Insight Agent requirements - an overview
The Insight Agent has several system, network, and security policy requirements that must be satisfied to ensure your agent deployment functions as intended. These articles cover each of these requirements in detail.
Supported operating systems
Operating Systems
The Insight Agent is supported on Microsoft Windows, macOS, and various Linux distributions. This page defines what official support means for the functions of the Insight Agent software and details the support schedules for specific operating system (OS) versions.
How OS supportability affects agent functionality
The Insight Agent software receives regular updates (including new features, improvements, and defect fixes) designed to maintain agent performance for all supported OS versions. Running the agent on a supported version ensures that the agent software continues to receive these updates. Rapid7’s Customer Support team can also assist with any questions and troubleshoot any issues that arise with agents installed on supported OS versions.
Insight Agents installed on unsupported OS versions will continue to perform their usual tasks, but will not receive any software updates. Customer Support is unable to help install agents on unsupported OS versions, nor can they troubleshoot any issues that arise with agents installed on those versions. Additionally, the Insight Agent will not collect any new data for the InsightVM vulnerability content. However, due to the large amount of data the Insight Agent already collects, InsightVM itself will continue to detect vulnerabilities on the old content as well as the majority of new vulnerability content.
Supported OS versions
Refer to these tables to view the OS versions that the Insight Agent currently supports and the End-Of-Life (EOL) schedule for each.
Microsoft Windows Desktop
The Insight Agent supports Windows Desktop versions deployed with the Long-Term Servicing Channel (LTSC) where indicated.
Additional Windows requirements for InsightIDR and InsightOps subscribers
If you are installing the Insight Agent on Windows assets for use with InsightIDR or InsightOps, make sure that the event log is enabled on your assets. Refer to our InsightIDR event source documentation for more information.
Name | Version | Build | Architecture | LTSC | EOL for Insight Agent Support |
---|---|---|---|---|---|
Windows 11 | 24H2 | 26100 | x86-64, ARM64 | Yes | Oct 10, 2034 |
Windows 11 | 23H2 | 22631 | x86-64, ARM64 | - | Sep 20, 2032 |
Windows 11 | 22H2 | 22621 | x86-64, ARM64 | - | Sep 20, 2032 |
Windows 11 | 21H2 | 22000 | x86-64, ARM64 | - | Jan 13, 2032 |
Windows 10 | 22H2 | 19045 | IA-32, x86-64 | - | Sep 20, 2032 |
Windows 10 | 21H2 | 19044 | IA-32, x86-64 | Yes | Jan 13, 2032 |
Windows 10 | 21H1 | 10.0.19043 | IA-32, x86-64 | - | Jan 9, 2029 |
Windows 10 | 20H2 | 10.0.19042 | IA-32, x86-64 | - | Jan 9, 2029 |
Windows 10 | 20H1 | 10.0.19041 | IA-32, x86-64 | - | Jan 9, 2029 |
Windows 10 | 19H2 | 10.0.18363 | IA-32, x86-64 | - | Jan 9, 2029 |
Windows 10 | 19H1 | 10.0.18362 | IA-32, x86-64 | - | Jan 9, 2029 |
Windows 10 | v1809 | 10.0.17763 | IA-32, x86-64 | Yes | Jan 9, 2029 |
Windows 10 | v1803 | 10.0.17134 | IA-32, x86-64 | - | Oct 13, 2026 |
Windows 10 | v1709 | 10.0.16299 | IA-32, x86-64 | - | Oct 13, 2026 |
Windows 10 | v1703 | 10.0.15063 | IA-32, x86-64 | - | Oct 13, 2026 |
Windows 10 | v1607 | 10.0.14393 | IA-32, x86-64 | Yes | Oct 13, 2026 |
Windows 10 | v1511 | 10.0.10586 | IA-32, x86-64 | - | Oct 14, 2025 |
Windows 10 | v1507 | 10.0.10240 | IA-32, x86-64 | Yes | Oct 14, 2025 |
Microsoft Windows Server
Additional Windows requirements for InsightIDR and InsightOps subscribers
If you are installing the Insight Agent on Windows assets for use with InsightIDR or InsightOps, make sure that the event log is enabled on your assets. Refer to our InsightIDR event source documentation for more information.
