Integrations

See the following sections for instructions on how to deploy the Insight Agent via supported software integrations:

Microsoft Azure

NOTE

This procedure details agent deployment on a per asset basis. If you would like to mass deploy the agent on all your existing and future Azure VMs, see our Azure Security Center integration page.

Complete the following procedure to deploy the Insight Agent to your Azure virtual machines and connect them to the Insight platform:

  1. Download the desired agent installation package. See Download for instructions.
  2. Apply the agent to a virtual machine through either the Azure portal or the command line.

Azure portal method

  1. In your Azure portal, navigate to Virtual Machines → [Your VM name] → Extensions.
  2. Click the Add button.
  3. Select Rapid7 Insight Agent.

Command line method

  1. Set up the Azure CLI to access the extension details.
  2. Log in with az login.
  3. Browse Rapid7 extension versions with:
1
az vm extension image list --publisher "Rapid7.InsightPlatform"
2
[{
3
"name": "InsightAgentLinux",
4
"publisher": "Rapid7.InsightPlatform",
5
"version": "2.0.0.2"
6
},
7
{
8
"name": "InsightAgentWindows",
9
"publisher": "Rapid7.InsightPlatform",
10
"version": "2.0.0.2"
11
},
12
...

PowerShell

To add the Rapid7 Insight Agent extension to a virtual machine using PowerShell, first make sure you have the latest version of PowerShell installed.

NOTE

Switching between classic and resource manager in the same PowerShell window frequently results in an error:

Missing type map configuration or unsupported mapping

When using both types, it is recommended to use separate PowerShell windows.

  1. Base64 encode the configuration zip file:
1
$filepath = C:\tmp\config.zip
2
$binary = Get-Content -Path $filepath -Encoding Byte
3
$base64 = [Convert]::ToBase64String($binary)
  1. Apply extension:

Classic: Login: Add-AzureAccount List VMs: Get-AzureVM

1
$params = "{`"configzip`": `"$base64`" }"
2
$vmobj = Get-AzureVM -ServiceName {your_vm_service_name} \
3
-Name {your_vm_name}
4
$vmobj | Set-AzureVMExtension -ExtensionName
5
'InsightAgentWindows' \
6
-Publisher 'Rapid7.InsightPlatform' \
7
-Version 2.0 \
8
-PrivateConfiguration $params
9
$vmobj | Update-AzureVM # This applies the extension
10
$vmobj | Get-AzureVMExtension

Resource Manager: Login: Login-AzureRmAccount List VMs: Get-AzureRmVM

1
$params = @{"configzip" = "$base64"; };
2
Set-AzureRmVMExtension -Publisher Rapid7.InsightPlatform \
3
-ExtensionName InsightAgentWindows \
4
-ExtensionType InsightAgentWindows \
5
-Version 2.0 \
6
-ProtectedSettings $params \
7
-VMName {your_vm} \
8
-Location {your_location} \
9
-ResourceGroupName {your_resource_group}

Azure 2.0 CLI

To add the Rapid7 Insight Agent extension to a resource manager virtual machine using the Azure CLI, first make sure you have the latest version of the Azure 2.x CLI installed.

1
az login
2
base64=$(base64 ~/config.zip)
3
az vm extension set --protected-settings "{\"configzip\":\"$base64\"}" --vm-name
4
{your_windows_vm} --name InsightAgentWindows --publisher Rapid7.InsightPlatform
5
--resource-group {vm-resource-group} --version 2.0

Azure 1.0 CLI

To add the Rapid7 Insight Agent extension to a classic virtual machine using the Azure CLI, first make sure you have the latest version of the Azure 1.x CLI installed.

1
azure login
2
azure config mode asm
3
base64=$(base64 ~/config.zip)
4
azure vm extension set -t "{\"configzip\":\"$base64\"}" "{your_windows_vm}"
5
InsightAgentWindows Rapid7.InsightPlatform 2.0

McAfee ePolicy Orchestrator

Installing the McAfee Agent allows McAfee ePO users to deploy and manage the Insight Agent via McAfee ePO software management.

This process assumes that the McAfee ePolicy Orchestrator is already configured to monitor the Windows systems in your environment, and these target systems have the McAfee Agent installed.

To begin, download the following:

Next, install the Rapid7 Extension on the ePO Server, Install the Rapid7 Manager Plugin on Target Systems, and then Install the Insight Agent.

