Table of Contents | ||||
---|---|---|---|---|
|
Configuration requirements
To run this collector, there are some configurations detailed below that you need to take into account.
...
Configuration
...
Details
...
InsightVM port
...
You will need to have a collector running machine with the Insights port (default : 3780)
...
Server and port
You need a server and a port, which take the following form:
Code Block |
---|
https://{server_ip/server_name}:{InsightVM port} |
...
Overview
Rapid7 is a company that offers multiple tools to help you reduce risk across your entire connected environment. This goes for easily managing vulnerabilities, monitoring for malicious behavior, investigating and shutting down attacks, or just automating your operations.
This collector is focused on one of these tools, InsightVM, which helps us detect security risks to our environment, manage vulnerabilities, and quickly take action.
Configuration requirements
To run this collector, there are some configurations detailed below that you need to take into account.
Configuration | Details | ||
---|---|---|---|
InsightVM port | You will need to have a collector running machine with the Insights port (default : 3780) | ||
Server and port | You need a server and a port, which take the following form:
This is typically the address used to sign into the Rapid7 instance. | ||
Permissions | You will need to configure an user with the right permissions to get the data. Refer to the Vendor setup section. |
Overview
Rapid7 is a company that offers multiple tools to help you reduce risk across your entire connected environment. This goes for easily managing vulnerabilities, monitoring for malicious behavior, investigating and shutting down attacks, or just automating your operations.
This collector is focused on one of these tools, InsightVM, which helps us detect security risks to our environment, manage vulnerabilities, and quickly take action.
Data sources
InsightVM works by analyzing Assets (Devices) grouped in Sites with several scan templates and engines from the InsightVM server, retrieving all detected vulnerabilities and allowing us to have a general view of the risks that our environment has. The collector gets this data and sends it to the Devo platform, which will categorize all information received on tables.
InsightVM resources
...
Data sources
InsightVM works by analyzing Assets (Devices) grouped in Sites with several scan templates and engines from the InsightVM server, retrieving all detected vulnerabilities and allowing us to have a general view of the risks that our environment has. The collector gets this data and sends it to the Devo platform, which will categorize all information received on tables.
InsightVM resources
Listed in the table below are the data provided by InsightsVM and how Devo treats the data:
Data source | Description | Dump type | Devo data tables |
Scans | History of processes by which the application discovers network assets and checks them for vulnerabilities. | Full dump |
|
Assets | Device/s on a network discovered during a scan. | Full dump |
|
Sites | Collection of assets that are targeted for a scan. | Full dump |
|
Vulnerabilities | Reported vulnerabilities found during a scan. | New events |
|
...
A collector running in a machine with the InsightVM port (default:
3780
).A user with the necessary permissions to get the data.
...
Rw ui tabs macro | ||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
This data collector can be run in any machine that has the Docker service available because it should be executed as a docker container. The following sections explain how to prepare all the required setup for having the data collector running. StructureThe following directory structure should be created for use when running the Rapid7 InsightVM collector:
Devo credentialsIn Devo, go to Administration → Credentials → X.509 Certificates, download the Certificate, Private key and Chain CA and save them in Editing the config-insightvm.yaml fileIn the
Download the Docker imageThe collector should be deployed as a Docker container. Download the Docker image of the collector as a .tgz file by clicking the link in the following table:
Use the following command to add the Docker image to the system:
DockerExecute the following command on the root directory
Docker ComposeThe following Docker Compose file can be used to execute the Docker container. It must be created in the
To run the container using docker-compose, execute the following command from the
We use a piece of software called Collector Server to host and manage all our available collectors. If you want us to host this collector for you, get in touch with us and we will guide you through the configuration. |
Change Log for 1.x.x
...
Release
...
Released on
...
Release type
...
Details
We use a piece of software called Collector Server to host and manage all our available collectors. If you want us to host this collector for you, get in touch with us and we will guide you through the configuration. |
Change log
Release | Released on | Release type | Details | Recommendations | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
| Updated the docker base image to 1.3.0
Bug fixing
|
| ||||||||||||||||||
|
|
| Improvements
Bug fixing
|
| ||||||||||||||||||
|
|
| Improvements:
|
| ||||||||||||||||||
|
|
| Improvements:
|
| ||||||||||||||||||
|
|
| Improvements:
|
| ||||||||||||||||||
|
| Improvements: Recommended version
|
|
|
|
| Improvements:
|
|
|