Hi,
Just wondering if Rapid7 InsightVM has a daily communication channel wherein IVM users could subscribe to, to be notified via email for any new Vulnerability that was added to the fold. Kind of a news letter thing.
Right now, where checking from time to time to this site to see whats new - Vulnerability & Exploit Database
you could schedule a report of out nexpose and have it sent to those users daily. I am doing this currently with Vulnerabilities and new assets. Also from the insightVM platform I am thinking you could use the automation and select notification then choose your criteria and then choose to eMail or sms text.
If you’re just looking for noteworthy vulnerabilities without all the noise, Rapid7’s AttackerKB is a great resource. I’d recommend subscribing to new Rapid7 analyses at least.
Hi Pete,
Thanks for your input!
Though am really looking for something like a Newsletter for any added Vulnerability to the IVM Database or its detection. The one you have described above is for operations side of things, which we selectively in use right now as IVM doesnt have a way where we can directly input Authentications for its email service (for port 587/465). SMPT port 25 is blocked for us, so were currently leveraging postifx to distribute reports.
Hi Peter,
Thanks also for your input! Am already subscribed to this one just that the CVE described by this analysis is only for a select few (which I think those that matters a lot).
Am just really looking around if there is a way for us to be notified of these recent additions:
One of the best places to see new vulnerabilities that are added coverage-wise is if you login to InsightVM and go to Help > Content Updates. This will list new and updated vulnerabilities from the past week.
You can also setup notifications that will automatically send you an email or text based on whatever vulnerability and asset criteria you want to define. If you go to Automation from the left-hand InsightVM menu, you can click “+ New Automation”, then select the Notification type. In here, you can define what types of assets and vulnerabilities you want to be notified of when they’re detected in your environment. Then you can list any email addresses or phone numbers you want to receive the notification, and you’re all set.
Not sure if that’s 100% what you were looking for, but hopefully that helps. 