Name | EOL for Insight Agent Support |
---|---|
Windows Server 2025 | Oct 10, 2034 |
Windows Server 2022 | Oct 14, 2031 |
Windows Server 2019 | Jan 09, 2029 |
Windows Server 2016 | Jan 11, 2027 |
macOS
Name | Architecture | EOL for Insight Agent Support |
---|---|---|
macOS Ventura 13 | x86-64, ARM64 | On the release day of macOS 17 in Q3 of 2026 |
macOS Monterey 12 | x86-64, ARM64 | On the release day of macOS 16 in Q3 of 2025 |
macOS Big Sur 11 | x86-64, ARM64 | On the release day of macOS 15 in Q3 of 2024 |
macOS Catalina 10.15 | x86-64 | On the release day of macOS 14 in Q3 of 2023 |
Linux
Oracle Enterprise Linux compatibility
The Insight Agent does not support Oracle Enterprise Linux on the Unbreakable Enterprise Kernel (UEK)
Additional Linux requirements for InsightIDR subscribers
If you install the Insight Agent on Linux assets for use with InsightIDR, the auditd
library must be present, but the service must be disabled. InsightIDR must have exclusive use of the auditd
service in order to successfully run the agent.job.linux.ui_realtime
job.
If your organization requires that auditd
be enabled at all times, see the auditd Compatibility Mode for Linux Assets article for instructions on how to ensure that both the Insight Agent and auditd
services can run together.
Distribution | Architecture | EOL for Insight Agent Support |
---|---|---|
Amazon Linux 2023 | x86-64, ARM64 | Dec 31, 2027 |
Amazon Linux 2 | x86-64, ARM64 | Jun 30, 2025 |
Amazon Linux 1 | x86-64 | Jun 30, 2023 |
Debian 11 | IA-32, x86-64, ARM64 | Jun 1, 2026 |
Debian 10 | IA-32, x86-64, ARM64 | Jun 1, 2024 |
Fedora 37 | x86-64 | Dec 12, 2023 |
Fedora 36 | x86-64 | May 16, 2023 |
Red Hat Enterprise Linux / Oracle Enterprise Linux / Rocky Linux 9.1 | x86-64 | May 31, 2034 |
Red Hat Enterprise Linux / Oracle Enterprise Linux / Rocky Linux 9.0 | x86-64 | May 31, 2034 |
Red Hat Enterprise Linux / Oracle Enterprise Linux / Rocky Linux 8.7 | x86-64, ARM64 | May 31, 2031 |
Red Hat Enterprise Linux / Oracle Enterprise Linux / Rocky Linux 8.6 | x86-64, ARM64 | May 31, 2031 |
Red Hat Enterprise Linux / Oracle Enterprise Linux / Rocky Linux 8.5 | x86-64, ARM64 | May 31, 2031 |
Red Hat Enterprise Linux / Oracle Enterprise Linux / Rocky Linux 8.4 | x86-64, ARM64 | May 31, 2031 |
Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 8.3 | x86-64, ARM64 | May 31, 2031 |
Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 8.2 | x86-64, ARM64 | May 31, 2031 |
Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 8.1 | x86-64, ARM64 | May 31, 2031 |
Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 8.0 | x86-64, ARM64 | May 31, 2031 |
Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 7.0-7.9 | x86-64, ARM64 | Jun 30, 2025 |
Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 6.0-6.10 | only x86-64 | Jun 30, 2024 |
SUSE Linux Enterprise Desktop 15 SP3 | x86-64 | Jan 31, 2023 |
SUSE Linux Enterprise Server 15 | x86-64, ARM64 | Jul 31, 2028 |
SUSE Linux Enterprise Server 12 | x86-64 | Oct 31, 2024 |
openSUSE LEAP 15.4 | x86-64, ARM64 | Nov 30, 2023 |
Ubuntu 23.04 | IA-32, x86-64, ARM64 | Jan 2, 2024 |
Ubuntu 22.04 | IA-32, x86-64, ARM64 | Apr 2, 2032 |
Ubuntu 20.04 | IA-32, x86-64, ARM64 | Apr 2, 2030 |
Ubuntu 18.04 | IA-32, x86-64, ARM64 | Apr 2, 2028 |
Ubuntu 16.04 | IA-32, x86-64 | Apr 2, 2026 |
Ubuntu 14.04 | IA-32, x86-64 | Apr 2, 2024 |
How to run the Insight Agent on an unsupported OS
If your organization has assets that run a version of an OS that is outside of what the Insight Agent currently supports, you can install an older, compatible version of the agent to maintain coverage. Check the unsupported OS versions table to determine the Insight Agent version range that applies to your assets, then refer to the Insight Agent Version History table to download legacy installers if they are available.
