SmartConnector for Rapid7 NeXpose XML File

SmartConnector for Rapid7 NeXpose XML File



Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.

i noticed in the configuration guide that you have on step 5 in the nexpose configuration section to create a new report, you select EXPORT, but you dont specify which XML report template to export as.  If you just export the report without selecting a report template, it creates an XML report with table information and not a proper XML document.  Can someone please clarify which output report to use.

Typically people consume the SimpleXML Report, SCAP, or XML 2.

Ideally the directions should be:

1.) Click Reports tab

2.) Create a new report

3.)Provide a report name

4.) select the 'Export' template type filter button (in between Documents and All).  this will show you the report templates for exporting to 3rd parties

5.) Select 'SimpleXML' (or whatever the proper XML file you parse)

6.) Click on Run this report

I double-checked both nCircle Scanner configuration guides and found the following. You may have had a back-level configuration guide.

For the SmartConnector for nCircle Scanner XML2 File, the following info is provided:

Format - The format for the exported data (ensure XML2 is selected).

For the SmartConnector for nCircle Scanner XML3 File, the following info is provided:

Format - The format for the exported data (ensure XML3 is selected).

Ingrid Sadler

But this is not for nCircle. Its for Nexpose

Sorry about that; I got my scanner XML connectors confused.  I'm double-checking whether Simple XML or XML 2 should be selected and will update the guide accordingly.  Thanks for your input.

Hi Ingrid,

Do you have any update on which particular XML report you guys work with?



Yes, you can specify either XML Export or XML Export 2.0. The specific answer I received was:

In the 5.5 version, Nexpose has changed the report templates, in the past, at least version 4.12 by selecting “Audit” report we could get the XML formatted they way you are expecting it. Now, if we select “Audit” Report the output is not as expected, in order to have it the way we want it is to specify either “XML Export” or “XML Export 2.0” .



I do not believe that NeXpose report in 'XML Export 2.0' format is supported yet. A file in the XML Export 2.0 format may load but certainly does not map the additional fields contained in this expanded format (like risk, associated exploit, malware kit, scan information, etc). A feature request for such has been submitted (CON-13115) but I haven't got the word that the work has been completed. Please correct me if I'm mistaken and the connector has been enhanced.

I suggest staying with the supported 'XML Export' format.

By the way in the guide, section 'For version 5.x' step 5 is incorrect and the associated screen print is not even close. I can provide corrected steps and screen print(s) if needed.


Mark Ulmer

After working with Rapid7, the configuration guide has been updated and will be part of the next SmartConnector release.  XML Export is the format to be used, as is now reflected in the guide.

Thank you Ingrid.  I'm glad I was able to help.

Hello Ingrid,

  Could you please let me know when will be the next Smart connector release.



Normal schedule is 6 weeks between SmartConnector releases.

Normally there are 2 SmartConnector releases per quarter, but there is an exception at the end of the year due to the holidays. The next one should be on or about Feb 15, 2014.

The next release for SmartConnectors is scheduled for 2/14/2014.


Does anybody have an option to 'xml split' report files from nexpose?  my export files can be 150MB and I can't possibly split my scans/exports accordingly in nexpose console in any reliable format for efficient reporting from nexpose.

Any ideas?

Documentation updates requested:

1)  In SmartConnector for Rapid7 NeXpose XML File, section: Modes of Operation - Automatic mode it is unclear if a full automatic mode is available.  This doc discusses a 'Trigger file' (not automatic in my view).  I also have found a new agent property that is not discussed and it is unknown to me the effects. The default is   agents[0].useTriggerFile=true   Would setting this value to false make a (full) automatic connector?

By the way: Qualys Scanner config does not discuss a trigger file and seems to be truly automatic upon file delivery.

2)  In the SmartConnector User Guide p.18, Scanner Connectors - It states:  "The connector checks periodically for any new reports deposited into the folder or any new jobs inserted into the database, then processes them. ..."  May I suggest adding verbiage that some may use a trigger file and refer to the specific connector guide.


Mark Ulmer

Hi All,

Im having a bit of trouble getting this connector to work, here are some questions i hope you may help with:

1. Does the connector has to be installed in the same server where nexpose is running?

2. how do you save the file to be "report.xml_done" do you just rename it?

3. When trying to set the folder for the connector to scan the files, it does not display any file, even when they were stored there, is that usual?

Thanks for your assistance!

(here is an image to represent question 3)


As development input is required for these issues, I have opened a feature request to track resolution of both of these comments (from Mark Ulmer and from Jhosemar Lopez. 

Mark, this is being addressed and will be in the next SmartConnector release.

Hi Ingrid,

Is there any news about this connector? does nexpose have a smartconnector for linux?

Best Regards

The comment from Mark Ulmer regarding trigger files has been addressed.  I am following up with development on the status of your questions.  As for NeXpose having a connector for Linux, I don't completely understand the question.  The SmartConnector for Rapid7 NeXpose File is installable on Windows or Linux platforms; there wouldn't be a separate connector for Linux.

I got the following answer from the connector developers.

Q: Does the connector have to be installed in the same server where NeXpose is running?

A: The folder must be visible to the machine where the connector is installed, so either on the same machine or mounted device.

Q: How do you save the file to be 'report.xml_done' -- do you just rename it?

A: If report.xml is what you get from the NeXpose device, you need to have ANOTHER file presejnt (could be empty), with the name report.done.  It is called a trigger file and is removed after report.xml is processed.  This is usually done by an outside script or manually.

Q: When trying to set the folder for the connector to scan the files, it does not display any file, even when they were stored there. Is that usual?

A: If you are talking about interactive mode and the connector's GUI does not display any jobs, you have to be sure that a folder has an 'absolute path name; formj, is visible from the connector's location, and file names satisfy the wildcard pattern you provide. For example, if you use report.xml, wildcard (or filter) should sat '*.xml'.  If you use compressed file report.xml_gz, filter should say '*.xml_gz.


Is Nexpose version 6.3.2 supported by Arcsight. I went through the Arcsight config guide, it shows it supports versions 4.0 through 4.12 and versions 5.5 through 5.9. I have Nexpose 6.3.2 in my environment, can someone help me with this.?


Currently 5.9 is supported and I don't see any feature requests for version 6.3.  Suggest you contact Support and open a request for new version support for 6.3.


The XML output file format has not changed through the versions.  This is compatible.


Is there a new config guide for Rapid7 nexpose version 6.4?  Seems like the config guide is outdated. Can someone help me do the integration?




Did anyone got this Connector to work with big XML-Files? We run weekly Nexpose Scans in a big environment resulting in 500MB+ Nexpose XML-Logfiles. The Connector cannot handle those and is "working" with only 1-1.4 EPS which means not even half of the Logfile is processed when a new Logfile is created a week later. It is neither the network nor the server performance which is limiting the EPS, just the broken Arcsight Connector. Unfortunataly you can't split XML Reports in Nexpose and the Arcsight support isn't helping either. Splitting the report by hand is tricky, since it destroys XML integrity and the connection between vulnerabilities and affected assets. Any ideas? 

Top Contributors
Version history
Revision #:
5 of 5
Last update:
‎2017-10-19 23:15
Updated by:
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.