Rapid7 InsightVM
App Vendor: Rapid7
App Category: Vulnerability Management
Connector Version: 1.3.0
API Version: V3
About App
The Rapid7 InsightVM platform brings together Rapid7’s library of vulnerability research, exploit knowledge, global attacker behavior, Internet-wide scanning data, exposure analytics, and real-time reporting to provide a fully available, scalable, and efficient way to collect vulnerability data and turn it into answers. The Rapid7 InsightVM app allows you to obtain live vulnerability and endpoint analytics.
The Rapid7 InsightVM app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Get Asset Details | This action retrieves the details of an asset. |
Get Asset Service Configuration | This action retrieves the configuration (properties) of a port and protocol on an asset. |
Get Asset Service Databases | This action retrieves the databases running on a port and protocol on an asset. |
Get Asset Service Details | This action retrieves the service running a port and protocol on the asset. |
Get Discovered Services for Asset | This action retrieves the services discovered on an asset. |
Get Exploit Details | This action retrieves details of an exploit. |
Get Scan Result | This action retrieves a scan result. |
List All Known Exploits | This action lists all known exploits from the Rapid7 InsightVM database. |
List Assets | This action retrieves a list of assets. |
List Scan Results | This action lists the results of all scans. |
Perform Asset Search | This action retrieves the assets based on the specified parameters. |
Trigger Site Scan | This action triggers a site scan. |
Generic Action | This is a generic action used to make requests to any Rapid7 InsightVM endpoint. |
Configuration Parameters
The following configuration parameters are required for the Rapid7 InsightVM app to communicate with the Rapid7 InsightVM enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the InsightVM base URL. Example: https://insightvm.example.com:port | Text | Required | |
Username | Enter the username to access the Rapid7 InsightVM instance. Example: admin | Text | Required | |
Password | Enter the password to access the Rapid7 InsightVM instance. | Password | Required | |
Two Factor Enabled | Enter if you have two-factor (2FA) authentication enabled on your account. Example: True | Boolean | Optional | Allowed values:
Default value: False |
Two Factor Code | Enter your two-factor (2FA) authentication code. Example: 34dccdd26c5c99ceb3af22f392b708bf | Text | Optional | This is applicable only if you have 2FA enabled on your account. |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Rapid7 InsightVM. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is disabled. |
Action: Get Asset Details
This action retrieves the details of an asset.
Parameter | Description | Field Type | Required/Optional | Comments |
ID | Enter the asset ID. Example: 2375 | Integer | Required | You can retrieve the Asset ID using List Assets action. |
Example Request
[
{
"id": 2375
}
]Action: Get Asset Service Configuration
This action retrieves the configuration (properties) of a port and protocol on an asset.
Parameter | Description | Field Type | Required/Optional | Comments |
ID | Enter the asset ID. Example: 2375 | Integer | Required | You can retrieve the Asset ID using List Assets action. |
Protocol | Enter the protocol service. Example: • "ip" • "icmp" • "raw" | Text | Required | |
Port | Enter the port number. Example: 9100 | Integer | Required |
Example Request
[
{
"id": 2375,
"protocol": "raw",
"port": 9100
}
]Action: Get Asset Service Databases
This action retrieves the databases running on a port and protocol on an asset.
Parameter | Description | Field Type | Required/Optional | Comments |
ID | Enter the asset ID. Example: 2375 | Integer | Required | You can retrieve the Asset ID using List Assets action. |
Protocol | Enter the protocol service. Example: • "ip" • "icmp" • "raw" | Text | Required | |
Port | Enter the port number. Example: 9100 | Integer | Required |
Example Request
[
{
"id": 2375,
"protocol": "raw",
"port": 9100
}
]Action: Get Asset Service Details
This action retrieves the service running a port and protocol on the asset.
Parameter | Description | Field Type | Required/Optional | Comments |
ID | Enter the asset ID. Example: 2375 | Integer | Required | You can retrieve the Asset ID using List Assets action. |
Protocol | Enter the protocol service. Example:
| Text | Required | |
Port | Enter the port number. Example: 9100 | Integer | Required |
Example Request
[
{
"id": 2375,
"protocol": "raw",
"port": 9100
}
]Action: Get Discovered Services for Asset
This action retrieves the services discovered on an asset.