Unsupported OS versions
These tables contain the OS versions that the Insight Agent no longer supports.
Microsoft Windows Desktop
Name | Version | Architecture | Supported Insight Agent Version Range (Inclusive) | EOL for Insight Agent Support |
---|---|---|---|---|
Windows 8.1 | SP0, SP1 | IA-32, x86-64 | 1.4.7 through 3.2.5 | Jan 10, 2023 |
Windows 8 | SP0 | x86-32, x86-64 | 1.4.7 through 3.1.2 | Aug 13, 2021 |
Windows 7 | SP1 | x86-32, x86-64 | 1.4.7 through 3.1.2 | Aug 13, 2021 |
Windows 7 | SP0 | x86-32, x86-64 | 1.4.7 through 2.7.22 | Oct 14, 2020 |
Windows Vista | SP0-SP2 | x86-32, x86-64 | 1.4.7 through 2.7.22 | Aug 13, 2021 |
Windows XP | SP0-SP4 | x86-32, x86-64 | 1.4.7 through 2.7.22 | Jul 19, 2020 |
Microsoft Windows Server
Name | Supported Insight Agent Version Range (Inclusive) | EOL for Insight Agent Support |
---|---|---|
Windows Server 2012 R2 | 1.4.7 through 3.2.5 | Apr 10, 2023 |
Windows Server 2008 R2 | 1.4.7 through 3.1.2 | Aug 13, 2021 |
Windows Server 2008 | 1.4.7 through 2.7.22 | Aug 13, 2021 |
Windows Server 2003 | 1.4.7 through 2.7.22 | Dec 2, 2020 |
macOS
Name | Architecture | Supported Insight Agent Version Range (Inclusive) | EOL for Insight Agent Support |
---|---|---|---|
macOS Mojave 10.14 | x86-64 | 1.4.7 through 3.2.5 | Nov 15, 2022 |
macOS High Sierra 10.13 | x86-64 | 1.4.7 through 3.1.2 | Aug 13, 2021 |
macOS Sierra 10.12 | x86-64 | 1.4.7 through 3.1.2 | Aug 13, 2021 |
macOS El Capitan 10.11 | x86-64 | 1.4.7 through 3.1.1.9 | Aug 13, 2021 |
Linux
Distribution | Architecture | Supported Insight Agent Version Range (Inclusive) | EOL for Insight Agent Support |
---|---|---|---|
Debian 9 | x86-32, x86-64 | 1.4.7 through 3.2.5 | Jun 30, 2022 |
Debian 8 | x86-32, x86-64 | 1.4.7 through 3.1.2 | Aug 13, 2021 |
Debian 7 | x86-32, x86-64 | 1.4.7 through 2.7.22 | Aug 13, 2021 |
Debian 6 | x86-32, x86-64 | 1.4.7 through 2.7.22 | Aug 13, 2021 |
Debian 5 | x86-32, x86-64 | 1.4.7 through 2.7.22 | Aug 13, 2021 |
Fedora 35 | x86-32, x86-64 | 1.4.7 through 3.2.5 | Dec 12, 2022 |
Fedora 34 | x86-32, x86-64 | 1.4.7 through 3.2.5 | May 17, 2022 |
Fedora 33 | x86-32, x86-64 | 1.4.7 through 3.1.2 | Nov 30, 2021 |
Fedora 32 | x86-32, x86-64 | 1.4.7 through 3.1.2 | Nov 30, 2021 |
Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 5 | x86-32, x86-64 | 1.4.7 through 3.1.1.9 | Aug 13, 2021 |
Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 4 | x86-32, x86-64 | 1.4.7 through 2.7.22 | Aug 13, 2021 |
SUSE Linux Enterprise Server 11 | x86-32, x86-64 | 1.4.7 through 3.1.1 | Aug 13, 2021 |
openSUSE LEAP 15.3 | x86-64 | 1.4.7 through 3.2.5 | Nov 30, 2022 |
openSUSE 11 | x86-32, x86-64 | 1.4.7 through 3.1.1 | Aug 13, 2021 |
Ubuntu 22.10 | IA-32, x86-64, ARM64 | 1.4.7 through 3.3.1 | May 2, 2023 |
Ubuntu 21.10 | x86-32, x86-64 | 1.4.7 through 3.2.5 | Jul 31, 2022 |
Ubuntu 12.04 | x86-32, x86-64 | 1.4.7 through 3.1.2 | Aug 13, 2021 |
Ubuntu 11.04 | x86-32, x86-64 | 1.4.7 through 3.1.2 | Aug 13, 2021 |
FAQs
Can I install the Insight Agent on Docker containers?
