Rapid7 InsightVM collector

Rapid7 InsightVM collector

Configuration requirements

To run this collector, there are some configurations detailed below that you need to take into account.





InsightVM port

You will need to have a collector running machine with the Insights port (default : 3780)


You will need to configure an user with the right permissions to get the data. Refer to the Vendor setup section.


Rapid7 is a company that offers multiple tools to help you reduce risk across your entire connected environment. This goes for easily managing vulnerabilities, monitoring for malicious behavior, investigating and shutting down attacks, or just automating your operations. 

This collector is focused on one of these tools, InsightVM, which helps us detect security risks to our environment, manage vulnerabilities, and quickly take action. 

Data sources

InsightVM works by analyzing Assets (Devices) grouped in Sites with several scan templates and engines from the InsightVM server, retrieving all detected vulnerabilities and allowing us to have a general view of the risks that our environment has. The collector gets this data and sends it to the Devo platform, which will categorize all information received on tables.

InsightVM resources

Listed in the table below are the data provided by InsightsVM and how Devo treats the data:

Data source


Dump type

Devo data tables


History of processes by which the application discovers network assets and checks them for vulnerabilities.

Full dump



Device/s on a network discovered during a scan.

Full dump



Collection of assets that are targeted for a scan.

Full dump



Reported vulnerabilities found during a scan.

New events


Dump type

The Dump type column indicates how the collector will retrieve the data in each iteration. This is an important factor to take into account when setting the request_period_in_seconds field later in the configuration file.

  • Full dump: All available data.

  • New events: Collector saves the retrieving status to get always the latest items detected.

  • Configurable: There is a field in the configuration file where you can choose the dump type.

Vendor setup

The InsightVM data collector works over the installed on-premises InsightVM server, there are some requirements to run the collector, you will need to have:

  • A collector running in a machine with the InsightVM port (default: 3780).

  • A user with the necessary permissions to get the data.

Setting up user permissions

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Change Log for 1.x.x


Released on

Release type




Released on

Release type




Sep 13, 2022



  • Upgraded underlay IFC SDK v1.3.0 to v1.4.2.

  • Updated the underlying DevoSDK package to v3.6.4 and dependencies, this upgrade increases the resilience of the collector when the connection with Devo or the Syslog server is lost. The collector is able to reconnect in some scenarios without running the self-kill feature.

  • Support for stopping the collector when a GRACEFULL_SHUTDOWN system signal is received.

  • Re-enabled the logging to devo.collector.out for Input threads.

  • Improved self-kill functionality behavior.

  • Added more details in log traces.

  • Added log traces for knowing system memory usage.



Oct 31,2022



  • Events persistence improved and moved event sending to batch processing

  • Devo Collector SDK version has been updated from 1.4.2 to 1.4.3

    • Added log traces for knowing the execution environment status (debug mode)

    • Fixes in the current puller template version

Recommended version