When you configure your Rapid7 Nexpose to send log data to USM Appliance, you can use the Rapid7 Nexpose plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.
Device | Details |
---|---|
Vendor | Rapid7 |
Device Type | Vulnerability Scanner |
Connection Type | Syslog |
Data Source Name | Rapid7 Nexpose |
Data Source ID | 1911 |
Integrating Rapid7 Nexpose
Before you configure the Rapid7 Nexpose integration, you must have the IP Address of the USM Appliance Sensor.
To configure Rapid7 Nexpose to send Syslog messages to USM Appliance
- Add a new configuration file to be used by rsyslog in /etc/rsyslog.d/alienvault.conf.
-
Add the following line to the end of the new configuration file:
*.* @<USM Appliance-IP-Address>:514
-
Restart rsyslog:
sudo service rsyslog restart
Plugin Enablement
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
https://nexpose.help.rapid7.com/docs
For troubleshooting, refer to the vendor documentation: