Rapid7 InsightVM

Rapid7 InsightVM provides visibility and risk prioritization for vulnerabilities found in local, remote, cloud, containerized, and virtual infrastructure.

📘

Note

Axonius uses the InsightVM Cloud Integrations API. This API refers to InsightVM API v4. If you use a previous version of InsightVM that supports Rapid7 InsightVM API v3, use the Rapid7 Nexpose and InsightVM adapter.

Types of Assets Fetched

This adapter fetches the following types of assets:

• Devices
• Vulnerabilities
• SaaS Applications

Parameters

1. Domain (required, default: us.api.insight.rapid7.com) - The domain of the Rapid7 InsightVM server. The default domain is us.api.insight.rapid7.com. This value may vary depending on your Rapid7 accounts 'region'. More information is available under Rapid7 Supported Regions.
2. API Key (required) - An Organization API Key that has permissions to fetch all assets.

📘

Note

An organization key must be used for this connection. If your company does not allow the use of an organization key, you need to use a user-generated key which can be used with the Rapid7 Nexpose and InsightVM adapter.

5. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
6. HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Domain.
7. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Domain via the value supplied in HTTPS Proxy.
8. HTTPS Proxy Password (optional) - The password to use when connecting to the value supplied in Domain via the value supplied in HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

📘

Note

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

1. Assets per page (optional, default: 150) - Set the number of assets to fetch per page.
2. Exclude devices missing all of the following: IP, Hostname, MAC (optional) - Select this option to exclude devices with no MAC address, no hostname, and no IP address from the fetch. If the devices have none of these fields it is not fetched.
3. Tag Keys Include list (optional) - Specify a comma-separated list of Tag Keys in Rapid7 InsightVM. When supplied, all connections for this adapter will only fetch devices from Rapid7 InsightVM with the Tag Keys provided in this list.
4. Swap Adapter Tag Key/Value fields - When enabled, the Tag Key will receive the name of the Tag Value, and vice versa.
   • For example, when this setting is disabled, the following tag attributes may exist:
     • Tag Key: Server
     • Tag Value: CUSTOM
   • When this setting is enabled, the tag attributes will be:
     • Tag Key: CUSTOM
     • Tag Value: Server

📘

Note

Enabling the Swap Adapter Tag Key/Value fields setting will affect whether the tag is part of the Tag Keys include list or not. Example:

• If MyKey is part of the Tag Keys include list, a tag such as Tag Key: MyKey; Tag Value: MyValue will be considered as part of the include list.

• If you enable Swap Adapter Tag Key/Value, the same tag will become Key: MyValue; Value: MyKey, and will no longer be considered as part of the include list.

5. Do not fetch devices without Last Seen and no hostname (optional) - Select this option to exclude devices in which Last Seen or hostname information is unavailable.
6. Do not fetch devices without a MAC address or Hostname (optional) - Select this option to exclude devices without a MAC address or hostname from the fetch. When the option is cleared, Axonius will fetch devices even if they do not have a MAC address or hostname.
7. Remediated vulnerabilities comparison date (optional) - Select a date in which device vulnerabilities are compared to determine if they were subsequently patched. For example, a device had vulnerable software on December 10, 2022. The software was updated on January 10, 2023, remediating the vulnerability; if the selected comparison date is January 1, 2023, then the vulnerability information is fetched and considered a remediated vulnerability. If no date is selected, then remediated vulnerabilities aren't fetched.
8. Relative remediated vulnerabilities comparison date (in days) - Specify a number of days to which device vulnerabilities are compared to determine if they were subsequently patched. This setting takes precedence over Remediated vulnerabilities comparison date.
9. Deduplicate devices - This API often yields the same device multiple times (matching MAC, hostname, IP). Enable this option to choose only the device with the latest last-seen timestamp.
10. Classify adapter property based on open ports - Select this option to classify the adapter property as Agent when the asset's ports 22, 135, and 445 are open and status = SUPPLIED_SUCCESS.
11. Vulnerability Advanced Settings - When you toggle this on, the following configurations become available:
    • Vulnerability Findings to Fetch - Select which vulnerability severity level to fetch. The options are Moderate, Severe, and Critical (all selected by default).
    • Fetch vulnerabilities data (default: true) - When you disable this, the adapter won't parse Device fields related to vulnerabilities: Vulnerable Software, Vulnerabilities, Rapid7 Vulnerabilities, Solution IDs, and Remediated.
    • Do not ingest duplicate CVEs (default: true) - Select this option to avoid fetching duplicate CVEs.
    • Insert both CVE and Plugin as vulnerable software - Select this option to parse each CVE ID and plugin ID in the vulnerability as vulnerable software.
12. Don’t split source vulnerabilities into CVEs - Select this option to present each source vulnerability as a vulnerability of its own, represented as a single row on the vulnerability page instead of being broken down into each CVE in the vulnerability.
13. Ingest non-CVE Rapid7 Plugin as vulnerable software - When this is enabled, Rapid7 InsightVM vulnerability findings without a CVE ID (Common Vulnerabilities and Exposures Identifier) are added to the asset's Vulnerable Software list, with the raw Rapid7 Plugin ID used as the identifier. When this is disabled, non-CVE findings are still processed as Rapid7 Vulnerabilities, but are not added to the Vulnerable Software list. This capability helps get a more comprehensive vulnerability coverage, including vendor-specific checks.
14. Only fetch devices if they have a MAC address and a hostname and an IP address - Select this option to only fetch devices that have all the previously-mentioned identifiers.

📘

Note

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

APIs

Axonius uses the InsightVM Cloud Integrations API. This API refers to InsightVM API v4. If you use a previous version of InsightVM that supports API v3, use the Rapid7 Nexpose and InsightVM adapter.

Required Ports

Axonius must be able to communicate with the value supplied in Host Name or IP Address via the following ports:

• TCP port 443

Troubleshooting

Make sure you perform monthly maintenance and tuning on your On-Premise Rapid7 Postgresql database as explained by Rapid7. This ensures optimzed Axonius fetch performance.

• Rapid7 Configuring maximum performance in an enterprise environment
• Rapid7 Planning for Capacity Requirements.

Related Enforcement Actions

• Rapid7 InsightVM - Add Assets to Scan
• Rapid7 - Remove Assets