Rapid7 Nexpose and InsightVM
  • 19 Jun 2024
  • 6 Minutes to read
  • Dark
    Light
  • PDF

Rapid7 Nexpose and InsightVM

  • Dark
    Light
  • PDF

Article summary

Rapid7 Nexpose is an on-premise vulnerability management solution, providing discovery, detection, verification, risk classification, impact analysis, reporting and mitigation.
Rapid7 InsightVM is a cloud-based vulnerability management solution that combines Rapid7’s Insight platform along with Nexpose core capabilities.

Note:

This adapter supports Rapid7 InsightVM API Version 3. If you are using Rapid7 InsightVM API v4 use the Rapid7 InsightVM adapter.

Related Enforcement Actions:
Rapid7 - Add IP Addresses to Site
Rapid7 - Remove IP Addresses from Asset
Rapid7 - Add or Remove Tag to/from Assets

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users

Parameters

  1. Host name (required) - The hostname or IP address of the Rapid7 Nexpose/InsightVM server.

  2. Port (required) - Use port 3780.

  3. User name and Password (required) - The credentials for a user account that has the Required Permissions to view site asset data.

  4. Token (for 2FA only) (optional)

    • If supplied, Axonius will use two factor authentication when communicating with the Rapid7 Nexpose/InsightVM server. If you have enabled Two Factor Authentication, specify the Two Factor Authentication token.
    • If not supplied, Axonius will not use two factor authentication when communicating with the Rapid7 Nexpose/InsightVM server.
  5. Wait time between retries (optional, default: 30) - Specify the wait time between retries when receiving errors.

  6. Fetch tags - Select whether to fetch devices tags from Rapid7 Nexpose/InsightVM.

    • If enabled, Axonius will fetch tags associated with devices data from Rapid7 Nexpose/InsightVM.
    • If disabled, Axonius will not fetch tags associated with devices data from Rapid7 Nexpose/InsightVM.
  7. Fetch installed software - Select whether to fetch installed software from Rapid7 Nexpose/InsightVM.

    • If enabled, Axonius will fetch installed software data from Rapid7 Nexpose/InsightVM.
    • If disabled, Axonius will not fetch installed software data from Rapid7 Nexpose/InsightVM.
  8. Fetch open ports - Select whether to fetch open ports from Rapid7 Nexpose/InsightVM.

    • If enabled, Axonius will fetch open ports data from Rapid7 Nexpose/InsightVM.
    • If disabled, Axonius will not fetch open ports data from Rapid7 Nexpose/InsightVM.
  9. Fetch policies - Select whether to fetch the policies associated with devices from Rapid7 Nexpose/InsightVM.

    • If enabled, Axonius will fetch policies associated with devices from Rapid7 Nexpose/InsightVM.
    • If disabled, Axonius will not fetch policies associated with devices from Rapid7 Nexpose/InsightVM.
  10. Fetch vulnerabilities - Select whether to fetch devices' vulnerabilities from Rapid7 Nexpose/InsightVM.

    • If enabled, Axonius will fetch vulnerabilities data from Rapid7 Nexpose/InsightVM.
    • If disabled, Axonius will not fetch any vulnerabilities data from Rapid7 Nexpose/InsightVM.
  11. Fetch vulnerabilities solutions - Select whether to fetch devices' vulnerabilities solutions names from Rapid7 Nexpose/InsightVM.

    • If enabled, Axonius will fetch vulnerabilities solutions names from Rapid7 Nexpose/InsightVM.
    • If disabled, Axonius will not fetch any vulnerabilities solutions names from Rapid7 Nexpose/InsightVM.
  12. Fetch policies rules - Select whether to fetch the policies rules associated with devices from Rapid7 Nexpose/InsightVM.

    • If enabled, Axonius will fetch policies rules associated with devices from Rapid7 Nexpose/InsightVM.
    • If disabled, Axonius will not fetch policies rules associated with devices from Rapid7 Nexpose/InsightVM.
  13. Site name exclude list (optional) - Specify a comma-separated list of site names to be excluded from data fetch.

