Download and Install the Insight Agent
We have limited our available installers for better security
As part of Rapid7's continual work to improve your organization’s security, we have limited our available installers to .pkg
for Mac and .deb
or .rpm
for Linux to better safeguard your systems. This means our .sh
installer will no longer be released. Insight Agent v4.0.12 is the last available version of the Insight Agent that supports the .sh
installer. Note, you can still access the documentation for the .sh
installer.
We recommend that you upgrade your Insight Agent deployment procedures to utilize the industry standard installers using our Mac or Linux installation guides as soon as possible.
If you mass-deploy the Insight Agent with a previously downloaded .sh
installer, or with the generic link to its latest available version, your existing mass-deployment procedures will continue to work as intended. However, any issues with .sh
based installations will no longer be investigated by Rapid7's technical support team.
You can install the Insight Agent on your target assets using two required installation options that can be used interchangeably depending on the network connectivity settings of your assets. While either of the options functionally achieve the same goal of installing the agent and connecting it to the Insight Platform, this article details each of the installation options available and explains their differences so you can decide which would be most suitable for deployment in your organization.
Task 1: Decide which installation option to use
There are two main Agent Installation options available that can be used interchangeably:
What is a Token?
A token is your organization’s unique identifier that links the installed Insight Agents to your organization. When installing using the token, the Insight Agent reaches out to the Insight Platform to download the certificate files necessary for successful installation. This installation option requires connectivity to the Insight Platform directly through a Rapid7 Endpoint or a Collector.
If you are installing the agent in an environment with stricter network requirements, we recommend using the Certificate Package.
Your token consists of two parts:
The region identifier - This portion identifies the region where your organization is located. For example,
us
is the region identifier for the United States, whileca
is the region identifier for Canada.The Universally Unique Identifier (UUID) - The UUID represents the token itself. The API request initiated by the installer sends this UUID to the Insight Platform in order to retrieve the JSON document that contains all the necessary dependencies noted previously.
A fully generated token appears in the following format:
<region_id>:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Note that the process of installation with a token, the Insight Agent installer will download the following dependencies onto your asset. All together, these dependencies are no more than 20KB in size:
client.key
client.crt
config.json
cafile.pem
If you intend to install the Insight Agent using your organization’s token:
- Your assets must be able to communicate with the Insight Platform in order for the installer to download its necessary dependencies.
- As long as you verify the network connectivity requirements noted previously, this communication channel will be available for use.
- If your assets are deployed in a network with strict URL filtering rules in place, you may need to allowlist the following token resource endpoint to ensure that the installer can pull its configuration files from the Insight Platform. Substitute
<REGION>
with the code that applies to your data region:https://<REGION>.deployment.endpoint.ingress.rapid7.com/api/v1/get_agent_files
- To determine your region, view the Insight Platform home for one of the following regions:
Region | Description |
---|---|
us | United States - 1 |
us2 | United States - 2 |
us3 | United States - 3 |
eu | Europe |
ca | Canada |
au | Australia |
ap | Japan |
What is the Certificate Package?
Certificate installation terminology
Note that the certificate installation was previously referred to under Advanced within the Insight Agent installation options.
The Certificate Package contains your unique organization's configuration files, which are required for successful installation of the agent. These files are downloaded seamlessly when installing with a token, but are provided here for easy access in case some of the assets in your environment don't have direct connectivity the Insight Platform through a Rapid7 Endpoint or a Collector. We recommend installing the Insight Agent using the Certificate Package in environments with stricter network requirements.
Your Certificate Package ZIP file contains the following security files in addition to the installer executable:
client.key
client.crt
config.json
cafile.pem
Expired Certificates
If you use the certificate package installation option to install the Insight Agent, your certificates will expire after 5 years. Insight Agents that were previously installed with a valid certificate are not impacted and will continue to update their SSL certificates. New installations of the Insight Agent using an expired certificate will not be able to fully connect to the Insight Platform to run jobs in InsightVM, InsightIDR, or InsightOps.
Refresh your Certificates
If you host your certificate package on a network share, or if it is baked into a golden image for a virtual machine, redownload your certificate package within 5 years to ensure new installations of the Insight Agent run correctly.
Task 2: Download the installer from the Insight Platform
Privileges required
You must be an Insight Platform or product Administrator to access Agent Management.
Once you have determined which Insight Agent installation option you want to use, you’re ready to download the installer. You can download both installer types from the Agent Management screen in your Insight Platform user interface.
- Go to insight.rapid7.com and sign in with your Insight account email address and password.
- If you are not directed to the Insight Platform Home page upon signing in, open the navigator in the upper left corner of your screen and click Insight Platform Home.
- Open the left menu and click the Data Collection Management tab, then click Agents.
- At the top of the screen, click the Agent Installer tab.
- Select the Insight Agent installation option of your choice and follow the instructions.
- If you have multiple Rapid7 organizations and are using the Token installation option, make sure you select the correct organization before you generate your token.
- Each panel includes separate procedures for both the Token and Certificate Package.
- Download the Insight Agent installer based on the operating system of your choice.
File types
The contents of your download will vary depending on the installer type and operating system you select. Windows operating system files will come in a single .msi
file, Mac files will be .pkg
, and Linux files will be either .rpm
, or .deb
.
Certificate Packages come in a ZIP file and contain your necessary certificate and configuration files that the installer will reference when you execute it.
Note that after November 15, 2024, the .sh
file type will be fully deprecated and no longer available to download. It is currently available in our .sh installer guide.
Task 3: Complete the installation for your operating system
Now that you have your desired installer option, you’re ready to move on to the installation phase. See our dedicated articles for each operating system:
Install Endpoint Prevention
Access to Endpoint Prevention add-ons
Endpoint Prevention is only available to Managed Detection and Response and Managed Threat Complete customers who also have the Next-Generation Antivirus or Ransomware Prevention add-ons.
The Insight Agent also offers Endpoint Prevention technology if you are an Managed Threat Complete (MTC) Ultimate customer or a Managed Detection and Response (MDR) customer. This technology is available through two add-ons to the Insight Agent. Use the dedicated installation instructions for the add-on you have purchased to install the Insight Agent:
Version History
The Insight Agent Version History has been moved to the Insight Platform user interface. Navigate to insight.rapid7.com > Data Collection > Agents > Agent Installer. You can find the Version table at the bottom of this page and can select the Older Versions link below this table to see all available versions of the Insight Agent.