Parameter | Description | Field Type | Required/Optional | Comments |
ID | Enter the asset ID. Example: 2375 | Integer | Required | You can retrieve the Asset ID using List Assets action. |
Example Request
[
{
"id": 2375
}
]
Action: Get Exploit Details
This action retrieves details of an exploit.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Exploit ID | Enter the exploit ID to retrieve the details of an exploit. Example: "12345" | Integer | Required |
Example Request
[
{
"exploit_id": "12345"
}
]Action: Get Scan Result
This action retrieves a scan result.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Scan ID | Enter the scan ID to retrieve scan result. Example: "12345" | Integer | Required |
Example Request
[
{
"scan_id": "12345"
}
]Action: List All Known Exploits
This action lists all known exploits from the Rapid7 InsightVM database.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Page | Enter the page number for which you need to view results. Example: 2 | Integer | Optional | Use this with the Page Size parameter for pagination. Default value: 1 |
Page Size | Enter the number of records to view per page. Example: 25 | Integer | Optional | Use this with the Page parameter for pagination. Default value: 10 |
Sort | Enter the criteria to sort the results. You can separate sort parameters with a comma. Example: {"sort": "name, desc"} | Text | Optional | Allowed values:
Default value: asc |
Extra Params | Enter the extra parameters. | Key value | Optional | Allowed keys: dict |
Example Request
[
{
"page": 3,
"page_size": 25,
"sort": "name,desc"
}
]Action: List Assets
This action retrieves a list of assets.
Parameter | Description | Field Type | Required/Optional | Comments |
Page | Enter the page number to navigate to the required results page. Example: 3 | Integer | Optional | Default value: 1 |
Page Size | Enter the number of results to be displayed per page. Example: 25 | Integer | Optional | Default value: 10 |
Sort | Enter the order in which you need to sort the retrieved assets. Example: "desc" | Text | Optional | Default value: asc Allowed values: • asc • desc |
Example Request
[
{
"page": 3,
"page_size": 25,
"sort": "desc"
}
]Action: List Scan Results
This action lists the result of all scans.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Page | Enter the page number for which you want to view results. Example: 2 | Integer | Optional | Use this with the Page Size parameter for pagination. Default value: 1 |
Page Size | Enter the number of records to view per page. Example: 25 | Integer | Optional | Use this with the Page parameter for pagination. Default value: 10 |
Sort | Enter the criteria to sort the results. You can separate sort parameters with a comma. Example: {"sort": "name,desc"} | Text | Optional | Allowed values:
Default value: asc |
Extra Params | Enter the extra parameters. | Key value | Optional | Allowed keys: dict |
Example Request
[
{
"page": 3,
"page_size": 25,
"sort": "name,desc"
}
]Action: Perform Asset Search
This action retrieves the assets based on the specified parameters.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Page | Enter the page number to navigate to the required results page. Example: 3 | Integer | Optional | Default value: 1 |
Page Size | Enter the number of results to be displayed per page. Example: 25 | Integer | Optional | Default value: 10 |
Sort | Enter the order in which you need to sort the retrieved assets. Example: "desc" | Text | Optional | Default value: asc Allowed values:
|
Filters | Enter the extra parameters. | Key Value | Optional | For more information on the supported extra parameters, see Search Criteria. |
Match | Choose to retrieve the assets after matching all the parameters specified in filters or any of the parameters specified in filters. Example: "any" | Text | Optional | Default value: all Allowed values:
|
Example Request
[
{
"page": 3,
"page_size": 25,
"sort": "desc"
}
]Action: Trigger Site Scan
This action triggers a site scan.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Site ID | Enter the site ID. Example: "12345" | Integer | Required | |
Engine ID | Enter the engine ID. Example: "12345" | Integer | Required | |
Host List | Enter the hosts that should be included in the scan. Example: "192.168. 1.1" | Text | Required | You can separate hosts with a comma. Hosts can be a combination of IP addresses and hostnames. |
Scan Name | Enter a name for the scan. Example: "samplescan" | Text | Required | |
Scan Template ID | Enter the scan template ID. Example: "12345" | Integer | Required |
Example Request
[
{
"site_id": "12345",
"engine_id": "12345",
"host_list": "192.168. 1.1",
"scan_name": "samplescan",
"scan_template_id": "12345"
}
]Action: Generic Action
This is a generic action used to make requests to any Rapid7 InsightVM endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP methods to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request. Example: /assets/search | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: payload_json, custom_output, download, retry_wait, retry_count, files, filename, response_type |
Example Request
[
{
"method": "POST",
"endpoint": "/assets/search",
"extra_fields": {},
"query_params": {
"page": "0",
"size": "100"
}
}
]