Integrate InsightVM

NOTE

Logs from this event source do not appear in the Log Search view.

Integrating with InsightVM or Nexpose lists the vulnerabilities on your network, ordered by the number of users impacted by the vulnerability.

Every asset that has been scanned by InsightVM displays its vulnerabilities in InsightIDR. Scanned assets also display their OS type and InsightVM risk score below the "Asset Details" page.

Before You Begin

To add InsightVM as an event source to your Collector, you must have the administrator account information, including the username and password, for the InsightVM server.

To add a Global Administrator in InsightVM:

  1. Navigate to the InsightVM homepage.
  2. On the left, select Administration.
  3. In the top left section labeled "Users," select Create.
  4. In the "User Configuration" wizard, enter the username and credentials for your Global Administrator in the "General" tab.
  5. In "Roles", select Global Administrator from the dropdown menu.
  6. Complete the wizard by configuring the options you want.
  7. Select Save at the top right to finish.

How to Configure the InsightVM Event Source

To configure the InsightVM event source:

  1. In InsightVM, confirm that you have a Global Administrator.
  2. In InsightIDR, select the Data Collection tab. Select Setup Event Source and then Add Event Source.
  3. Select the Nexpose icon from the Rapid7 section.

TIP

Be aware that both Nexpose and InsightVM subscribers can use this "Nexpose" event source. In this context, "Nexpose" simply refers to the on-premises Security Console that both InsightVM and Nexpose contain.

  1. Add the information about the InsightVM Console, including the Server IP and Port. (Use port 3780).
  2. Add the credentials of the Global Administrator.
  3. Enter the number of hours you want to poll the event source in the "Polling Rate" field.
  4. Click Save to start integrating these two products.

Troubleshooting

This section covers a common troubleshooting scenario that occurs when integrating InsightVM or Nexpose with InsightIDR.

PKIX path validation failed error message

This error message means that the SSL certificate in Nexpose has expired and is unable to send logs to InsightIDR. Here is the full error message: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.

To solve this issue, have the user update their certificate. For instructions on how to do this, see the Managing the Security Console Nexpose documentation.