    • If supplied, Axonius will not fetch devices from the specified site names.
    • If not supplied, Axonius will fetch devices from all site names.
  14. Number of simultaneous devices (optional) - Set the number of simultaneous devices received from Rapid7 Nexpose/InsightVM server to gain better control on the performance of all connections of for this adapter.

    • If not supplied, Axonius will set the number as 50.
  15. Do not fetch devices with no MAC address and no hostname - Select whether to exclude fetching devices without MAC address and without hostname.

    • If enabled, Axonius will only fetch devices having MAC address or hostname.
    • If disabled, Axonius will fetch devices even if those do not have MAC address and no hostname.
  16. Do not fetch vulnerabilities with status invulnerable - Select this option to not fetch vulnerabilities with the status of ‘invulnerable’.

  17. Tag keys include list (optional) - Enter a comma separated list of specific tags to be fetched.

  18. Allow fallback to v2 - If the on-prem InsightVM/Nexpose instance does not support v3, allow the connection to fall back to v2. This will allow the bare minimum amount of devices to be fetched. No additional enrichment can be fetched from v2 (vulnerabilities, software, etc.).

  19. Verify SSL - Select whether to verify the SSL certificate offered by the value supplied in Host name. For more details, see SSL Trust & CA Settings.

  20. HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Host name.

  21. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host name via the value supplied in HTTPS Proxy.

  22. HTTPS Proxy Password (optional) - The password to use when connecting to the value supplied in Host name via the value supplied in HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Rapid7 Nexpose and InsightVM


Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Parse user accounts for devices (required, default: true) - Select whether to fetch users information for fetched devices.

    • If enabled, all connections for this adapter will fetch also user information that is associated with the fetched devices. For example, Last Used User field.
    • If disabled, all connections for this adapter will not fetch any user information that is associated with the fetched devices.
  2. Fetch users - Select this option to fetch data for Rapid7 InsightVM users.

  3. Use IP address as part of the Axonius ID - Select this option to add the IP address to the device.id value.

  4. Calculate Last Seen from Agent and Scan data - Select this option to populate the Last Seen field with the the greater of the two dates from theLast Scan and Last Agent Import fields.

  5. Fetch asset group data for devices - Select this parameter to fetch asset group data from Rapid7 for device enrichment.

  6. Fetch devices excluded from scans - Select this option to fetch assets excluded from scans. Assets include IP addresses and ranges of addresses.

  7. Filter fetched devices - Toggle on this option to filter the devices that are fetched using InsightVM assets search filter syntax. Enter in the field an InsightVM assets search filter. Write an expression using InsightVM search filter syntax.


Note:

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

APIs

Axonius uses Rapid7 InsightVM API Version 3.

Required Permissions

The value supplied in Username must have Read access to devices.

Creating User and Password Credentials in the Rapid7 Nexpose Admin Panel

To create a read-only username and password credentials for Axonius

  1. Connect to the Rapid7 Nexpose admin panel as an admin, and navigate to the administration panel
    image.png

  2. In the Users panel, click Create to create a new account for Axonius.

    image.png

  3. From the General menu option, fill in the user details.
    If you have enabled Two Factor Authentication, generate a Two Factor Authentication token, to be used in the Rapid7 Nexpose adapter configuration in Axonius.

    image.png

Note:
To enable Two Factor Authentication:
1. As a Global Administrator, navigate to the Administration tab.
2. Click the Administer link in the Global and Console Settings section.
3. Select Enable two factor authentication.
  1. From the Roles dropdown, select User.

    image.png

  2. From the Site Access option, select Allow this user to access all sites.

    image.png

  3. From the Asset Group Access option, select Allow this user to access all asset groups.

    image.png

  4. Click Save and login at least once to the Admin panel. The user is created.

Troubleshooting

Make sure you perform monthly maintenance and tuning on your On-Premise Rapid7 Postgresql database as explained by Rapid7. This ensures optimzed Axonius fetch performance.



Was this article helpful?