Device Security/XSOAR: Rapid7 scan showing scanning failure in Device Security Sec Portal
487
Created On 12/22/23 06:44 AM - Last Modified 06/11/25 20:36 PM
Symptom
The user reported that they failed to run the Rapid 7 scan in the IOMT portal. They have tried to scan several devices on the portal. It also took a while (one hour or two hours) to return an error.
Device Security portal Rapid7 scanning result with failed status :
Environment
- Device Security
- XSOAR
Cause
To understand the issue, first we have to understand the flow of how Device Security trigger the scanning on Rapid 7.
If we look into the flow, we can see the Device Security sec trigger scan device action on XSOAR. XSOAR will trigger the scanning process on Rapid 7.
Rapid 7 will perform the actual scanning result and send the report (CSV and PDF) back to XSOAR. XSOAR will send back the report back to Device Security security.
Screenshot below is the sample of report that will be generated by Rapid 7.
Upon checking, we found that the file generation on Rapid 7 took very long time ( More than one hour) to generate the csv file which will be the part of report to send back to XSOAR.
This will cause the Device Security sec portal to get timeout and show a fail result.
Resolution
We can tell the user that they will need to check with Rapid 7 and let Rapid 7 fix the issue.
Log below provided by Rapid7, we can see that the csv file took around 1 and a half hours to complete.
2023-12-06T05:32:30 [INFO] [Thread: critical-task-executor3] [Silo ID: default] [Report: panw_Device Security_172.16.169.36_csv_report_656feb65bccc60ae8f2c0592] [Report Config ID: 488] [Started: 2023-12-06T04:00:04] [Duration: 1:32:25.551] Finished generating report.Once Rapid7 is able to fix the slowness of CSV file generation issue, then Device Security sec portal will be showing the scanning result.
Additional Information
https://docs.paloaltonetworks.com/Device Security/Device Security-security-integration/vulnerability-scanning/integrate-Device Security-security-with-rapid7