System Requirements

The following system requirements are necessary to ensure you have the best experience.

Hardware requirements

The Security Console and Scan Engine hardware requirements are different because the Security Console uses significantly more resources.

The Security Console does not support running in a container. However, the Scan Engine is available as a container image on Docker Hub.

Security Console requirements:

At this time, we only support x86_64 architecture.

Asset volumeProcessorMemoryStorage
5,0004 cores16 GB1 TB
20,00012 cores64 GB2 TB
150,00012 cores128 GB4 TB
400,00012 cores256 GB8 TB

Scan Engine requirements:

At this time, we only support x86_64 architecture.

Asset volume per dayProcessorMemoryStorage
5,000 assets/day2 cores8 GB100 GB
20,000 assets/day4 cores16 GB200 GB
Operating Systems

We require an English operating system with English/United States regional settings.

64-bit versions of the following platforms are supported:

PlatformVersions
Linux
  • Ubuntu Linux 22.04 LTS (Recommended)
  • Ubuntu Linux 20.04 LTS
  • Ubuntu Linux 18.04 LTS
  • Ubuntu Linux 16.04 LTS
  • Oracle Linux 8
  • Oracle Linux 7
  • SUSE Linux Enterprise Server 12
  • Alma Linux 9
  • Rocky Linux 9
Microsoft Windows
  • Windows Server Desktop experience only. Core not supported.
    • Microsoft Windows Server 2022
    • Microsoft Windows Server 2019
    • Microsoft Windows Server 2016
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows 8.1
RedHat
  • Red Hat Enterprise Linux Server 9
  • Red Hat Enterprise Linux Server 8
  • Red Hat Enterprise Linux Server 7
  • Red Hat Enterprise Linux Server 6
CentOS
  • CentOS 7
Browsers

We support the most recent version of the following browsers:

  • Google Chrome (Recommended)
  • Mozilla Firefox
  • Mozilla Firefox ESR
  • Microsoft Edge
Firewall requirements

Security Console firewall requirements:

You must configure your firewall rules to allow outbound connectivity using Port 443. This ensures you can successfully upload data from the Security Console to the Insight Platform.

RegionRegion URLS3 (Agent Downloads only)
United States - 1us.api.endpoint.ingress.rapid7.com

us.deployment.endpoint.ingress.rapid7.com

us.exposure-analytics.insight.rapid7.com		s3.amazonaws.com
United States - 2us2.api.endpoint.ingress.rapid7.com

us2.deployment.endpoint.ingress.rapid7.com

us2.exposure-analytics.insight.rapid7.com		s3.us-east-2.amazonaws.com
United States - 3us3.api.endpoint.ingress.rapid7.com

us3.deployment.endpoint.ingress.rapid7.com

us3.exposure-analytics.insight.rapid7.com		s3.us-west-2.amazonaws.com
Europeeu.api.endpoint.ingress.rapid7.com

eu.deployment.endpoint.ingress.rapid7.com

eu.exposure-analytics.insight.rapid7.com		s3.eu-central-1.amazonaws.com
Canadaca.api.endpoint.ingress.rapid7.com

ca.deployment.endpoint.ingress.rapid7.com

ca.exposure-analytics.insight.rapid7.com		s3.ca-central-1.amazonaws.com
Japanap.api.endpoint.ingress.rapid7.com

ap.deployment.endpoint.ingress.rapid7.com

ap.exposure-analytics.insight.rapid7.com		s3-ap-northeast-1.amazonaws.com

s3.ap-northeast-1.amazonaws.com
Australiaau.api.endpoint.ingress.rapid7.com

au.deployment.endpoint.ingress.rapid7.com

au.exposure-analytics.insight.rapid7.com		s3-ap-southeast-2.amazonaws.com

s3.ap-southeast-2.amazonaws.com

For additional IP addresses for each region see Connectivity requirements.

You must also allow the Security Console to make outbound connections to updates.rapid7.com on Port 443. The Security Console connects to updates.rapid7.com regularly to check for new product versions (every 6 hours) and vulnerability/policy content (every 2 hours). With every connection, the console uploads a JSON file containing license and usage information that helps Rapid7 understand how the Security Console is being used. This upload does not contain any vulnerability assessment data from your assets or any other sensitive information on your environment.

Scan Engine firewall requirements:

If firewalls are present on your network, make sure you whitelist the necessary ports for your Security Console and Scan Engine host according to the communication method of your choice. Consult the following table for port whitelist requirements.

SourceDestinationPortProtocol
Console-to-EngineConsoleScan Engine40814TCP
Engine-to-ConsoleEngineConsole40815TCP

Ports

The ports shown in this table are the default ports used by the Security Console and Scan Engine. If you modify these default ports during the deployment procedure, make sure your firewall rules match your port modifications.