The Insight Agent is not compatible with Docker containers. If you need a security solution for container deployment, see InsightCloudSec.
I have to run assets with legacy OS systems that are no longer supported by their vendor. Can I run an older agent version on them?
Yes, older versions of the Insight Agent are available for download.
Do I have to make changes to my agent if it is running on an OS version that is no longer supported?
No changes to the agent installation are required if your OS version is no longer supported, but be aware that the agent software will not receive any updates from that point on.
Where can I find more information and ask questions?
Check out the Rapid7 Discussion Forum to search for topics other community members have asked and answered, or feel free to share your own.
Network traffic and connectivity
Network traffic and connectivity
In order for the Insight Agent to successfully transmit data between the asset on which it is installed and the Insight Platform, your network must allow communication with a variety of endpoints through specific network ports based on the Rapid7 data storage region to which your organization is subscribed. Additionally, your network must allow agent-related data in transit to reach the Insight Platform without undergoing decryption or any other process that modifies the data from the format Rapid7 services are expecting.
This article covers all network traffic and connectivity requirements you need to be aware of, along with other common network scenarios that could impact the functionality of your agent deployment.
Insight Agent data must be excluded from SSL decryption
If your network decrypts traffic in transit to perform deep packet inspection (DPI) using a transparent proxy, Insight Agent-related data must be excluded from this process.
The Insight Platform will only accept data transmitted by an Insight Agent if the data is accompanied by the X.509 certificate that the Insight Platform is expecting. DPI technologies often replace this certificate with their own as a final step before allowing traffic to continue to its destination. Without the original certificate, the Insight Platform will not accept the data.
Network traffic allowance requirements by region
The assets on which the Insight Agent is installed (or the proxy you configure to receive all agent-related traffic) must be able to communicate with several Insight Platform endpoints for the agent to function properly and power your Insight products. Consult the following data region tables for a breakdown on what endpoints need to be reachable.
If you deploy a network traffic filtering solution that supports wildcards, each table indicates an optional wildcard endpoint that can accommodate multiple endpoint traffic allowances if you want to simplify your configuration.
Support for alternative static IP addresses
Most, but not all, endpoints documented in these sections support static IP address alternatives. You can configure traffic rules for these IP addresses (if indicated) instead of doing so for the endpoint if you prefer.
Rapid7 does not plan on changing these IP addresses in the near future. If changes are required, we'll update this document and communicate the details on the Insight Agent release notes page.
United States - 1
All endpoints listed here must be reachable through port 443.
Optional wildcard | Endpoint | Description | Supported static IP addresses |
---|---|---|---|
*endpoint.ingress.rapid7.com | endpoint.ingress.rapid7.com | Insight Agent messages and beacons. | 34.226.68.35 54.144.111.231 52.203.25.223 34.236.161.191 |
" " | us.storage.endpoint.ingress.rapid7.com | Insight Agent file uploads. | 34.226.68.35 54.144.111.231 52.203.25.223 34.236.161.191 |
" " | us.api.endpoint.ingress.rapid7.com | Insight Agent messages, beacons, and file uploads. | 34.226.68.35 54.144.111.231 52.203.25.223 34.236.161.191 |
" " | us.bootstrap.endpoint.ingress.rapid7.com | Updates for the Insight Agent software. | 34.226.68.35 54.144.111.231 52.203.25.223 34.236.161.191 |
" " | us.deployment.endpoint.ingress.rapid7.com | Certificate files for token-based Insight Agent installations. | 34.226.68.35 54.144.111.231 52.203.25.223 34.236.161.191 |
" " | us.main.endpoint.ingress.rapid7.com | Insight Agent messages and beacons. | 193.149.136.0/24 |
" " | us.storage.main.endpoint.ingress.rapid7.com | Insight Agent file uploads. | 193.149.136.0/24 |
" " | us.api.main.endpoint.ingress.rapid7.com | Insight Agent file uploads and beacons. | 193.149.136.0/24 |
*.insight.rapid7.com | data.insight.rapid7.com | Insight Agent messages, beacons, update requests, and file uploads for collection using the Rapid7 Collector. | None |
" " | us.data.insight.rapid7.com | " " | None |
" " | us.data.logs.insight.rapid7.com | Logs to InsightOps. | None |
United States - 2
All endpoints listed here must be reachable through port 443.
Optional wildcard | Endpoint | Description | Supported static IP addresses |
---|---|---|---|
*.endpoint.ingress.rapid7.com | us2.endpoint.ingress.rapid7.com | Insight Agent messages and beacons. | 13.58.19.32 3.131.127.126 3.139.243.230 |
" " | us2.storage.endpoint.ingress.rapid7.com | Insight Agent file uploads. | 13.58.19.32 3.131.127.126 3.139.243.230 |
" " | us2.api.endpoint.ingress.rapid7.com | Insight Agent messages, beacons, and file uploads. | 13.58.19.32 3.131.127.126 3.139.243.230 |
" " | us2.bootstrap.endpoint.ingress.rapid7.com | Updates for the Insight Agent software. | 13.58.19.32 3.131.127.126 3.139.243.230 |
" " | us2.deployment.endpoint.ingress.rapid7.com | Certificate files for token-based Insight Agent installations. | 13.58.19.32 3.131.127.126 3.139.243.230 |
*.insight.rapid7.com | us2.data.insight.rapid7.com | Insight Agent messages, beacons, update requests, and file uploads for collection using the Rapid7 Collector. | None |
" " | us2.data.logs.insight.rapid7.com | Logs to InsightOps. | None |
United States - 3
All endpoints listed here must be reachable through port 443.
Optional wildcard | Endpoint | Description | Supported static IP addresses |
---|---|---|---|
*.endpoint.ingress.rapid7.com | us3.endpoint.ingress.rapid7.com | Insight Agent messages and beacons. | 44.242.59.199 52.41.171.59 54.213.168.123 |
" " | us3.storage.endpoint.ingress.rapid7.com | Insight Agent file uploads. | 44.242.59.199 52.41.171.59 54.213.168.123 |
" " | us3.api.endpoint.ingress.rapid7.com | Insight Agent messages, beacons, and file uploads. | 44.242.59.199 52.41.171.59 54.213.168.123 |
" " | us3.bootstrap.endpoint.ingress.rapid7.com | Updates for the Insight Agent software. | 44.242.59.199 52.41.171.59 54.213.168.123 |
" " | us3.deployment.endpoint.ingress.rapid7.com | Certificate files for token-based Insight Agent installations. | 44.242.59.199 52.41.171.59 54.213.168.123 |
*.insight.rapid7.com | us3.data.insight.rapid7.com | Insight Agent messages, beacons, update requests, and file uploads for collection using the Rapid7 Collector. | None |
" " | us3.data.logs.insight.rapid7.com | Logs to InsightOps. | None |
Europe
All endpoints listed here must be reachable through port 443.
Optional wildcard | Endpoint | Description | Supported static IP addresses |
---|---|---|---|
*.endpoint.ingress.rapid7.com | eu.endpoint.ingress.rapid7.com | Insight Agent messages and beacons. | 3.120.196.152 3.120.221.108 18.192.78.218 |
" " | eu.storage.endpoint.ingress.rapid7.com | Insight Agent file uploads. | 3.120.196.152 3.120.221.108 18.192.78.218 |
" " | eu.api.endpoint.ingress.rapid7.com | Insight Agent messages, beacons, and file uploads. | 3.120.196.152 3.120.221.108 18.192.78.218 |
" " | eu.bootstrap.endpoint.ingress.rapid7.com | Updates for the Insight Agent software. | 3.120.196.152 3.120.221.108 18.192.78.218 |
" " | eu.deployment.endpoint.ingress.rapid7.com | Certificate files for token-based Insight Agent installations. | 3.120.196.152 3.120.221.108 18.192.78.218 |
*.insight.rapid7.com | eu.data.insight.rapid7.com | Insight Agent messages, beacons, update requests, and file uploads for collection using the Rapid7 Collector. | None |
" " | eu.data.logs.insight.rapid7.com | Logs to InsightOps. | None |
Canada
All endpoints listed here must be reachable through port 443.
