5 min
IT Ops
Troubleshooting with Nexpose Logs
Nexpose is the industry
standard in Vulnerability Management, giving you the confidence you need to
understand your ever-changing attack surface, focus on what matters, and create
better security outcomes.
Table of contents
* Where are the Nexpose logs located?
* Setting up the Logentries Agent
* Analyzing the logs- mem.log
* nsc.log
* auth.log
* Get started
-------------------------------
2 min
IT Ops
Using Logs for Security & Compliance: Part 3
This 3-part series explores the critical role logs play in maintaining
regulatory compliances and provides specific examples of known events to look
for an how to evaluate different compliance tools.
--------------------------------------------------------------------------------
When it comes to PCI Compliance
, simply collecting and
storing your logs isn’t enough.
2 min
Public Policy
I've joined Rapid7!
Hello! My name is Harley Geiger and I joined Rapid7 as director of public
policy, based out of our Washington, DC-area office. I actually joined a little
more than a month ago, but there's been a lot going on! I'm excited to be a part
of a team dedicated to making our interconnected world a safer place.
Rapid7 has demonstrated a commitment to helping promote legal protections for
the security research community. I am a lawyer, not a technologist, and part of
the value I hope to add is as a repr
5 min
IT Ops
Considering the Explosive Growth of Log Analytics
You’d have to be living in a cave to not know that the practice of log analytics
in corporate IT has grown dramatically in the last 10 years. This explosion in
logging activities over the recent years is due to two factors, the maturing of
log technology and the expanded application of logging to new information
domains such as tracking user behavior, tracking page views, and tracking API
interaction, to name a few such activities.
As logging technology matures, the price goes down. Getting a
2 min
IT Ops
Using Logs for Security & Compliance: Part 2
This 3-part series explores the critical role logs play in maintaining
regulatory compliances and provides specific examples of known events to look
for an how to evaluate different compliance tools.
--------------------------------------------------------------------------------
For organizations looking to achieve and maintain PCI compliance, requirements
related to the secure retention of log data are common.
The se
3 min
Authentication
Simple Network Management Protocol (SNMP) Best Practices
By Deral Heiland, Research Lead, and Brian Tant, Senior Consultant, of Rapid7
Global Services
Over the past several years while conducting security research in the area of
Simple Network Management Protocol (SNMP) and presenting those findings at
conferences around the world we are constantly approached with the same
question: “What are the best practices for securing SNMP”?
The first thing to remember about SNMP versions 1, 2, and 2c is that the
community strings used for authentication are c
2 min
IT Ops
Using Logs for Security & Compliance: Part 1
This 3-part series explores the critical role logs play in maintaining
regulatory compliances and provides specific examples of known events to look
for an how to evaluate different compliance tools. To download the free 24-page
white paper, click here
.
--------------------------------------------------------------------------------
For organizations that need to remain compliant with specific regulatory
standards, requ
2 min
Windows
Nexpose Remote Registry Activation for Windows
The Windows Registry is a database which stores all settings for a Windows
system, e.g. hardware, software installed, Windows updates installed and
preferences for users and their applications. During normal day to day use a
standard user will inadvertently push changes into this database when they
update the system, add/remove applications and so on.
Remote Registry is a Windows service which allows a non-local user to read or
make changes to the registry on your Windows system when they are
1 min
Metasploit
Six Wonderful Years
Rapid7 has been my home for the last six years, growing from 98 people when I
joined to over 700 today. Keeping up with the growth has been both exhilarating
and terrifying. I am really proud of our Austin team, the Metasploit ecosystem,
and our leadership in security research. We care about our customers, our
employees, and our impact in the industry. Working at Rapid7 has simply been the
best job I have ever had.
We have surpassed every goal that I set when I joined in 2009. Metasploit is
thr
2 min
Vulnerability Disclosure
R7-2015-26: Advantech EKI Dropbear Authentication Bypass (CVE-2015-7938)
While looking into the SSH key issue outlined in the ICS-CERT ISCA-15-309-01
advisory, it became
clear that the Dropbear SSH daemon did not enforce authentication, and a
possible backdoor account was discovered in the product. All results are from
analyzing and running firmware version 1322_D1.98, which was released in
response to the ICS-CERT advisory.
This issue was discovered and disclosed as part of research resulting in
Rapid7's dis
2 min
IT Ops
Analyzing ELB Log Data
Thanks to some slick work from our engineering team, we have recently released a
lightweight python script that will allow you to pull your Elastic Load Balancer
logs from S3 into Logentries.
In this implementation, we use AWS Lambda and leverage the S3 trigger, so the
script only runs when needed.
The full documentation is available here:
https://logentries.com/doc/s3-ingestion-with-lambda/
1 min
IT Ops
Introducing a Buildbot status plugin for pushing status updates to Logentries
Buildbot is a framework for building continuous deployment and integration
systems, it is highly flexible and is written in python. It is also a mature
system which a number of large projects use e.g. Mozilla, Chromium, Python – see
trac.buildbot.net/wiki/SuccessStories
To send build status information — specifically Start, Success and Failure
states from Buildbot to Logentries — start by generating a log token from
Logentries.
4 min
Metasploit
12 Days of HaXmas: Metasploit End of Year Wrapup
This is the seventh post in the series, "The 12 Days of HaXmas."
It's the last day of the year, which means that it's time to take a moment to
reflect on the ongoing development of the Metasploit Framework, that de facto
standard in penetration testing, and my favorite open source project around.
While the acquisition of Metasploit way back in 2009 was met with some healthy
skepticism, I think this year, it's easy to say that Rapid7's involvement with
Metasploit has been an enormously positive
4 min
Metasploit
512 Days of HaXmas: Metasploit's IoT WebApp Login Support
This is the sixth post in the series, "The Twelve Days of HaXmas."
Well, the year is coming to a close, and it's just about time for the annual
breakdown of Metasploit commit action. But before we get to that, I wanted to
take a moment to highlight the excellent work we landed in 2015 in adding new
web application login support to Metasploit. After all, who needs exploits when
your password is "public" or "admin" or "password" or any other of the very few
well-known default passwords? Maybe i
3 min
Haxmas
12 Days of HaXmas: Santa makes a list and checks it twice, do you?
This post is the fifth in the series, "The Twelve Days of HaXmas."
This is the time of the year where kids and adults alike think back over the
past year, wondering which of Santa's two lists they will be on. The nice list
is reserved for those who say "please" and "thank you", brush their teeth, and
of course, those who regularly update and practice their incident response
plans.
Santa gives presents to the children on the nice list and coal to the ones on
the naughty. When the list gets chec