Integrations

See the following sections for instructions on how to deploy the Insight Agent via supported software integrations:

Microsoft Azure

NOTE

This procedure details agent deployment on a per asset basis. If you would like to mass deploy the agent on all your existing and future Azure VMs, see our Azure Security Center integration page.

Complete the following procedure to deploy the Insight Agent to your Azure virtual machines and connect them to the Insight platform:

  1. Download the desired agent installation package. See Download for instructions.
  2. Apply the agent to a virtual machine through either the Azure portal or the command line.

Azure portal method

  1. In your Azure portal, navigate to Virtual Machines → [Your VM name] → Extensions.
  2. Click the Add button.
  3. Select Rapid7 Insight Agent.

Command line method

  1. Set up the Azure CLI to access the extension details.
  2. Log in with az login.
  3. Browse Rapid7 extension versions with:
1
az vm extension image list --publisher "Rapid7.InsightPlatform"
2
[{
3
"name": "InsightAgentLinux",
4
"publisher": "Rapid7.InsightPlatform",
5
"version": "2.0.0.2"
6
},
7
{
8
"name": "InsightAgentWindows",
9
"publisher": "Rapid7.InsightPlatform",
10
"version": "2.0.0.2"
11
},
12
...

PowerShell

To add the Rapid7 Insight Agent extension to a virtual machine using PowerShell, first make sure you have the latest version of PowerShell installed.

NOTE

Switching between classic and resource manager in the same PowerShell window frequently results in an error:

Missing type map configuration or unsupported mapping

When using both types, it is recommended to use separate PowerShell windows.

  1. Base64 encode the configuration zip file:
1
$filepath = C:\tmp\config.zip
2
$binary = Get-Content -Path $filepath -Encoding Byte
3
$base64 = [Convert]::ToBase64String($binary)
  1. Apply extension:

Classic: Login: Add-AzureAccount List VMs: Get-AzureVM

1
$params = "{`"configzip`": `"$base64`" }"
2
$vmobj = Get-AzureVM -ServiceName {your_vm_service_name} \
3
-Name {your_vm_name}
4
$vmobj | Set-AzureVMExtension -ExtensionName
5
'InsightAgentWindows' \
6
-Publisher 'Rapid7.InsightPlatform' \
7
-Version 2.0 \
8
-PrivateConfiguration $params
9
$vmobj | Update-AzureVM # This applies the extension
10
$vmobj | Get-AzureVMExtension

Resource Manager: Login: Login-AzureRmAccount List VMs: Get-AzureRmVM

1
$params = @{"configzip" = "$base64"; };
2
Set-AzureRmVMExtension -Publisher Rapid7.InsightPlatform \
3
-ExtensionName InsightAgentWindows \
4
-ExtensionType InsightAgentWindows \
5
-Version 2.0 \
6
-ProtectedSettings $params \
7
-VMName {your_vm} \
8
-Location {your_location} \
9
-ResourceGroupName {your_resource_group}

Azure 2.0 CLI

To add the Rapid7 Insight Agent extension to a resource manager virtual machine using the Azure CLI, first make sure you have the latest version of the Azure 2.x CLI installed.

1
az login
2
base64=$(base64 ~/config.zip)
3
az vm extension set --protected-settings "{\"configzip\":\"$base64\"}" --vm-name
4
{your_windows_vm} --name InsightAgentWindows --publisher Rapid7.InsightPlatform
5
--resource-group {vm-resource-group} --version 2.0

Azure 1.0 CLI

To add the Rapid7 Insight Agent extension to a classic virtual machine using the Azure CLI, first make sure you have the latest version of the Azure 1.x CLI installed.

1
azure login
2
azure config mode asm
3
base64=$(base64 ~/config.zip)
4
azure vm extension set -t "{\"configzip\":\"$base64\"}" "{your_windows_vm}"
5
InsightAgentWindows Rapid7.InsightPlatform 2.0

McAfee ePolicy Orchestrator

Installing the McAfee Agent allows McAfee ePO users to deploy and manage the Insight Agent via McAfee ePO software management.

This process assumes that the McAfee ePolicy Orchestrator is already configured to monitor the Windows systems in your environment, and these target systems have the McAfee Agent installed.

To begin, download the following:

Next, install the Rapid7 Extension on the ePO Server, Install the Rapid7 Manager Plugin on Target Systems, and then Install the Insight Agent.

