Rapid7 Insights VM Cloud

1. About this document

This document serves as the integration guide for the Rapid7 InsightsVM Cloud Dashboard. It provides a step-by-step procedure for configuring the "InsightVM Cloud" integration in SAFE.

2. Introduction

This integration allows you to import assets and their vulnerabilities into SAFE from the Rapid7 InsightsVM Cloud Dashboard. These assets and vulnerabilities are discovered and scanned using the InsightsVM Security Console and are synced to the cloud dashboard at regular intervals.

Please note that this integration does not pull assets and vulnerabilities directly from the Security Console and requires a cloud dashboard setup to be in place.

For detailed instructions on setting up the cloud dashboard, please refer to the documentation: Activate Your Console on the Insight Platform | InsightVM Documentation.

To fetch assets and vulnerabilities from the Security Console, please refer to the “Rapid7 InsightsVM” connector and its documentation: Rapid7 InsightVM. This connector syncs only existing and newly discovered vulnerabilities that have not been remediated.

3. Prerequisites

1. Access required in SAFE

   1. SAFE Admin Access: Required to configure the integration

   2. Permissions on Rapid7 InsightVM Cloud Dashboard: Users must be able to view Sites, Assets, and Vulnerabilities. Any user with access can generate a User API token.

2. How to generate API secret - Managing Platform API Keys.

3. Required User Inputs:

   • Rapid7 Insights VM Cloud API URL

   • Rapid7Cloud API Secret

   • Comma separated list of site names

   • Auto Onboard New Assets

   • Update Existing Assets Metadata

   • Auto sync frequency in days

4. Generate Connection Details

1. Log in to the Rapid7 InsightsVM Cloud Dashboard with a user account that has access to view Assets, Vulnerabilities, and Sites.

2. Navigate to the Settings in the top right corner of the page and click on API Keys.
   

3. Click on Generate New User Key. The user-generated key will have the same access as the logged-in user.
   

4. Fill in the Organization name and enter the desired name for the key. Then, click Submit.
   

5.Configure Rapid7 InsightVM Cloud in SAFE

1. Go to the Integrations page and click the "InsightVM Cloud" card.

2. Open the Configure page.

   1. InsightVM Cloud API URL: Use the following format to fetch data via API:
      https://{region}.api.insight.rapid7.com
      Replace {region} with the value taken from the Rapid7 InsightsVM Cloud Dashboard URL (e.g., for development, use us2).

   2. Secret API Key: Use the key generated in Section 4.

   3. Site Name Filter: Enter a comma-separated list of site names to filter and pull in a specific subset of assets (e.g., test2, test3).

3. Click the Save button.

4. Click the Test Connection button to ensure that the connection status is successful.

5. Once the configuration is tested and successful, click the Sync Now button to manually trigger the sync outside the scheduled auto sync.

6. View Results of Rapid7 Cloud Assessments

After a successful sync, the Rapid7 Cloud assets are automatically imported into SAFE.

To view the assets pulled from Rapid7 Cloud:

• Navigate to Technology > Assets and filter the asset list where the signal source equals security.safe.rapid7Cloud.

• You can also view the same assets and findings on the integration’s card. Go to the Integrations page and click the "InsightVM Cloud" card.

  
  

FAQs

1. Why aren’t “remediated” vulnerabilities included?

   They are not included because they have already been resolved or controlled.

2. Why do severity labels on the InsightVM Cloud website and SAFE appear different?

   In SAFE, we follow a standard rule for determining severity based on severity scores, which can lead to differences in the severity labels displayed.