management solution that scans your internal and external network infrastructure for known vulnerabilities.

By connecting Nexpose to PGP, you gain continuous visibility into the assets and vulnerabilities that Nexpose discovers during its scans. PGP correlates this internal vulnerability data with your broader attack surface context, enabling you to trace exposure from the internet to vulnerable internal hosts and prioritize remediation based on real-world reachability.

This integration operates in a read-only capacity. PGP queries the Nexpose Security Console API to retrieve asset and vulnerability data but never modifies scan configurations, policies, or remediation states in your Nexpose environment.

---

What the Integration Does

When enabled, PGP connects to your Nexpose Security Console's REST API (v3) and performs the following:

  • Asset discovery -- Paginates through all assets in your Nexpose console, extracting IP addresses, hostnames, and open services (protocol and port).

  • Vulnerability ingestion -- For each asset with known vulnerabilities, PGP retrieves the full list of vulnerability findings at both the asset level and the per-service level.

  • Severity mapping -- Each vulnerability's severity score (0--10) from Nexpose is mapped to a PGP severity level (Info, Low, Medium, High, Critical).

  • Proof artifacts -- Raw vulnerability result data from Nexpose is attached to each risk as proof, preserving the original scan evidence.

All data flows one direction: from Nexpose into PGP. Assets become PGP assets, open services become PGP attributes, and vulnerabilities become PGP risks with associated proof artifacts.

---

Prerequisites

Before setting up the integration, ensure you have:

  • A running Rapid7 Nexpose Security Console (or InsightVM console) with API access enabled

  • A Nexpose user account with at least read-only permissions to view assets, sites, and vulnerabilities

  • Network connectivity from PGP to your Nexpose console on the API port (default: TCP 3780)

  • The base URL of your Nexpose console (e.g., https://nexpose.yourcompany.com:3780)

Creating a Nexpose API User

  • Log in to your Nexpose Security Console

  • Navigate to Administration > Users

  • Click Create to add a new user

  • Set the Authentication method to Normal

  • Assign the Security Manager or Global Reader role (read-only access is sufficient)

  • Save the user and note the username and password

---

Setup

  • In PGP, go to Integrations and locate Rapid7 Nexpose (under Vulnerability Management)

  • Enter the required credentials

  • Click Connect -- PGP will validate the credentials by querying the Nexpose API before saving

Field Reference

Field

Description

Example

Console URL

The base URL of your Nexpose Security Console, including port

https://nexpose.yourcompany.com:3780

Username

Nexpose user account with API read access

pgp-readonly

Password

Password for the Nexpose user account

****

Once connected, PGP will begin syncing asset and vulnerability data on its regular integration schedule.

---

What Data Is Synced

Assets

Each asset discovered by Nexpose is imported into PGP. An asset is created for every combination of hostname and IP address reported by the scanner.

Nexpose Field

PGP Field

Description

hostnames[].name

Asset name

The hostname associated with the asset

addresses[].ip

Asset IP

The IP address of the asset

Assets that lack either a hostname or IP address are skipped.

Attributes (Services)

Open services detected on each asset are imported as PGP attributes.

Nexpose Field

PGP Field

Description

services[].protocol

Attribute type

The protocol (e.g., tcp, udp)

services[].port

Attribute value

The port number

Risks (Vulnerabilities)

Vulnerabilities are imported at both the asset level and the per-service level.

Nexpose Field

PGP Field

Description

Vulnerability ID

Risk ID

The Nexpose vulnerability identifier (e.g., ssl-cve-2014-0224)

severityScore (0--10)

Severity

Mapped to PGP severity: 0--2 = Info, 3--4 = Low, 5--6 = Medium, 7--8 = High, 9--10 = Critical

Vulnerability results

Proof artifact

Raw scan evidence attached to each risk

---

API Endpoints Used

PGP uses the Nexpose Security Console REST API v3. All requests use Basic authentication and are read-only (GET).

Purpose

Endpoint

Method

Notes

List assets

GET /api/3/assets?page={n}&size=500

GET

Paginated; retrieves all assets with addresses, hostnames, and services

Asset vulnerabilities

GET /api/3/assets/{id}/vulnerabilities?page={n}&size=500

GET

Paginated; all vulnerabilities for a given asset

Service vulnerabilities

GET /api/3/assets/{id}/services/{protocol}/{port}/vulnerabilities?page={n}&size=500

GET

Paginated; vulnerabilities specific to a service on an asset

Vulnerability detail

GET /api/3/vulnerabilities/{id}

GET

Retrieves severity score for a specific vulnerability; results are cached

PGP limits concurrent API requests to 10 parallel calls to avoid overloading your Nexpose console.

---

Troubleshooting

Issue

Cause

Fix

Connection refused or timeout

PGP cannot reach the Nexpose console on the network

Verify network connectivity and firewall rules allow PGP to reach the console URL and port (default 3780)

401 Unauthorized

Invalid username or password

Verify the credentials in PGP match a valid Nexpose user account

403 Forbidden

User account lacks sufficient permissions

Ensure the Nexpose user has at least a Global Reader or Security Manager role

No assets appearing

Nexpose has no completed scans or all assets are filtered

Confirm that Nexpose has completed at least one scan and that assets have hostnames and IP addresses

Missing vulnerabilities

Asset has no vulnerability findings in Nexpose

Verify the asset has been scanned with a policy that includes vulnerability checks

Severity shows as Info for all risks

Vulnerability detail lookup is failing

Check that the Nexpose API user has permission to read vulnerability definitions

SSL certificate errors

Nexpose console uses a self-signed certificate

Ensure the console URL uses HTTPS and that PGP can trust the certificate (contact your Praetorian team if needed)

---

Security and Data Handling

  • Read-only access -- PGP only performs GET requests against the Nexpose API. It never creates, modifies, or deletes any data in your Nexpose environment.

  • Credential storage -- Your Nexpose username and password are encrypted at rest and never exposed in logs or API responses.

  • Basic authentication -- Credentials are sent as a Base64-encoded Authorization: Basic header over HTTPS. Ensure your Nexpose console is configured with a valid TLS certificate.

  • Data residency -- Imported asset and vulnerability data is stored within your PGP tenant and subject to your organization's data retention policies.

  • Minimal permissions -- Only read-level access is required. We recommend creating a dedicated service account with the least privileges necessary.