Rapid7

Enterprise

runZero integrates with Rapid7’s InsightVM and Nexpose to enrich your asset inventory and gain visibility into vulnerabilities detected in your environment.

How runZero maps Rapid7 hosts to assets:

  • For Rapid7 hosts that can be matched to an existing runZero asset, asset-level attributes such as IP address, hostname, and MAC address will be updated, and Rapid7-specific attributes will be added.

  • For hosts that cannot be matched with an existing runZero asset, a new asset will be created in the site specified when the integration task is set up.

runZero is able to merge existing assets with Rapid7 data when the MAC address, hostname, or IP address overlaps. Rapid7 hosts can also be manually merged into runZero assets using the Merge button on the Asset Inventory page.

Asset inventory

There is a column on the asset inventory page showing the count of vulnerabilities detected by Rapid7 for each asset. When a single asset is selected, the vulnerabilities table lists all the results related to that asset. The vulnerability count can be impacted by the type of vulnerability scan as well as the import settings selected.

Vulnerabilities table

The Vulnerabilities tab of the inventory lists all vulnerability results that have been imported from Rapid7. The table lists every result, and selecting a result will take you to the page for the impacted asset.

Severity and risk scores

Rapid7 assigns all vulnerabilities a severity rating (Moderate, Severe, or Critical) based on the vulnerability’s CVSSv2 score. runZero normalizes the severities shown the vulnerability inventory to be consistent across the runZero Console.

runZero Severity Rapid7 Severity CVSS Range
Info Moderate 0.0
Medium Moderate 0.1 - 3.4
High Severe 3.5 - 7.4
Critical Critial 7.5 - 10.0

runZero will also normalize risk scores assigned by Rapid7. A risk score of 0.0 will be shown as none in the runZero Console, and all other risk scores will match the assigned severity level.