Installing the Rapid7 Extension on the ePO Server

You can install the Rapid7 ePO extension by obtaining the installation zip archive from the Rapid7 support. The extension can be installed on ePO using the following steps:

  1. From the main menu of ePO, under the Software category, click on Extensions.
  2. The Extensions screen appears. Click on the Install Extension button, and then browse to Rapid7.zip file location. Follow all the steps of the installation process.
  3. After the installation is complete, you are returned to the Extensions screen. Ensure that Rapid7 is visible in the list of extensions and the state is Running.

Installing the Rapid7 Manager Plugin on Target Systems

The Rapid7 Manager coordinates communication between the Rapid7 extension and the Insight Agents on the target systems. It is also responsible for enforcing the policies related to Rapid7 on the target systems. The following steps are required for installing the Rapid7 Manager on your systems.

  1. From the main menu, under the Software category, click on Master Repository.
  2. On the Master Repository screen, click the Check In Package button, and browse to the R7AgentDeployment zip file.
  3. Ensure that the application Rapid7 Manager appears in the package list in the Master Repository screen.
  4. From the main menu, under the Policy category, select Client Task Catalog.
  5. On the Client Task Catalog screen, select Product Deployment as the task type, and then click the New Task button.
  6. In the client task creation wizard, set the product as Rapid7 Manager and the action as Install. Complete the rest of the fields in the installation wizard based on your preferences.
  7. Now that the installation task is created, you can apply it to the systems in your network. For this, you will have to return to the main menu. Under the Systems category, select System Tree.
  8. On the System Tree screen, select a system group and open the Assigned Client Tasks tab. From the Actions menu at the bottom of this tab, select New Client Task Assignment.
  9. In the New Client Task Assignment wizard, select the Install Rapid7 Manager task created in the previous step. Based on your selections, the final screen of the wizard looks something like this:

When this Client Task is assigned to your systems, the Rapid7 Manager is installed the next time ePO syncs up with those systems. By default, this sync-up process occurs once every hour.

Installing the Insight Agent

The Rapid7 Manager is responsible for installing the Insight Agent on your systems. The following steps will help you configure the Agent installation.

  1. From the main menu, click Server Settings under the Configuration category.
  2. In the Server Settings screen, select Rapid7 Settings. The right pane will have four text fields for agent-related configuration data - client.crt, config.json, client.key and cafile.pem. Complete these fields using the contents of similarly named files in the Insight Agent installation package. The contents of these files can be viewed by opening them in Notepad.
  3. Return to the main menu and under the Policy category, click on Policy Catalog. The Policy Catalog page will look like this:
  1. On the Policy Catalog page, either duplicate the inbuilt Default (in the case of this screenshot, the Default policy is nexpose_Default) policy, or click New Policy.
  2. On the policy configuration page, select the recommended option - Don’t reinstall the Rapid7 Insight Agent if already present. Give this policy a suitable name like ‘install Rapid7 Insight Agent’.
  3. Click the Installation Package URLs tab. Replace the default URLs shown with the following URLs for both 32- and 64-bit installer types:

32-bit

1
https://s3.amazonaws.com/com.rapid7.razor.public/endpoint/agent/latest/windows/x86/PyForensicsAgent-x86.msi

64-bit

1
https://s3.amazonaws.com/com.rapid7.razor.public/endpoint/agent/latest/windows/x86_64/PyForensicsAgent-x64.msi

IMPORTANT

The default URLs included with this plugin point to a legacy version of the Insight Agent. If these URLs are left unchanged, all agents deployed using this plugin will automatically initiate a software update to the latest version after installation.

To avoid this update condition, make sure you replace these legacy URLs with the current URLs listed here.

  1. Visit the System Tree screen through the main menu. On the System Tree screen, select a system group and open the Assigned Policies tab. From the Actions menu at the bottom of this tab, select New Policy Assignment.
  2. In the Policy Assignment wizard, select install Rapid7 Insight Agent as the policy to assign.

When the Rapid7 Manager on your target system syncs up with the ePO server, it is notified about the new policy assigned to the system. It then downloads the configuration files from the ePO server and the Insight Agent hosted on the Rapid7 cloud platform. You can confirm the installation of the Insight Agent on your target systems by visiting the path Program Files > R7Agent.