Getting Started with VM Automation: Days 1 to 15
During your first 15 days of using VM Automation, you will learn the fundamentals of how Vulnerability Management (InsightVM) and Automation (InsightConnect) work together alongside the Insight Orchestrator and Cloud plugins to power workflows. Follow these steps to get started:
- Before you begin
- Rapid7 Automation
- Utilize a Pre-Build Workflow with Automation (InsightConnect)
- Set Up an Orchestrator and Plugins
- Triggering a Workflow with Chatops
Before you begin
The Vulnerability Management (InsightVM) Automation Toolkit that is featured on the Extension Library contains recommended processes that have been frequently asked for by our VM Automation customers—review the different categories and implement as many of them as you can. Most of these workflows are designed to provide greater operational efficacy to your vulnerability management program and can be extended through Slack or Microsoft Teams to expand the visibility of your program outside the security team!
Rapid7 Automation
Estimated Time to Complete: 30 seconds
- From the Home page, click the Quick Action button in the upper right hand corner. Quick actions don’t require an orchestrator or the workflow to be imported or managed.
- Select a use case and begin using these zero deployment use cases at any point when you’re signed into the Insight Platform!
- Learn about more Automation (InsightConnect) plugins and workflows that you can begin to import and customize by accessing the Rapid7 Extensions Library with the icon next to the gear in the upper right corner of your insight platform (the black bar at the top).
Utilize a Pre-Built Workflow with Automation (InsightConnect)
Estimated Time to Complete: 1 min
Prebuilt workflows allow you to quickly automate common tasks with Automation (InsightConnect).
- Log into Automation (InsightConnect).
- Navigate to the Home page and switch the toggle from Dashboard to the Discover view at the top.
- Underneath Recommended Workflows for Vulnerability Management will be a workflow template named “Lookup Vulnerability with Rapid7 Vulnerability Database“. Select the options to Import the template and review the workflow details.
- Press Activate in the upper right hand corner of the Control Panel view to finish deploying your first workflow.
Congratulations! You have successfully imported and deployed your first workflow template into Automation (InsightConnect)
Check out more workflow recommendations with the Automation (InsightConnect) Discover Experience when you’re ready to expand your automation usage across your security program! *
Set Up an Orchestrator and Plugins
Estimated Time to Complete: 1 hour
To get the most out of VM Automation capabilities, you will need to install an Insight Orchestrator, install plugins and set up plugin connections.
Install and Activate the Insight Orchestrator
The Insight Orchestrator is an on-premise component that gives the Insight platform the power to automate services, tools, and other Rapid7 products from inside your environment.
- Install and activate the Insight Orchestrator with these instructions. You’ll need to meet these system and network requirements to do so.
- Troubleshoot your orchestrator with these instructions.
Learn more about the Insight Orchestrators and how you can use it across Rapid7 products by visiting the “Insight Orchestrator Overview” section of the help documentation.
Import Plugins for Your Organization
Automation (InsightConnect) supports over 300 plugins to effectively automate your security processes.
To import a plugin, follow the steps under Use Plugins.
If you don’t find the tool you need in our available plugins, don’t worry! In many cases, your security needs can be addressed with other plugins, or you can reach out to us through the Discuss Forum to request a new plugin.
Setup a Connection for Vulnerability Management (InsightVM)
To leverage the full capabilities of Automation (InsightConnect) with Vulnerability Management (InsightVM), you need to create a connection between the two.
In Vulnerability Management (InsightVM):
- Login to your console
- Navigate to Administration
- In the upper left hand section of the page, add a user account
- It must be a local account (not an Active Directory or SAML account)
- It must not have multi-factor authentication enabled
- Give it the appropriate “role” do accomplish the tasks you want to complete. To leverage all the capabilities available, you’ll need to assign it the
Global Administrator
role.
Restricted IVM Role
If you give this account less than Global Administrator
role, the connection test in Automation (InsightConnect) will likely fail BUT the specific actions may succeed if they are allowed by the assigned role. If this occurs, give the account Global Administrator
rights, run the connection test in InsightConnct to ensure the credentials are correct, then switch back to a more restricted role.
In Automation (InsightConnect):
- Login to Automation (InsightConnect)
- Install the Vulnerability Management (InsightVM) Plugin
- Follow the instructions in “Work with Connections” to setup and test the plugin
Set Up Connections for Each Additional Plugin
After importing plugins, you need to set up individual connections for each plugin to authenticate Automation (InsightConnect) to third-party tools and accounts. You can have multiple connections per plugin to cover your needs.
Connections typically include credentials, like API keys or other sensitive information, and parameters, like IP addresses or port numbers.
- Find connection information and add new connections to Automation (InsightConnect)
- Test that each connection works properly
You can also read about cloud plugins to deploy automation without an Insight Orchestrator required. More cloud options can be found in extensions under: Cloud Enabled .
Triggering a workflow with Chatops from Slack or MS Teams
Estimated Time to Complete: 5 minutes
You can trigger workflows to perform vulnerability management tasks, collect data from VM, and even run scans, all from the comfort of your Slack or Microsoft Teams console! This gives you an easy mechanism to access critical information from Vulnerability Management (InsightVM) without leaving the tool you’re already working in. It also allows you to selectively share access to specific vulnerability management data with other teams without them needing to log into InsightVM.
After setting up your Slack App or Microsoft Teams connections, import either the Lookup Vulnerable Hosts from Slack or Lookup Vulnerable Hosts from Microsoft Teams workflow from the Extension Library.
Congratulations! You've imported your first plugin, setup your first connection, imported a pre-built workflow, and run a workflow in your environment. Next, subscribe to a VM webhook event and set up a workflow to receive alerts in chat for newly discovered, high-risk vulnerabilities!