Rapid7 InsightVM collector
Overview
Rapid7 is a company that offers multiple tools to help you reduce risk across your entire connected environment. This goes for easily managing vulnerabilities, monitoring for malicious behavior, investigating and shutting down attacks, or just automating your operations.
This collector is focused on one of these tools, InsightVM, which helps us detect security risks to our environment, manage vulnerabilities, and quickly take action.
Configuration requirements
To run this collector, there are some configurations detailed below that you need to take into account.
Configuration | Details |
---|---|
InsightVM port | You will need to have a collector running machine with the Insights port (default : 3780) |
Server and port | You need a server and a port, which take the following form: https://{server_ip/server_name}:{InsightVM port} This is typically the address used to sign into the Rapid7 instance. |
Permissions | You will need to configure an user with the right permissions to get the data. Refer to the Vendor setup section. |
Data sources
InsightVM works by analyzing Assets (Devices) grouped in Sites with several scan templates and engines from the InsightVM server, retrieving all detected vulnerabilities and allowing us to have a general view of the risks that our environment has. The collector gets this data and sends it to the Devo platform, which will categorize all information received on tables.
InsightVM resources
Listed in the table below are the data provided by InsightsVM and how Devo treats the data:
Data source | Description | Dump type | Devo data tables |
Scans | History of processes by which the application discovers network assets and checks them for vulnerabilities. | Full dump |
|
Assets | Device/s on a network discovered during a scan. | Full dump |
|
Sites | Collection of assets that are targeted for a scan. | Full dump |
|
Vulnerabilities | Reported vulnerabilities found during a scan. | New events |
|
Dump type
The Dump type column indicates how the collector will retrieve the data in each iteration. This is an important factor to take into account when setting the request_period_in_seconds
field later in the configuration file.
Full dump: All available data.
New events: Collector saves the retrieving status to get always the latest items detected.
Configurable: There is a field in the configuration file where you can choose the dump type.
Vendor setup
The InsightVM data collector works over the installed on-premises InsightVM server, there are some requirements to run the collector, you will need to have:
A collector running in a machine with the InsightVM port (default:
3780
).A user with the necessary permissions to get the data.
Setting up user permissions
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).
Change log
Release | Released on | Release type | Details | Recommendations |
---|---|---|---|---|
|
| IMPROVEMENT bug fixing | Updated the docker base image to 1.3.0
Bug fixing
|
|
|
| IMPROVEMENT bug fixing | Improvements
Bug fixing
|
|
|
| IMPROVEMENT | Improvements:
|
|
|
| IMPROVEMENT | Improvements:
|
|
|
| IMPROVEMENT | Improvements:
|
|
| Sep 13, 2022 | IMPROVEMENT | Improvements:
|
|