Set up new On-Premises Scan Engine release v7.5

Complete the following steps to uninstall the old on-premises scan engine and set up the new scan engine.

Uninstall 7.4 On-Premises Scan Engine

To remove an on-premises Scan Engine, you must perform the following steps:

Run the InsightAppSec Uninstaller

  1. Navigate to the Rapid7 > InsightAppSec folder, which is usually located at Program Files\Rapid7\InsightAppSec.
  2. Right-click the uninstall_InsightAppSec.exe tool and select Run as Administrator.
  3. Follow the steps of the uninstaller to remove the Scan Engine and all associated tools.

Set Up the new 7.5 On-Premises Scan Engine

To set up an on-premises engine, check your system requirements and follow the steps below.

System requirements

Before you can set up a scan engine, you must verify the following:

  • You are a platform or product administrator.
  • The machine you're installing the engine on meets the hardware, operating system, and browser requirements.
  • If the system is behind a firewall that restricts access to the internet, you'll need to add the domain to the firewall's allowlist.

IP addresses may change without notice

We cannot pre-approve a fixed IP. If you can only use an IP address due to internal constraints, please be aware that these can change without notice.

Hardware requirements

  • 8GB of RAM
  • 100GB of free disk space (after OS installation)
  • 4 CPU cores (recommended)
  • 1 network interface

Supported operating systems

The scan engine can be installed on 64-bit Windows NT versions 6.2-10.0, which includes:

  • Windows 10
  • Windows 11
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022

Windows version

You will not be able to install the on-premises engine on versions of Windows older than 6.2. The installation may work on newer versions of Windows, but you will receive a warning that it will not be officially supported by Rapid7.

Software requirements

  • .NET 4.8
  • Internet Explorer 11 or higher
  • To use selenium macro files, you must install Chrome on the same server as the on-premises engine.

Step 1: Download the Installer

  1. Log in to http://insight.rapid7.com/ and go to InsightAppSec.
  2. From InsightAppSec, go to Settings > Manage Engines.
  3. Click Set Up New Engine.
  4. From the Set Up New Engine panel, download the installer.

Download installer

Step 2: Run the installer

The installer provides step-by-step instructions, so you just need to run the installer and follow the prompts.

During installation, the installer verifies that the system meets the minimum requirements and validates that the engine can connect with the Insight platform. If it cannot reach the Insight Platform, you can configure a proxy for the installer to use.

After the installer performs the system checks, it'll prompt you for an API key (from Step 3), which will be used to validate your organization and verify the presence of a pairable scan engine. You'll need to provide the API key you copied earlier.

When the installation completes, you'll need to go back to the Manage Scan Engines page in InsightAppSec.

Start scanning

To start scanning, you will need to name (step 4) and save the scan engine. The API key will allow you to complete the installation process, but not start scanning.

Step 3: Copy the API Key

The API Key is used to validate that your organization has access to InsightAppSec and an available scan engine is ready to be paired. Copy the API key shown in Step 3 from the Setup New Engine panel. You'll need to have the API key available when you run the installer.

Copy API key

Regenerate an API Key

There is no need to get a new engine API key unless the security of the old engine API key has been compromised. If you run the installer again, you should create a new engine for the same API key. See Regenerate Engine API Key.

Step 4: Auto upgrade

To upgrade your engine automatically, toggle the Auto upgrade option to green.

Auto upgrade

Engine Auto Upgrade

The auto-upgrade feature enables engines to upgrade automatically when a new version is released. We recommend that you leave the Auto Upgrade option turned ON when you set up a new engine. If you need to disable automatic upgrades, you can set the Auto Upgrade option to OFF. In this case, you can upgrade out-of-date engines from the Settings > Manage On-Premises Engines screen. Learn more about engine upgrades from the Upgrade an On-Premises Scan Engine page.

Auto-upgrade is not currently available when moving from 7.4 to 7.5.

Step 5: Refresh Manage Scan Engines Page

After installation, the status of the new on-premises engine changes from Offline to Online, which indicates that it has successfully paired and is ready for tasks. You'll need to refresh the page to see the status change.

Step 6: Reboot the host machine

Once installation is complete, you will need to reboot the host machine you installed your on-premises engine on. Please follow the standard instructions for your machine whether it is a virtual or physical machine.

Reboot

You only need to do this for the first install. You do not need to reboot for any subsequent installations.

Step 7: Use the new Scan Engine

The scan engine is now set up. You're ready to start using the latest scan engine. To get started, you can select the scan engine group for new scan configs or you can update existing scan configs to use the new scan engine group.

To update your existing scan configs, go to Apps > Scan Config > Engine Groups. You can choose the engine group for this new engine from the list of on-premises scan engine groups. Once you have selected an on-premises scan engine group for a scan config, the agent will regularly contact InsightAppSec to see if there are tasks, such as scans or engine updates, that need to be performed.