 |
You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>PluginManagement>ConfigureLogForwardingOnCommonlyUsedDataSources>Rapid7Nexpose (24 Jun 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next Sheriff CSMâ„¢
Previous Next Sheriff CSMâ„¢
Rapid7 Nexpose
When you configure Rapid7 Nexpose to send log data to Sheriff CSM, you can use the Rapid7 Nexpose plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin: Plugin Information| Device | Details |
|---|---|
| Vendor | Rapid7 |
| Device Type | Vulnerability Scanner |
| Connection Type | Syslog |
| Data Source Name | Rapid7 Nexpose |
| Data Source ID | 1911 |
Integrating Rapid7 Nexpose
Before you configure the Rapid7 Nexpose integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy). To configure Rapid7 Nexpose to send Syslog messages to Sheriiff CSM- Add a new configuration file to be used by rsyslog in
/etc/rsyslog.d/Sheriff.conf. -
Add the following line to the end of the new configuration file:
*.* @<Sheriiff CSM-IP-Address>:514
-
Restart rsyslog:
sudo service rsyslog restart
Plugin Enablement
For plugin enablement information, see Enable Plugins.Additional Resources and Troubleshooting
https://nexpose.help.rapid7.com/docs For troubleshooting, refer to the vendor documentation: https://nexpose.help.rapid7.com/docs/troubleshootingEdit | Attach | Print version | History: r6 < r5 < r4 < r3 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r6 - 24 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.