- Visualize Rapid7 users, devices, scanners, findings, and vulnerabilities across sites in the JupiterOne graph.
- Map Rapid7 users to employees in your JupiterOne account.
- Monitor Rapid7 findings and vulnerabilities within the alerts app.
- Monitor changes to Rapid7 users, devices, scanners and sites using JupiterOne alerts.
- JupiterOne periodically fetches Rapid7 users, devices, scanners, findings, and vulnerabilities to update the graph.
- Write JupiterOne queries to review and monitor updates to the graph.
- Configure alerts to reduce the noise of findings and vulnerabilities.
- Configure alerts to take action when the JupiterOne graph changes.
- JupiterOne requires the publicly-accessible socket of the InsightsVM security console. JupiterOne also requires the username and password of an admin.
- You must have permission in JupiterOne to install new integrations.
If you need help with this integration, please contact JupiterOne Support.
Jupiterone requires the following information to complete authentication:
- The InsightVM Security Console Socket Address
- The publicly-accessible socket (host:port) of your InsightVM Security
Console. e.g.
{hostname}:3780.
- The publicly-accessible socket (host:port) of your InsightVM Security
Console. e.g.
- An InsightVM Username and Password
- Use an existing user or create a user that has the Global Administrator Role
- From the configuration Gear Icon, select Integrations.
- Scroll to the Rapid7 integration tile and click it.
- Click the Add Configuration button and configure the following settings:
- Enter the Account Name by which you'd like to identify this Rapid7 account
in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen Tag with Account Name is checked. - Enter a Description that will further assist your team when identifying the integration instance.
- Select a Polling Interval that you feel is sufficient for your monitoring
needs. You may leave this as
DISABLEDand manually execute the integration. - Enter the InsightsVM Security Console Socket Address which is publicly accessible.
- Enter the InsightsVM Username of an admin user in the security console.
- Enter the InsightsVM Password of an admin user in the security console.
- Click Create Configuration once all values are provided.
- From the configuration Gear Icon, select Integrations.
- Scroll to the Rapid7 integration tile and click it.
- Identify and click the integration to delete.
- Click the trash can icon.
- Click the Remove button to delete the integration.
The following entities are created:
| Resources | Entity _type |
Entity _class |
|---|---|---|
| Account | insightvm_account |
Account |
| Asset | insightvm_asset |
Device |
| Finding | insightvm_finding |
Finding |
| Scan | insightvm_scan |
Assessment |
| Site | insightvm_site |
Site |
| User | insightvm_user |
User |
| Vulnerability | insightvm_vulnerability |
Vulnerability |
The following relationships are created:
Source Entity _type |
Relationship _class |
Target Entity _type |
|---|---|---|
insightvm_account |
HAS | insightvm_asset |
insightvm_account |
HAS | insightvm_site |
insightvm_account |
HAS | insightvm_user |
insightvm_asset |
HAS | insightvm_finding |
insightvm_finding |
IS | insightvm_vulnerability |
insightvm_site |
MONITORS | insightvm_asset |
insightvm_site |
PERFORMED | insightvm_scan |
insightvm_site |
HAS | insightvm_user |
insightvm_user |
OWNS | insightvm_asset |