InsightVM

Enterprise

runZero integrates with Rapid7 InsightVM by importing data from the InsightVM API.

Both Rapid7 InsightVM Cloud and on-premises InsightVM are supported. For on-premises use you will need to use the InsightVM connector as a scan probe from a runZero Explorer which has network access to the InsightVM deployment.

The Insight Platform API is distinct from the InsightVM API, and is not supported.

Getting started with InsightVM

To set up the InsightVM integration, you’ll need to:

  1. Create or obtain user credentials to use with the InsightVM API.
  2. Add the InsightVM API username, password, and API URL in runZero.
  3. Activate the InsightVM connection to pull your data into runZero.

Requirements

Before you can set up the InsightVM integration:

  • Verify that you have runZero Enterprise.
  • Make sure you have administrator access to the InsightVM portal.

Step 1: Add the InsightVM credentials to runZero

  1. Go to the Credentials page in runZero. Provide a name for the credentials, like InsightVM.
  2. Choose InsightVM Username & Password from the list of credential types.
  3. Provide the following information:
    • InsightVM username - the username you want to use to connect to the InsightVM API.
    • InsightVM password - the password for your InsightVM API username.
    • InsightVM API URL - the URL of your InsightVM API instance. The expected format is https://ip:port or https://domain.tld:port.
    • InsightVM insecure - Set this to Yes if you want to attempt authentication without a verified thumbprint.
    • InsightVM thumbprints (optional)- A set of IP=SHA256:B64HASH pairs to trust for authentication. You will need to scan your InsightVM instance with runZero in order to obtain the TLS thumbprint. The TLS fingerprints service attribute report lists all previously seen fingerprints.
  4. If you want other organizations to be able to use this credential, select the Make this a global credential option. Otherwise, you can configure access on a per-organization basis.
  5. Save the credential. You’re now ready to set up and activate the connection to bring in data from InsightVM.

Step 2: Sync your InsightVM data

After you add your InsightVM credential, you’ll need to sync your data. This can be accomplished through a scan probe or a connector. Scan probes will be the right option for most users. Setting up a connector will only work for if you’re self-hosting runZero or your InsightVM instance is publicly accessible.

Step 2a: Configure the InsightVM scan probe

You can run the InsightVM integration as a scan probe so that the runZero Explorer will pull your vulnerability data into the runZero Console.

In a new or existing scan configuration:

  • Ensure that the INSIGHTVM option is set to Yes in the Probes tab.
  • Set the correct InsightVM credential to Yes in the Credentials tab.
  • Optionally, set a minimum severity and risk for ingested vulnerability scan results.

Step 2b: Configure the InsightVM connector

A connection requires you to set a schedule and choose a site. The schedule determines when the sync occurs, and the site determines where any new InsightVM-only assets are created.

  1. Activate a connection to InsightVM. You can access all available third-party connections from your inventory or tasks page.
  2. Choose the credentials you added earlier. If you don’t see the credentials listed, make sure the credentials have access to the organization you are currently in.
  3. Enter a name for the task, like InsightVM sync.
  4. Schedule the sync. A sync can be set to run on a recurring schedule or run once. The schedule will start on the date and time you have set.
  5. Under Task configuration:
  6. Activate the connection when you are done. The sync will run on the defined schedule. You can always check the Scheduled tasks to see when the next sync will occur.

Step 3: View InsightVM assets and vulnerabilities

After a successful sync, you can go to your inventory to view your InsightVM assets. These assets will have a Rapid7 icon listed in the Source column.

The InsightVM integration gathers details about vulnerabilities detected in addition to enriching asset inventory data. Go to Inventory > Vulnerabilities to view the vulnerability data provided by InsightVM.

To filter by Rapid7 assets, consider running the following queries:

Click into each asset to see its individual attributes. runZero will show you the attributes gathered from the Rapid7 scan data.