Optional wildcard | Endpoint | Description | Supported static IP addresses |
---|---|---|---|
*.endpoint.ingress.rapid7.com | ca.endpoint.ingress.rapid7.com | Insight Agent messages and beacons. | 52.60.40.157 52.60.107.153 |
" " | ca.storage.endpoint.ingress.rapid7.com | Insight Agent file uploads. | 52.60.40.157 52.60.107.153 |
" " | ca.api.endpoint.ingress.rapid7.com | Insight Agent messages, beacons, and file uploads. | 52.60.40.157 52.60.107.153 |
" " | ca.bootstrap.endpoint.ingress.rapid7.com | Updates for the Insight Agent software. | 52.60.40.157 52.60.107.153 |
" " | ca.deployment.endpoint.ingress.rapid7.com | Certificate files for token-based Insight Agent installations. | 52.60.40.157 52.60.107.153 |
*.insight.rapid7.com | ca.data.insight.rapid7.com | Insight Agent messages, beacons, update requests, and file uploads for collection using the Rapid7 Collector. | None |
" " | ca.data.logs.insight.rapid7.com | Logs to InsightOps. | None |
Japan
All endpoints listed here must be reachable through port 443.
Optional wildcard | Endpoint | Description | Supported static IP addresses |
---|---|---|---|
*.endpoint.ingress.rapid7.com | ap.endpoint.ingress.rapid7.com | Insight Agent messages and beacons. | 103.4.8.209 18.182.167.99 |
" " | ap.storage.endpoint.ingress.rapid7.com | Insight Agent file uploads. | 103.4.8.209 18.182.167.99 |
" " | ap.api.endpoint.ingress.rapid7.com | Insight Agent messages, beacons, and file uploads. | 103.4.8.209 18.182.167.99 |
" " | ap.bootstrap.endpoint.ingress.rapid7.com | Updates for the Insight Agent software. | 103.4.8.209 18.182.167.99 |
" " | ap.deployment.endpoint.ingress.rapid7.com | Certificate files for token-based Insight Agent installations. | 103.4.8.209 18.182.167.99 |
*.insight.rapid7.com | ap.data.insight.rapid7.com | Insight Agent messages, beacons, update requests, and file uploads for collection using the Rapid7 Collector. | None |
" " | ap.data.logs.insight.rapid7.com | Logs to InsightOps. | None |
Australia
All endpoints listed here must be reachable through port 443.
Optional wildcard | Endpoint | Description | Supported static IP addresses |
---|---|---|---|
*.endpoint.ingress.rapid7.com | au.endpoint.ingress.rapid7.com | Insight Agent messages and beacons. | 52.64.24.140 13.55.81.47 13.236.168.124 |
" " | au.storage.endpoint.ingress.rapid7.com | Insight Agent file uploads. | 52.64.24.140 13.55.81.47 13.236.168.124 |
" " | au.api.endpoint.ingress.rapid7.com | Insight Agent messages, beacons, and file uploads. | 52.64.24.140 13.55.81.47 13.236.168.124 |
" " | au.bootstrap.endpoint.ingress.rapid7.com | Updates for the Insight Agent software. | 52.64.24.140 13.55.81.47 13.236.168.124 |
" " | au.deployment.endpoint.ingress.rapid7.com | Certificate files for token-based Insight Agent installations. | 52.64.24.140 13.55.81.47 13.236.168.124 |
*.insight.rapid7.com | au.data.insight.rapid7.com | Insight Agent messages, beacons, update requests, and file uploads for collection using the Rapid7 Collector. | None |
" " | au.data.logs.insight.rapid7.com | Logs to InsightOps. | None |
Port requirements for assets when using Rapid7 Collectors as proxies
If you use the Rapid7 Collector as a proxy destination for Insight Agent traffic, your assets must also be allowed to communicate with your Collector host through these ports:
- 5508 - Used for agent messages and beacons.
- 6608 - Used for agent update requests and file uploads for collection.
- 8037 - Used for agent messages and beacons.
Endpoint protection software exclusion
Endpoint protection software exclusion
Endpoint Protection Software is an umbrella of applications that can be deployed on endpoint devices to detect and block malicious activity from both trusted and untrusted applications.
Endpoint security applications (such as McAfee Threat Intelligence Exchange, CylancePROTECT, Carbon Black, and others) may flag, block, or delete the Insight Agent from your assets depending on your detection and response settings. To prevent this and ensure the successful operation of the Insight Agent, you have to allowlist the Agent in the Endpoint Protection Platform you have deployed in your environment.
