Rapid7 Nexpose

When you configure your Rapid7 Nexpose to send log data to USM Appliance, you can use the Rapid7 Nexpose plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.

Plugin Information
Device Details
Vendor Rapid7
Device Type Vulnerability Scanner
Connection Type Syslog
Data Source Name Rapid7 Nexpose
Data Source ID 1911

Integrating Rapid7 Nexpose

Before you configure the Rapid7 Nexpose integration, you must have the IP Address of the USM Appliance Sensor.

To configure Rapid7 Nexpose to send Syslog messages to USM Appliance

  1. Add a new configuration file to be used by rsyslog in /etc/rsyslog.d/alienvault.conf.
  2. Add the following line to the end of the new configuration file:

    *.* @<USM Appliance-IP-Address>:514

  3. Restart rsyslog:

    sudo service rsyslog restart

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting


For troubleshooting, refer to the vendor documentation: