Skip to Content
InsightHIDDEN

Manage your Security Consoles

The Command Platform features a set of self-serve capabilities that allows InsightVM and Nexpose customers to manage and adjust license allocation and cloud connectivity for Security Consoles deployed in your environment.

Users with the Platform Admin role can access these controls from the Command Platform web interface by navigating to Subscription Management (available from your menu or your settings dropdown) and clicking on InsightVM or Nexpose under Active Subscriptions.

These Security Console controls allow you to:

  • Add and pair new Security Consoles to the Command Platform
  • Allocate assets to Security Consoles you have deployed
  • Edit Security Console names
  • Remove Security Consoles from your license

Change a console name

To change the name of a console:

  1. Click the ellipsis () within the Security Console card.
  2. Click Edit name.
  3. Name your console.
  4. Click Rename Console to save or Cancel if you do not wish to change the console name.

View console license keys

To view (and copy) the license key for a console:

  1. Click the ellipsis () within the Security Console card.
  2. Click View license key. The key for this console will display.

Allocate assets to consoles

To change the number of assets that are allocated to a console:

  1. Click Allocate Assets.
  2. Change the asset count within any of your consoles.
⚠️

Asset allocations cannot exceed your license

Asset allocations between all Security Consoles cannot exceed the total asset count allowed by your InsightVM license. Any portion of your license that has not been allocated yet is indicated by the Unallocated figure under the Manage Licenses tab.

  1. Click Save Allocations to allocate your assets. Each console license will be updated with the new asset allocations.

Allocation updates may take time to appear

It may take up to two hours for the Security Console to reflect the new allocation you apply. This is due to the interval at which the console checks in with the console license server for any updates.

Add a console

You can add additional Security Consoles to your InsightVM or Nexpose subscription from the Manage Licenses tab.

Unallocated assets must be available

You can only add a new console if you have assets that are still unallocated.

To add a console:

  1. Click the Add Console button. This will present a stepped workflow.
  2. Select whether your console should be cloud connected or cloud restricted.
  3. Click Next.
  4. Name your console.
  5. Assign an organization.

Cloud connected consoles

Cloud connected Security Consoles are meant to be paired to the Rapid7 Command Platform. An InsightVM license is required for this pairing to take place. The license instance must be linked to an organization within your customer Rapid7 account. You can use an existing organization if no InsightVM license already exists within that organization, or you can create a new organization and give it a name. The organization must also be associated with a Command Platform data storage region.

Contact Rapid7 before adding a new console

If you subscribe to any of the following Rapid7 subscriptions, contact your Customer Success Advisor before you make any changes to your cloud-connected Security Console deployment:

  • Managed Threat Complete
  • Managed Detection & Response
  • Managed Vulnerability Management
  • Rapid7 Hosted InsightVM
  • Cloud Risk Complete
  • InsightIDR

For more information on why this is necessary, read the corresponding section of this article.

  1. Click Next.
  2. Allocate assets to your new console.
  3. Click Create Console.

This will result in the creation of two separate licenses:

  • A console license
  • An InsightVM product license within the organization and data storage region previously chosen

A new InsightVM product license instance will appear within the allocated organization on the Command Platform Home page.

The new console will also appear under Manage Licenses in the InsightVM space of Subscription Management, but will indicate Pairing Pending. This means that the console still needs to be installed, activated, and paired with the Command Platform.

  1. Click the Install and pair console option within the new console to complete the process. You will be presented with details on how to download and install your console software on your chosen host.
  2. Click Copy. The key should be of the format:

XXXX-XXXX-XXXX-XXXX:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-{region}

This is a composite key which consists of two parts:

  • XXXX-XXXX-XXXX-XXXX relates to the license key for the console
  • xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx-{region} relates to the organization and data region linked to the InsightVM product license instance that the console will pair to.
  1. Log in to your console.
  2. Paste the key into the console. The console will then automatically pair with the InsightVM cloud license instance.

Within Subscription Management, the Pairing Pending flag should be removed from your new console.

Unused composite keys expire

If the composite key is not used within 30 days of creation, you will need to pair the new console to the Command Platform manually. Entering an expired key will still complete the console activation process, but the pairing procedure will need to be completed separately.

Cloud restricted consoles

When creating a new console that is not intended to be connected to the Command Platform, choose Cloud Restricted in the first step of the Add Console workflow.

  1. Click Next.
  2. Name your Console.
  3. Click Next.
  4. Allocate Assets to your Console.
  5. Click Create Console.

Your new cloud restricted Console will appear.

  1. Click View Set-up guide from within the new console card to complete the console download and installation process.
  2. Copy your console license key.
  3. Log in to your console and enter the key to activate the console.

Nexpose consoles

To add a new Nexpose console:

  1. Click Add Console.
  2. Name your Console.
  3. Allocate Assets to your Console.
  4. Click Create Console.

Your new Nexpose console will appear.

  1. Click View Set-up guide from within the new console card to complete the console download and installation process.
  2. Copy your console license key.
  3. Log in to your console and enter the key to activate the console.

When to consult Rapid7 before adding a new console

Before adding a new console, it is critically important that you consult with Rapid7 first if any of the subscription scenarios detailed in this section apply to you.

Managed Vulnerability Management and Rapid7 Hosted InsightVM

If you subscribe to either of these offerings, do not add additional consoles from the Console Management user interface. Adding a new console yourself for these subscriptions is unnecessary. If you feel that you need to add a new console for your deployment, contact your Rapid7 Customer Success Advisor first to discuss the implications of doing so.

InsightIDR and Managed Detection & Response

If you are an InsightIDR subscriber, be aware that adding another InsightVM cloud-connected console will create a new organization for the new InsightVM cloud instance. This organization will be separate from the primary organization that your existing InsightIDR and InsightVM subscriptions (along with your primary Security Console) are attached to. As a consequence, any assets attached to the new organization (and thus, the new console) that are assessed by Insight Agents will not be visible to the InsightIDR subscription attached to your primary organization.

For the same reason, Managed Detection & Response (MDR) subscribers must not add additional consoles without informing Rapid7 beforehand. Doing so will impact the ability of the MDR team to have full visibility on the subscriber’s environment.

Cloud Risk Complete

The InsightVM and InsightCloudSec products that are part of Cloud Risk Complete are designed to work together. For this reason, the typical Cloud Risk Complete deployment houses both product instances in a single organization. Since setting up an additional cloud-connected InsightVM console creates a new organization for the secondary InsightVM cloud instance, contact your Rapid7 Customer Success Advisor first to discuss how this action affects your Cloud Risk Complete subscription.

Considerations for adding new consoles

If you are considering adding a new console, keep the following in mind:

  1. Insight Agents are tied to one organization only and cannot be shared with another organization.
  2. InsightIDR must be attached to the same organization as InsightVM for any Insight Agents to collect data for both offerings.
  3. If you choose to add a secondary console, the assets attached to it must be logically separated from the in-scope environment your MDR subscription is intended to monitor.
  4. If you want to add additional organizations to your MDR scope of service, contact your Rapid7 Customer Success Advisor first about MDR Multi-Org or Multi-Instance.

Deleting a Console

If a console is no longer being used, you can delete it. This process will result in associated licenses being deactivated.

In the case of a cloud connected console, the console will also be unpaired from the Command Platform and the product instance will be removed from your Command Platform account.

Assets that were allocated to the console will be added back into the unallocated pool for your InsightVM subscription.

The process of removal of console software from your host will need to be performed separately.

To delete a console:

  1. Click the ellipsis () within the Security Console card.
  2. Click Delete console.
  3. Click Delete console again to complete the action. The deletion process may take some time to complete.