Up
Previous Next

Sheriff CSMâ„¢

Rapid7 Nexpose

When you configure Rapid7 Nexpose to send log data to Sheriff CSM, you can use the Rapid7 Nexpose plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

DeviceDetails
Vendor Rapid7
Device Type Vulnerability Scanner
Connection Type Syslog
Data Source Name Rapid7 Nexpose
Data Source ID 1911

Integrating Rapid7 Nexpose

Before you configure the Rapid7 Nexpose integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure Rapid7 Nexpose to send Syslog messages to Sheriiff CSM
  1. Add a new configuration file to be used by rsyslog in /etc/rsyslog.d/Sheriff.conf.
  2. Add the following line to the end of the new configuration file:

    *.* @<Sheriiff CSM-IP-Address>:514
  3. Restart rsyslog:

    sudo service rsyslog restart

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://nexpose.help.rapid7.com/docs

For troubleshooting, refer to the vendor documentation:

https://nexpose.help.rapid7.com/docs/troubleshooting
Topic revision: r6 - 24 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.