Allowlist the Insight Agent within your Endpoint Protection Software
To allowlist the Insight Agent, navigate to your Endpoint Protection Platform and set up a path exclusion rule for the agent directory.
Your rule must accommodate all subdirectories contained in the agent installation path. The following paths show default agent installation locations by operating system:
- Windows -
C:\Program Files\Rapid7\Insight Agent\
- Mac and Linux -
/opt/rapid7/ir_agent/
How to allowlist Insight Agent in Carbon Black
- Log into the Carbon Black Cloud Console and create a new Application Policy specifically for the Insight Agent.
- Ensure the new application path to the policy points to the correct installation location and includes all subdirectories. By default, the agent is installed under the following directories:
- Windows -
C:\Program Files\Rapid7\Insight Agent\
- Mac and Linux -
/opt/rapid7/ir_agent/
- Windows -
- After adding the Agent path, configure the Policy to bypass the Insight Agent directory altogether.
For more details, consult Carbon Black documentation.
How to allowlist Insight Agent in CylancePROTECT
- Login into the CylancePROTECT Console and configure the Protection Settings for the devices you want to deploy the Agent to.
- Ensure the new protection settings folder exclusion points to the correct installation location and includes all subdirectories. By default, the agent is installed under the following directories:
- Windows -
C:\Program Files\Rapid7\Insight Agent\
- Mac and Linux -
/opt/rapid7/ir_agent/
- Windows -
For more details, consult CylancePROTECT documentation.
InsightIDR asset quarantine
InsightIDR asset quarantine
The Insight Agent allows you to quarantine an asset in InsightIDR until you are able to resolve the investigation. This isolates the asset from all other network connections, except for connections to the Insight Platform and trusted services, such as DHCP. To ensure your quarantine actions are successful, you must properly configure your operating systems:
Linux/Unix Operating Systems
For Linux/Unix systems, you must enable iptables.
Windows Operating Systems
The Insight Agent uses the operating system’s local firewall service for the quarantine actions. To ensure that Insight Agent quarantine actions run successfully for Windows assets, the Insight Agent must be able to use the Windows Firewall service. Review the Firewall Group Policy settings for your organization to verify that you do not have the Windows Firewall service disabled. If you do have the Windows Firewall service disabled, you will need to set it to either Not Configured or On to be able to quarantine an asset with the Insight Agent.
Required Windows Firewall Settings for Insight Agent Quarantine Actions
These are the required Firewall Group Policy settings for all Domain/Private/Public/Standard profiles:
- Firewall State - Not Configured or On
- Allow local rule merge - Not configured or Yes
You do not need to change the firewall settings for Inbound Connections or Outbound Connections.
Group Policy Management of Windows Firewall
Windows Firewall Service must be enabled and properly configured to ensure that the Insight Agent quarantine actions run successfully. If you have not previously configured Windows Firewall group policy for your domain, the quarantine will succeed. However, if your Windows Firewall Domain Policy is configured to turn the service off, the Agent quarantine will fail. To verify your Group Policy Management settings for Windows Firewall and Windows Defender Firewall, follow the instructions below.
Group Policy Management of Windows Firewall with Advanced Security
Verify your group policy settings for Windows Firewall follow the requirements mentioned above. Use the tool you normally use to manage your global group policies to verify these settings.
- Open the Group Policy Management tool. Find the policy that you use to apply settings for the Windows Firewall service in your organization and edit the policy.
- Click Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security Settings folder > Windows Firewall with Advanced Security Settings.
- Click Windows Firewall Properties.
- Verify that the Firewall state is set to Not Configured or On for each profile: Domain/Private/Public/Standard.
- Under Settings, click Customize.
- Verify that "Apply local firewall rules" is set to Not Configured or Yes.
- Click Ok.
- Click Apply.
Group Policy Management of Windows Defender Firewall
Verify your group policy settings for Windows Defender Firewall follow the requirements mentioned above. Ensure that all profiles are set to either Not Configured or Enabled.
- Open the Group Policy Management console.
- Click Policies > Administrative Templates > Network > Network Connections > Windows (Defender) Firewall > Domain/Private/Public/Standard Profile.
- Click Windows Firewall: Protect all network connections.
- Ensure that either Not Configured or Enabled are selected.