Quick Start Guide
Copy link

Exposure Command brings together several Rapid7 capabilities, including Attack Surface Management (Surface Command), External Attack Surface Management (EASM), Cloud Security (InsightCloudSec), Vulnerability Management (InsightVM), Automation (InsightConnect), and the Command Platform. This Quick Start Guide outlines what to expect during, and how to approach, each phase of the Exposure Command deployment process.

  • Phase 1: Prepare for deployment: You’ll familiarize yourself with key capabilities and log in to the Command Platform
  • Phase 2: Get up and running: You’ll install any Attack Surface Management (Surface Command) Outposts (if applicable), set up your first set of connectors, and connect your External Assets
  • Phase 3: Validate configuration and connect with Rapid7: You’ll start to see data appear in Attack Surface Management (Surface Command) and you’ll learn how to create queries, widgets, and dashboards to start curating your desired perspective of your Attack Surface

Phase 1: Prepare for deployment
Copy link

To ensure you can get up and running with Exposure Command as quickly as possible, it’s important to understand your new product and the necessary deployment tasks as well as to create a plan for deployment.

Exposure Command capabilities overview

Log in to the Command Platform

ℹ️

Already have a Command Platform account?

If you already have a Command Platform account (formerly known as the Insight Platform) from a trial or existing subscription to another Rapid7 solution, you’re all set! Use your existing email address to log in to https://insight.rapid7.com/login .

The Rapid7 Command Platform is your base within the ecosystem of Rapid7 cloud products and services. It provides a centralized location for administrative functions and makes navigating the Insight product suite simple. To log in to the platform, you need a Rapid7 Command Platform account.

To create an account:

  1. Check your corporate email inbox for an email from the Rapid7 Command Platform team.
  2. Visit insight.rapid7.com/login.
  3. Select Haven’t activated your account?.
  4. Enter your corporate email address to receive an activation email with next steps. If you do not receive an activation email, reach out to your Customer Adoption Manager (CAM) or Customer Success Advisor (CSA).
  5. Refer to the activation email and follow the instructions to create and activate your Command Platform account

Phase 2: Get up and running
Copy link

After you have familiarized yourself the components of Exposure Command and you’ve logged in to the Command Platform to confirm your account is set up properly, you’re ready to get everything up and running!

Set up Attack Surface Management

To start managing your attack surface with Exposure Command, you’ll need to set up Attack Surface Management (Surface Command). Follow Get started with Attack Surface Management (Surface Command)  and then return to the Exposure Command Quick Start Guide.

Set up Cloud Security (InsightCloudSec)

To start seeing your cloud data integrated with Exposure Command, you’ll need to set up Cloud Security (InsightCloudSec). Follow the Getting Started Overview  and then return to the Exposure Command Quick Start Guide.

Set up Vulnerability Management (InsightVM)

To start seeing your on-prem data and detailed vulnerabilities integrated with Exposure Command, you’ll need to set up InsightVM. Follow the Quick Start Guide  and then return to the Exposure Command Quick Start Guide.

Set up Automation (InsightConnect)

To start building automated workflows to handle security operations tasks, you’ll need to set up Automation (InsightConnect). Follow the Quick Start Guide  and then return to the Exposure Command Quick Start Guide.

Phase 3: Validate configuration and connect with Rapid7
Copy link

With Exposure Command fully deployed and configured, you can now start evaluating your Security Program holistically.

Support
Copy link

If you run into any problems with Attack Surface Management (Surface Command), search the documentation  for solutions or contact Rapid7 Support through the customer portal .

Rapid7 Academy
Copy link

The Rapid7 Academy  holds training, webcasts, workshops, and more, all led by our Rapid7 experts.

  • On-demand training  helps you get started with Rapid7 products, answer frequently-asked questions, and recommend best practices.
  • Rapid7 Webcasts  are hosted by Rapid7’s teams and provide a forum where customers can learn about best practices as well as what’s new in their Rapid7 products.
  • Virtual Instructor-Led Training Courses  are live training sessions broken down by product and available for enrollment.
  • Certification Exams  are product-specific exams to help you demonstrate your knowledge of using Rapid7’s solutions as a cybersecurity professional.
  • Product Workshops  are Rapid7’s free trainings on all things, all products, and average about an hour long

Communications
Copy link

To make sure you receive the Rapid7 communications that best suit your needs, set your communication preferences .

  • Whether it’s an emergent cybersecurity threat, a product update, or a notice of service degradation for maintenance, we’ll alert you with an in-product message to ensure you’re aware of all that affects your environment.
  • Rapid7’s research  provides information on a variety of topics, such as, cloud misconfigurations, vulnerability management, detection and response, application security, and more.
  • Rapid7’s blog  offers conversational guidance and information from our security experts.

Communities
Copy link

Rapid7 supports a range of open-source projects. Consider joining one of our Open-Source communities!

  • AttackerKB captures, highlights, and expands on security researcher knowledge to shed light on the specific conditions and characteristics that make a vulnerability exploitable and useful to attackers.
  • Velociraptor provides you with the ability to more effectively respond to a wide range of digital forensic and cyber incident response investigations and data breaches.
  • Metasploit empowers and arms defenders to stay one step ahead of the game by verifying vulnerabilities, managing security assessments, and improving security awareness.
  • Recog is a framework for identifying products, services, operating systems, and hardware by matching fingerprints against data returned from various network probes.
  • Our customer advocacy program, Rapid7 Voice, provides you with a network of customers, offers the chance to deepen your security expertise, and provides the opportunity to share input on future product developments.