Rapid7 InsightVM Connector User Guide
Summary: How to set up and use the Rapid7 InsightVM connector in Ivanti Neurons for RBVM.
Overview
The Ivanti Neurons for RBVM platform provides an API-based connector that integrates with Rapid7 InsightVM. This integration enables customers to bring to gain visibility of their overall network posture and achieve a simplified and efficient way to manage vulnerabilities. Ivanti Neurons for RBVM users can configure the connector to pull scan data from Rapid7 InsightVM on a periodic basis as well.
Data from Rapid7 InsightVM is ingested as hosts and host findings in Ivanti Neurons for RBVM. Refer to the data mapping section below for details.
Connector Configuration
Prerequisites
- Requires an active subscription to Ivanti Neurons for RBVM.
- Requires an active subscription to Rapid7 InsightVM.
- URL used to access the instance of Rapid7 InsightVM.
Rapid7 documentation for managing user permissions can be found here: Welcome to InsightVM | InsightVM Documentation
Connections
The following API calls are performed during a connector run to pull security vulnerabilities from Rapid7 InsightVM into Ivanti Neurons for RBVM.
|
API Type |
Endpoint |
|---|---|
|
Get All Assets |
/api/3/assets |
|
Get Vulnerability Details |
/api/3/vulnerabilities |
Platform Setup
When logged into the platform, navigate to the Automate > Integrations page.
Using the search bar in the upper-right corner of the Integrations page, type InsightVM to find the connector. Locate the Rapid7 InsightVM card under Network and click Configuration.
Complete the following required fields. These fields include:
- Connector Name: Connector name for the Ivanti Neurons platform.
- URL: Rapid7 InsightVM instance URL.
- User Name and Password: Rapid7 InsightVM user credentials.
- Network: Network name in Ivanti Neurons. Ingested assets and findings will be associated with this network.
Once the fields have been filled out, click Test Credentials to ensure the connector can connect to the Rapid7 InsightVM instance.
Additional connector configurations, such as Schedule and Optional Configurations can be set up here.
Optional Configurations
- Pull tag information from InsightVM: This will create asset tags based on the Rapid7 InsightVM labels. The default behavior is not to create tags.
- Create assets that do not have vulnerabilities: This will create assets that exist in the Rapid7 InsightVM platform when there are no vulnerabilities. The default behavior is to only create assets with vulnerabilities.
Once the connector configuration is complete, click the Save button.
When the connector is set up, a new entry for it appears at the top of the Integrations page. This connector runs once the initial setup is complete. Check the connector’s status by clicking the History button.
In the Upload Center (navigate to the Settings > Upload page), files pulled from Rapid7 InsightVM are parsed, aggregated, and filtered for display in Ivanti Neurons.
Editing a Connector Configuration
Connector configurations can be updated at any time after creation. Go to the Automate > Integrations page and select the specific connector you want to update.
Utilizing the Connector
The data from a Rapid7 InsightVM scan file is ingested into Ivanti Neurons for RBVM as hosts and host findings. The Scanner Name associated with these scans is InsightVM. Scanner Name can be used as a filter on the Hosts and Host Findings pages.
Assets
Asset data extracted from Rapid7 InsightVM scan files is shown on the Hosts page. Project and version details are also extracted from the scan file.
In the Hosts Detail pane under the Scanner Specific Information section, the scanner is listed as InsightVM.
Findings
All findings from the Rapid7 InsightVM scan file are shown on the Host Findings page.
Severity Mapping
Rapid7 InsightVM reports severity on the same 0.0-10.0 scale used by Ivanti Neurons for RBVM with no modification.
Connector Data Mapping
This table maps the high-level fields from Rapid7 InsightVM with that of the Ivanti Neurons for RBVM platform.
Note: Ivanti Neurons for RBVM for provides vulnerability counts per project rather than at the component level. Users can also filter findings based on each component and risk type.
|
Hosts |
Platform field |
InsightVM Field |
|
Hostname |
host_name |
|
|
InsightVM Asset ID |
id |
|
|
IP Address |
ip |
|
|
Last Discovered On |
last_assessed_for_vulnerabilities |
|
|
Mac Address |
mac |
|
|
InsightVM OS Architecture |
os_architecture |
|
|
|
Operating System |
os_description |
|
|
InsightVM Risk Score |
risk_score |
|
|
InsightVM Assessed for Policies |
assessed_for_policies |
|
|
InsightVM Assesed for vulnerabilities |
assessed_for_vulnerabilities |
|
|
Tags |
tags.Type:name |
|
Host Findings |
InsightVM Check ID |
assets.check_id |
|
|
Finding First Discovered On |
assets.first_found |
|
|
InsightVM Key |
assets.key |
|
|
Finding Last Discovered On |
assets.last_found |
|
|
InsightVM NIC |
assets.nic |
|
|
port |
assets.port |
|
|
InsightVM Proof |
assets.proof |
|
|
protocol |
assets.protocol |
|
|
solution |
assets.solution_fix |
|
|
InsightVM Solution ID |
assets.solution_id |
|
|
InsightVM Solution Summary |
assets.solution_summary |
|
|
InsightVM Solution Type |
assets.solution_type |
|
|
InsightVM Check Status |
assets.status |
|
|
Plugin ID - Unique finding identifier+port |
assets.vulnerability_id |
|
|
Finding First Discovered On-Redundant |
vulnerabilities.added |
|
|
InsightVM Categories |
vulnerabilities.categories |
|
|
InsightVM CVES |
vulnerabilities.cves |
|
|
InsightVM Denial of Sevice |
vulnerabilities.denial_of_service |
|
|
Description |
vulnerabilities.description |
|
|
InsightVM Exploits |
vulnerabilities.exploits |
|
|
Plugin ID - Unique finding identifier+port - MATCH THIS |
vulnerabilities.id |
|
|
InsightVM References |
vulnerabilities.references |
|
|
InsightVM Malware Kits |
vulnerabilities.malware_kits |
|
|
Finding Last Discovered On - Redundant |
vulnerabilities.modified |
|
|
InsightVM PCI CVSS Score |
vulnerabilities.pci_cvss_score |
|
|
InsightVM PCI Fail |
vulnerabilities.pci_fail |
|
|
InsightVM PCI Severity Score |
vulnerabilities.pci_severity_score |
|
|
InsightVM PCI Special Notes |
vulnerabilities.pci_special_notes |
|
|
InsightVM PCI Status |
vulnerabilities.pci_status |
|
|
InsightVM Published |
vulnerabilities.published |
|
|
InsightVM Risk Score |
vulnerabilities.risk_score |
|
|
Severity |
vulnerabilities.severity |
|
|
Scanner Reported Severity |
vulnerabilities.severity_score |
|
|
Title |
vulnerabilities.title |