Hello all,
Custom vulnerability checks are one of the features that makes me the most exciting about InsightVM.
To leverage this functionality with more efficiency, I was wondering where I can find a list where I can use all the possible xml parameters i can use in vck files.
From the examples I saw that we can use http request etc. but does anyone know where i can find this information?
Thanks,
Emir
I know this is an old post, but just in case this is still of interest to you. If you look in the rapid7/nexpose/plugins/xsd directory for the application you’ll find .xsd XML schema files that are used for validating content. If you look through these validator files (Also very helpful to run xml linting against your new content using these files) you will see what is available and considered valid. It takes a little work when they cross reference other files but it’s mostly there. Example: vulnerability-check.xsd will list out the various valid node types in a check.vck