Getting Started with VM Automation: Days 1 to 15
During your first 15 days of using VM Automation, you will learn the fundamentals of how InsightVM and InsightConnect work together alongside the Insight Orchestrator and Cloud plugins to power workflows. Follow these steps to get started:
- Before you begin
- Rapid7 Automation
- Utilize a Pre-Build Workflow with InsightConnect
- Set Up an Orchestrator and Plugins
- Triggering a Workflow with Chatops
Before you begin
The InsightVM Automation Toolkit that is featured on the Extension Library contains recommended processes that have been frequently asked for by our VM Automation customers—review the different categories and implement as many of them as you can. Most of these workflows are designed to provide greater operational efficacy to your vulnerability management program and can be extended through Slack or Microsoft Teams to expand the visibility of your program outside the security team!
Rapid7 Automation
Estimated Time to Complete: 30 seconds
- From the Home page, click the Quick Action button in the upper right hand corner. Quick actions don’t require an orchestrator or the workflow to be imported or managed.
- Select a use case and begin using these zero deployment use cases at any point when you’re signed into the Insight Platform!
- Learn about more InsightConnect plugins and workflows that you can begin to import and customize by accessing the Rapid7 Extensions Library with the icon next to the gear in the upper right corner of your insight platform (the black bar at the top).
Utilize a Pre-Built Workflow with InsightConnect
Estimated Time to Complete: 1 min
Prebuilt workflows allow you to quickly automate common tasks with InsightConnect.
- Log into InsightConnect.
- Navigate to the Home page and switch the toggle from Dashboard to the Discover view at the top.
- Underneath Recommended Workflows for Vulnerability Management will be a workflow template named “Lookup Vulnerability with Rapid7 Vulnerability Database“. Select the options to Import the template and review the workflow details.
- Press Activate in the upper right hand corner of the Control Panel view to finish deploying your first workflow.
Congratulations! You have successfully imported and deployed your first workflow template into InsightConnect
Check out more workflow recommendations with the InsightConnect Discover Experience when you’re ready to expand your automation usage across your security program! *
Set Up an Orchestrator and Plugins
Estimated Time to Complete: 1 hour
To get the most out of VM Automation capabilities, you will need to install an Insight Orchestrator, install plugins and set up plugin connections.
Install and Activate the Insight Orchestrator
The Insight Orchestrator is an on-premise component that gives the Insight platform the power to automate services, tools, and other Rapid7 products from inside your environment.
- Install and activate the Insight Orchestrator with these instructions. You’ll need to meet these system and network requirements to do so.
- Troubleshoot your orchestrator with these instructions.
Learn more about the Insight Orchestrators and how you can use it across Rapid7 products by visiting the “Insight Orchestrator Overview” section of the help documentation.
Import Plugins for Your Organization
InsightConnect supports over 300 plugins to effectively automate your security processes.
To import a plugin, follow the steps under Use Plugins.
If you don’t find the tool you need in our available plugins, don’t worry! In many cases, your security needs can be addressed with other plugins, or you can reach out to us through the Discuss Forum to request a new plugin.
Setup a Connection for InsightVM
To leverage the full capabilities of InsightConnect with InsightVM, you need to create a connection between the two.
In InsightVM:
- Login to your console
- Navigate to Administration
- In the upper left hand section of the page, add a user account
- It must be a local account (not an Active Directory or SAML account)
- It must not have multi-factor authentication enabled
- Give it the appropriate "role" do accomplish the tasks you want to complete. To leverage all the capabilities available, you'll need to assign it the
Global Administrator
role.
Restricted IVM Role
If you give this account less than Global Administrator
role, the connection test in InsightConnect will likely fail BUT the specific actions may succeed if they are allowed by the assigned role. If this occurs, give the account Global Administrator
rights, run the connection test in InsightConnct to ensure the credentials are correct, then switch back to a more restricted role.
In InsightConnect:
- Login to InsightConnect
- Install the InsightVM Plugin
- Follow the instructions in "Work with Connections" to setup and test the plugin
Set Up Connections for Each Additional Plugin
After importing plugins, you need to set up individual connections for each plugin to authenticate InsightConnect to third-party tools and accounts. You can have multiple connections per plugin to cover your needs.
Connections typically include credentials, like API keys or other sensitive information, and parameters, like IP addresses or port numbers.
- Find connection information and add new connections to InsightConnect
- Test that each connection works properly
You can also read about cloud plugins to deploy automation without an Insight Orchestrator required. More cloud options can be found in extensions under: Cloud Enabled.
Triggering a workflow with Chatops from Slack or MS Teams
Estimated Time to Complete: 5 minutes
You can trigger workflows to perform vulnerability management tasks, collect data from VM, and even run scans, all from the comfort of your Slack or Microsoft Teams console! This gives you an easy mechanism to access critical information from InsightVM without leaving the tool you’re already working in. It also allows you to selectively share access to specific vulnerability management data with other teams without them needing to log into InsightVM.
After setting up your Slack App or Microsoft Teams connections, import either the Lookup Vulnerable Hosts from Slack or Lookup Vulnerable Hosts from Microsoft Teams workflow from the Extension Library.