Configuring Integration between Thycotic Secret Server and Rapid7 Nexpose
Last month at the RSA Conference in San Francisco, Thycotic and Rapid7 announced the integration between their applications, allowing Rapid7 Nexpose to utilize Thycotic Secret Server’s web services to obtain credentials for vulnerability scanning. This enables the administrator to utilize Thycotic’s Secret Server to not only store the privileged account information but enable the constant rotation of the account’s password. This is a big security win considering that vulnerability scanners typically require elevated access to provide more comprehensive asset information and more accurate vulnerability detection.
The integration between the two applications comes in the form of a Ruby Gem and can easily be scheduled to run on a schedule based upon your needs. The script reaches out to Thycotic Secret Server, grabs the required credentials and updates those credentials within Rapid7 Nexpose.
To configure the integration to run within a Windows environment, follow the steps below:
- Create User Account within Thycotic Secret Server in which the script will utilize to obtain the credentials of the Rapid7 service account
- Create User account within Rapid7 Nexpose to use to log in and make the changes.
- Gather the “SiteID” for the Rapid7 Nexpose sites you wish to update the credentials for. This can be found within Rapid7 in the URL when configuring a site.
- Integration guide states that the secret’s name within Thycotic should match the name given to the service account within Rapid7.
- The script requires Environment Variable’s to be set. See step 5 below.
1. Install RubyInstaller – I used version 2.1.6 – Make sure to check the boxes shown below during install:
2. Install DevKit – I used 4.7.2 – Extract to folder i.e. C:\Dev
3. Initialize and install DevKit by running commands below:
- ruby dk.rb init
- ruby dk.rb install
4. Download and install thycotic_nexpose gem – Version 0.0.4 was published today (5/20/2015) based upon a bug I discovered and version 0.0.5 was published with a modification that I submitted to get around certificate issues in the Windows environment (thanks to Ben @Thycotic for help with that).
- gem install nexpose_thycotic-0.0.4.gem
5. Before running the script, you must set the proper Environment Variables that the script will be looking for. These variables that should be set are listed below with example values:
- setx THYCOTIC_URL https://hostname/SecretServer/webservices/SSWebservice.asmx?wsdl
setx THYCOTIC_USER username
setx THYCOTIC_PASS password
setx NEXPOSE_URL hostname <– don’t worry about putting https:// here, just use the hostname that matches the certificate.
setx NEXPOSE_USER username
setx NEXPOSE_PASS password
Last but not least, modify the script with the siteIDs you wish to change. This can be found at the top of the script. Modify “sites = [ 5 ]” and add the siteIDs you wish to change. IE “sites = [5,9,18,23]”
At this point you’ve met at the requirements and should be ready to run the script. Assuming you installed Ruby using the default path of C:\Ruby21, the script is found at:
- C:\Ruby21\lib\ruby\gems\2.1.0\gems\nexpose_thycotic-0.0.4\bin \nx_thycotic.rb
Good luck and I hope this provides enough insight for you to utilize this integration. For the ‘official’ integration document, please click Integration Guide Thycotic.