InsightVM Automation Quick Start Guide
This guide aims to help InsightVM administrators start using InsightConnect to improve their vulnerability risk management procedures. It walks through configuring and using various automation workflows that help improve IT/Security operations and accelerate remediation efforts. After completing this guide, you will have set up key integrations, configured out-of-the-box workflows, and set yourself up for lasting success with InsightConnect!
Over the last twenty years, Rapid7 has worked with vulnerability management teams from thousands of organizations across every vertical and found that, for many, the biggest challenge is not technology or process but communication. This challenge is rooted in the fact that vulnerability management and patching responsibilities typically lie with two different teams. In most cases, the security organization is responsible for assessing systems for vulnerabilities, while IT administrators are responsible for patching. As such, continuous knowledge transfer between Security and IT is crucial.
- The Security team needs to help IT administrators understand the severity of vulnerabilities and the associated priority efforts for patching.
- The IT team needs to help Security administrators understand the status of remediation efforts. They also need to communicate when and why they can't patch a vulnerability.
Security Orchestration, Automation, and Response (SOAR) with InsightConnect helps coordinate and execute remediation efforts by better aligning the teams and individuals responsible for vulnerability identification and remediation.
With the rise of chat tools as a shared communication platform, we have found moving vulnerability and risk information into chat can help raise awareness and improve communication between security administrators and the remediation teams responsible for patching. Sharing key data points, vulnerability data, and remediation details with those who need it and making that information available in a shared chat tool, like Slack or Microsoft Teams, keeps remediation efforts top-of-mind and actionable.
You must have licenses for both InsightVM and InsightConnect!
To complete this guide, you will need to have access to both InsightVM and InsightConnect. You can sign up for a trial of either (or both!) products from: https://rapid7.com/try/insight.
Security Best Practices
Before we get started, please keep the following security best practices in mind:
- These workflows will place vulnerability details and vulnerable asset information in Chat. We recommend making these functions available only in private channels and accessible only to authorized users.
👉 Find or create a private channel with the appropriate team members from your Security and IT Remediation teams.
- These workflows are non-destructive. Even so, we recommend testing them so you can try them out and make sure they have been configured correctly before announcing them as available for general use.
👉 Set up a test channel where you can try out your workflows before setting them up for use in your shared Security and Remediations channel.
Finally, you may choose to configure the below items as you work through the use cases, but it can be easier to configure each ahead of time, particularly when you may be dependent on other teams to configure access.
- Deploy and activate the Insight Orchestrator
- Configure your InsightVM Console connection
- Configure your Chat connection: Microsoft Teams or Slack
Let's Get Started!
Without further ado, let’s get started! We will cover the following use cases:
- Collect vulnerability intelligence in Chat to stay abreast of the latest vulnerability disclosures and understand risk in your environment.
- Send notifications in Chat for newly discovered, high-risk vulnerabilities and new vulnerability exception requests in your environment.
- Share access to vulnerability and asset risk information through Chat so that your IT and remediation teams can find asset, vulnerability, and remediation details as needed.