Installing the Rapid7 Extension on the ePO Server

You can install the Rapid7 ePO extension by obtaining the installation zip archive from the Rapid7 Support team. You can install the extension on ePO using the following steps:

  1. Extract the Rapid7Nexpose.zip file. You fill find the ePO extension folder and the Rapid7.zip archive in the target extraction folder's contents.
  2. From the main menu of ePO under the Software category, click on Extensions.
  3. The Extensions screen appears. Click on the Install Extension button and then browse to Rapid7.zip file location. Follow all the steps of the installation process.
  4. After the installation is complete, you will be returned to the Extensions screen. Ensure that Rapid7 is visible in the list of extensions and the state is Running.

Configure Policy Catalogue

The Rapid7 Manager is responsible for installing the Insight Agent on your systems. The following steps will help you configure the Agent installation.

  1. From the main menu, click Server Settings under the Configuration category.
  2. In the Server Settings screen, select Rapid7 Settings. The right pane will have four text fields for agent-related configuration data - client.crt, config.json, client.key and cafile.pem. Complete these fields using the contents of similarly named files in the Insight Agent installation package. The contents of these files can be viewed by opening them in Notepad.
  3. Return to the main menu and under the Policy category, click on Policy Catalog. The Policy Catalog page will look like this:

McAfee Image 2

  1. On the Policy Catalog page, either duplicate the built-in Default (in the case of this screenshot, the Default policy is nexpose_Default) policy, or click New Policy. Give this policy a suitable name, such as "Install Rapid7 Insight Agent". To duplicate an existing policy, click on the policy name to open the side panel. Click on the arrow near the View button to duplicate the policy.
  2. Click on the newly created policy and then click on Edit in the panel on the right side of the screen.
  3. On the policy configuration page, select the recommended option - Don’t reinstall the Rapid7 Insight Agent if already present.
  4. Click the Installation Package URLs tab. Replace the default URLs shown with the following URLs for both 32- and 64-bit installer types:

64-bit

1
https://s3.amazonaws.com/com.rapid7.razor.public/endpoint/agent/latest/windows/x86_64/PyForensicsAgent-x64.msi

32-bit

1
https://s3.amazonaws.com/com.rapid7.razor.public/endpoint/agent/latest/windows/x86/PyForensicsAgent-x86.msi

IMPORTANT

The default URLs included with this plugin point to a legacy version of the Insight Agent. If these URLs are left unchanged, all agents deployed using this plugin will automatically initiate a software update to the latest version after installation. To avoid this update condition, make sure you replace these legacy URLs with the current URLs listed above.

  1. Visit the System Tree screen through the main menu. On the System Tree screen, select a system group and open the Assigned Policies tab. On the right side, in the “Action” column, there is an "Edit assignment" link.
  2. In the Policy Assignment wizard, select install Rapid7 Insight Agent as the policy to assign.

Installing the Rapid7 Manager Plugin on Target Systems

The Rapid7 Manager coordinates communication between the Rapid7 extension and the Insight Agents on the target systems. It is also responsible for enforcing the policies related to Rapid7 on the target systems. The following steps are required for installing the Rapid7 Manager on your systems.

  1. From the main menu, under the Software category, click on Master Repository.
  2. On the Master Repository screen, click the Check In Package button, and browse to the R7AgentDeployment zip file.
  3. Click the Next button. Ensure to install the current version.
  4. Click the Save button located towards the bottom of the window.
  5. Ensure that the application Rapid7 Manager appears in the package list in the Master Repository screen.
  6. From the main menu, under the Client Task category, select Client Task Catalog.
  7. On the Client Task Catalog screen, click on the New Task button and then select the Product Deployment task type.
  8. In the Client Task Creation wizard, set the product as Rapid7 Manager and the action as Install. Complete the rest of the fields in the installation wizard based on your preferences.
  9. Now that the installation task is created, you can apply it to the systems in your network. For this, you will need to return to the main menu. Under the Systems category, select System Tree.
  10. On the System Tree screen, select a system group and open the Assigned Client Tasks tab, then select New Client Task Assignment.
  11. In the New Client Task Assignment wizard, select the Install Rapid7 Manager task created in the previous step. Based on your selections, the final screen of the wizard looks something like this:

McAfee Image 1

When this Client Task is assigned to your systems, the Rapid7 Manager is installed the next time ePO syncs with those systems. By default, this synchronization process occurs once every hour.

When the Rapid7 Manager on your target system syncs up with the ePO server, it is notified about the new policy assigned to the system. It then downloads the configuration files from the ePO server and the Insight Agent hosted on the Rapid7 Insight Platform. You can confirm the installation of the Insight Agent on your target systems by visiting the Program Files > R7Agent path.