Nexpose
Last updated
Last updated
© 2024 PlexTrac, Inc. All rights reserved.
PlexTrac supports importing files from Nexpose in XML Export 2.0 format. Nexpose is vulnerability management software developed by Rapid7. It monitors exposures in real-time, adapts to new threats with fresh data, and provides features such as adaptive security, integrated policy scanning, and intuitive remediation reports.
Below are the field mappings from Nexpose to PlexTrac, broken up by findings and assets. If a field is not listed, PlexTrac does not currently import it.
Tables include the following columns:
Nexpose Field: the field name that appears in Nexpose
PlexTrac Field: the field name that appears in PlexTrac
Direction: displays the direction in the flow of data occurring for the integration
Nexpose Field | Direction | PlexTrac Field | Notes |
---|---|---|---|
Title | -> | Finding Title | |
Description | -> | Description | |
Solution | -> | Recommendation | |
Numerical Severity Sore Mapping | Finding Severity | ||
10 or 9 | -> | Critical | |
8 or 7 | -> | High | |
6 or 5 | -> | Medium | |
4 or 3 | -> | Low | |
2 or 1 | -> | Informational | |
CVSS Score | -> | Score Type | |
CVSS Score | -> | Label | |
CVSS Score | -> | Score Value | |
CVSS Vector | -> | Calculation | |
CVE ID | -> | CVE | |
Reference Source | -> | References | Any hyperlinked URLs will be retained. |
Exploit ID | -> | Custom Field: Nexpose Exploit Available | |
PCI Severity | -> | Custom Field: Nexpose PCI Compliance Status | |
Risk Score | -> | Custom FIeld: Nexpose Risk Score | |
Vulnerability Id | -> | Custom Field: Nexpose Vulnerability Id |
Nexpose Field | Direction | PlexTrac Field | Notes |
---|---|---|---|
Node Address | -> | Asset Name | |
Device-Type | -> | Asset Type | |
Family | -> | Operating System | |
PCI Severity | -> | PCI Compliance | |
Node Address | -> | Known Ip Addresses | |
Endpoint Port | -> | Port | |
Endpoint Service | -> | Service | |
Endpoint Protocol | -> | Protocol | |
Services | -> | Known Hostnames | Detailed results included in affected asset evidence. |