Nexpose Summary
The integration of Nexpose vulnerability management with the Centraleyezer Vulnerability Management platform enhances the import and management of security findings. This collaboration enables organizations to efficiently identify, prioritize, track, and remediate vulnerabilities, thereby bolstering their overall security posture and improving risk management.
Nexpose Key Features
Data Import:
Import applications, scan summaries, and vulnerabilities from Nexpose security tools into Centraleyezer, either on-demand or via automated schedules.
- Supported formats: CSV.
Detailed Findings:
Centraleyezer provides comprehensive request/response details for vulnerabilities detected by Nexpose tools.
Risk Scoring:
Configurable severity values for Nexpose findings, adjustable based on organizational risk policies.
Selective Data Import:
Supports filtering based on status, scan type, and severity for more precise data imports.
Considerations
The integration supports mapping one Nexpose security tool instance with one Centraleyezer instance.
Configuring a different Nexpose instance in the plugin will overwrite previously imported data.
Requirements
System Requirements:
Centraleyezer Prerequisites: Latest version of the Centraleyezer Vulnerability Management Platform recommended.
Nexpose Tool Prerequisites: API access must be enabled with proper authentication and must support export of vulnerability findings and API-based integration.
Permissions and Roles:
Centraleyezer: Requires System Admin or Application Security Manager permissions.
Nexpose Security Tools: User access for vulnerability scan information.
Import mappings require admin-level permissions.
Release Notes
Version 1.0.0:
New mappings for vulnerabilities from Nexpose security tools during scans include:
Vulnerability ID
Asset
Risk
CVE
Port
Protocol
Reply
Name
Description
Recommendation
Skill
Damage
CVSSv3 Score