Download and Install the Insight Agent

We have limited our available installers for better security

As part of Rapid7's continual work to improve your organization’s security, we have limited our available installers to .pkg for Mac and .deb or .rpm for Linux to better safeguard your systems. This means our .sh installer will no longer be released. Insight Agent v4.0.12 is the last available version of the Insight Agent that supports the .sh installer. Note, you can still access the documentation for the .sh installer.

We recommend that you upgrade your Insight Agent deployment procedures to utilize the industry standard installers using our Mac or Linux installation guides as soon as possible.

If you mass-deploy the Insight Agent with a previously downloaded .sh installer, or with the generic link to its latest available version, your existing mass-deployment procedures will continue to work as intended. However, any issues with .sh based installations will no longer be investigated by Rapid7's technical support team.

You can install the Insight Agent on your target assets using two required installation options that can be used interchangeably depending on the network connectivity settings of your assets. While either of the options functionally achieve the same goal of installing the agent and connecting it to the Insight Platform, this article details each of the installation options available and explains their differences so you can decide which would be most suitable for deployment in your organization.

Task 1: Decide which installation option to use

There are two main Agent Installation options available that can be used interchangeably:

What is a Token?

A token is your organization’s unique identifier that links the installed Insight Agents to your organization. When installing using the token, the Insight Agent reaches out to the Insight Platform to download the certificate files necessary for successful installation. This installation option requires connectivity to the Insight Platform directly through a Rapid7 Endpoint or a Collector.

If you are installing the agent in an environment with stricter network requirements, we recommend using the Certificate Package.

Your token consists of two parts:

  • The region identifier - This portion identifies the region where your organization is located. For example, us is the region identifier for the United States, while ca is the region identifier for Canada.

  • The Universally Unique Identifier (UUID) - The UUID represents the token itself. The API request initiated by the installer sends this UUID to the Insight Platform in order to retrieve the JSON document that contains all the necessary dependencies noted previously.

A fully generated token appears in the following format:

<region_id>:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

Note that the process of installation with a token, the Insight Agent installer will download the following dependencies onto your asset. All together, these dependencies are no more than 20KB in size:

  • client.key
  • client.crt
  • config.json
  • cafile.pem

If you intend to install the Insight Agent using your organization’s token:

  • Your assets must be able to communicate with the Insight Platform in order for the installer to download its necessary dependencies.
  • If your assets are deployed in a network with strict URL filtering rules in place, you may need to allowlist the following token resource endpoint to ensure that the installer can pull its configuration files from the Insight Platform. Substitute <REGION> with the code that applies to your data region: https://<REGION>.deployment.endpoint.ingress.rapid7.com/api/v1/get_agent_files
    • To determine your region, view the Insight Platform home for one of the following regions:
RegionDescription
usUnited States - 1
us2United States - 2
us3United States - 3
euEurope
caCanada
auAustralia
apJapan

What is the Certificate Package?

Certificate installation terminology

Note that the certificate installation was previously referred to under Advanced within the Insight Agent installation options.

The Certificate Package contains your unique organization's configuration files, which are required for successful installation of the agent. These files are downloaded seamlessly when installing with a token, but are provided here for easy access in case some of the assets in your environment don't have direct connectivity the Insight Platform through a Rapid7 Endpoint or a Collector. We recommend installing the Insight Agent using the Certificate Package in environments with stricter network requirements.

Your Certificate Package ZIP file contains the following security files in addition to the installer executable:

  • client.key
  • client.crt
  • config.json
  • cafile.pem

Expired Certificates

If you use the certificate package installation option to install the Insight Agent, your certificates will expire after 5 years. Insight Agents that were previously installed with a valid certificate are not impacted and will continue to update their SSL certificates. New installations of the Insight Agent using an expired certificate will not be able to fully connect to the Insight Platform to run jobs in InsightVM, InsightIDR, or InsightOps.

Refresh your Certificates

If you host your certificate package on a network share, or if it is baked into a golden image for a virtual machine, redownload your certificate package within 5 years to ensure new installations of the Insight Agent run correctly.

Task 2: Download the installer from the Insight Platform

Privileges required

You must be an Insight Platform or product Administrator to access Agent Management.

Once you have determined which Insight Agent installation option you want to use, you’re ready to download the installer. You can download both installer types from the Agent Management screen in your Insight Platform user interface.

  1. Go to insight.rapid7.com and sign in with your Insight account email address and password.
    • If you are not directed to the Insight Platform Home page upon signing in, open the navigator in the upper left corner of your screen and click Insight Platform Home.
  2. Open the left menu and click the Data Collection Management tab, then click Agents.
  3. At the top of the screen, click the Agent Installer tab.
  4. Select the Insight Agent installation option of your choice and follow the instructions.
    • If you have multiple Rapid7 organizations and are using the Token installation option, make sure you select the correct organization before you generate your token.
    • Each panel includes separate procedures for both the Token and Certificate Package.
  5. Download the Insight Agent installer based on the operating system of your choice.

File types

The contents of your download will vary depending on the installer type and operating system you select. Windows operating system files will come in a single .msi file, Mac files will be .pkg, and Linux files will be either .rpm, or .deb.

Certificate Packages come in a ZIP file and contain your necessary certificate and configuration files that the installer will reference when you execute it.

Note that after November 15, 2024, the .sh file type will be fully deprecated and no longer available to download. It is currently available in our .sh installer guide.

Task 3: Complete the installation for your operating system

Now that you have your desired installer option, you’re ready to move on to the installation phase. See our dedicated articles for each operating system:

Install Endpoint Prevention

Access to Endpoint Prevention add-ons

Endpoint Prevention is only available to Managed Detection and Response and Managed Threat Complete customers who also have the Next-Generation Antivirus or Ransomware Prevention add-ons.

The Insight Agent also offers Endpoint Prevention technology if you are an Managed Threat Complete (MTC) Ultimate customer or a Managed Detection and Response (MDR) customer. This technology is available through two add-ons to the Insight Agent. Use the dedicated installation instructions for the add-on you have purchased to install the Insight Agent:

Version History

The Insight Agent Version History has been moved to the Insight Platform user interface. Navigate to insight.rapid7.com > Data Collection > Agents > Agent Installer. You can find the Version table at the bottom of this page and can select the Older Versions link below this table to see all available versions of the Insight Agent.