Select Page

Configuring Integration between Thycotic Secret Server and Rapid7 Nexpose

Configuring Integration between Thycotic Secret Server and Rapid7 Nexpose

Last month at the RSA Conference in San Francisco, Thycotic and Rapid7 announced the integration between their applications, allowing Rapid7 Nexpose to utilize Thycotic Secret Server’s web services to obtain credentials for vulnerability scanning. This enables the administrator to utilize Thycotic’s Secret Server to not only store the privileged account information but enable the constant rotation of the account’s password. This is a big security win considering that vulnerability scanners typically require elevated access to provide more comprehensive asset information and more accurate vulnerability detection.

The integration between the two applications comes in the form of a Ruby Gem and can easily be scheduled to run on a schedule based upon your needs. The script reaches out to Thycotic Secret Server, grabs the required credentials and updates those credentials within Rapid7 Nexpose.

process

 

To configure the integration to run within a Windows environment, follow the steps below:

Prerequisites:

  1. Create User Account within Thycotic Secret Server in which the script will utilize to obtain the credentials of the Rapid7 service account
  2. Create User account within Rapid7 Nexpose to use to log in and make the changes.
  3. Gather the “SiteID” for the Rapid7 Nexpose sites you wish to update the credentials for. This can be found within Rapid7 in the URL when configuring a site.
  4. Integration guide states that the secret’s name within Thycotic should match the name given to the service account within Rapid7.
  5. The script requires Environment Variable’s to be set. See step 5 below.

1.  Install RubyInstaller – I used version 2.1.6 – Make sure to check the boxes shown below during install:

rubyinstaller

 

 

 

2.  Install DevKit – I used 4.7.2 – Extract to folder i.e. C:\Dev

3.  Initialize and install DevKit by running commands below:

  • ruby dk.rb init
  • ruby dk.rb install

installs

 

 

 

 

 

4.  Download and install thycotic_nexpose gem – Version 0.0.4  was published today (5/20/2015) based upon a bug I discovered and version 0.0.5 was published with a modification that I submitted to get around certificate issues in the Windows environment (thanks to Ben @Thycotic for help with that).

  • gem install nexpose_thycotic-0.0.4.gem

gem

 

 

 

5.  Before running the script, you must set the proper Environment Variables that the script will be looking for. These variables that should be set are listed below with example values:

  • setx THYCOTIC_URL https://hostname/SecretServer/webservices/SSWebservice.asmx?wsdl
    setx THYCOTIC_USER username
    setx THYCOTIC_PASS password
    setx NEXPOSE_URL hostname <– don’t worry about putting https:// here, just use the hostname that matches the certificate.
    setx NEXPOSE_USER username
    setx NEXPOSE_PASS password

Last but not least, modify the script with the siteIDs you wish to change. This can be found at the top of the script. Modify “sites = [ 5 ]” and add the siteIDs you wish to change. IE “sites = [5,9,18,23]”

At this point you’ve met at the requirements and should be ready to run the script. Assuming you installed Ruby using the default path of C:\Ruby21, the script is found at:

  • C:\Ruby21\lib\ruby\gems\2.1.0\gems\nexpose_thycotic-0.0.4\bin \nx_thycotic.rb

Good luck and I hope this provides enough insight for you to utilize this integration. For the ‘official’ integration document, please click Integration Guide Thycotic.

 

follow

About The Author

Bryan Krausen

Bryan Krausen is currently working as a Technical Architect with experience in a vast number of platforms. Bryan has been active within the VMware vExpert community for several years and is the leader of the Louisville VMware User Group (VMUG) and Louisville AWS User Group.

Leave a reply

Your email address will not be published.