Logs from this event source do not appear in the Log Search view.
Integrating with InsightVM or Nexpose lists the vulnerabilities on your network, ordered by the number of users impacted by the vulnerability.
Every asset that has been scanned by InsightVM displays its vulnerabilities in InsightIDR. Scanned assets also display their OS type and InsightVM risk score below the "Asset Details" page.
Before You Begin
To add InsightVM as an event source to your Collector, you must have the administrator account information, including the username and password, for the InsightVM server.
To add a Global Administrator in InsightVM:
- Navigate to the InsightVM homepage.
- On the left, select Administration.
- In the top left section labeled "Users," select Create.
- In the "User Configuration" wizard, enter the username and credentials for your Global Administrator in the "General" tab.
- In "Roles", select Global Administrator from the dropdown menu.
- Complete the wizard by configuring the options you want.
- Select Save at the top right to finish.
How to Configure the InsightVM Event Source
To configure the InsightVM event source:
- In InsightVM, confirm that you have a Global Administrator.
- In InsightIDR, select the Data Collection tab. Select Setup Event Source and then Add Event Source.
- Select the Nexpose icon from the Rapid7 section.
Be aware that both Nexpose and InsightVM subscribers can use this "Nexpose" event source. In this context, "Nexpose" simply refers to the on-premises Security Console that both InsightVM and Nexpose contain.
- Add the information about the InsightVM Console, including the Server IP and Port. (Use port 3780).
- Add the credentials of the Global Administrator.
- Enter the number of hours you want to poll the event source in the "Polling Rate" field.
- Click Save to start integrating these two products.
This section covers a common troubleshooting scenario that occurs when integrating InsightVM or Nexpose with InsightIDR.
You may see either of the following errors when the certificate in your InsightVM Security Console has expired:
- PKIX path validation failed error message:
1sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
- java.security.cert.CertificateExpiredException: NotAfter:
<time & date>
To solve these issues, update the certificate in your Security Console. For instructions on how to do this, see the Managing the Security Console article in the InsightVM documentation.