Integrate InsightVM

NOTE

Logs from this event source do not appear in the Log Search view.

Integrating with InsightVM or Nexpose lists the vulnerabilities on your network, ordered by the number of users impacted by the vulnerability. Every asset that has been scanned by InsightVM displays its vulnerabilities and Threat Count on its Asset Details page.

Before You Begin

To add InsightVM as an event source to your Collector, you must have the administrator account information, including the username and password, for the InsightVM server.

To add a Global Administrator in InsightVM:

  1. Navigate to the InsightVM homepage.
  2. On the left, select Administration.
  3. In the top left section labeled "Users," select Create.
  4. In the "User Configuration" wizard, enter the username and credentials for your Global Administrator in the "General" tab.
  5. In "Roles", select Global Administrator from the dropdown menu.
  6. Complete the wizard by configuring the options you want.
  7. Select Save at the top right to finish.

How to Configure the InsightVM Event Source

To configure the InsightVM event source:

  1. In InsightVM, confirm that you have a Global Administrator.
  2. In InsightIDR, select the Data Collection tab. Select Setup Event Source and then Add Event Source.
  3. Select the InsightVM icon from the Rapid7 section.

TIP

Be aware that both Nexpose and InsightVM subscribers can use this "Nexpose" event source. In this context, "Nexpose" simply refers to the on-premises Security Console that both InsightVM and Nexpose contain.

  1. Add the information about the InsightVM Console, including the Server IP and Port. (Use port 3780).
  2. Add the credentials of the Global Administrator.
  3. Enter the number of hours you want to poll the event source in the Poll Rate field.
  4. Click Save to start integrating these two products.

Troubleshooting

This section covers a common troubleshooting scenario that occurs when integrating InsightVM or Nexpose with InsightIDR.

Expired Certificate

You may see either of the following errors when the certificate in your InsightVM Security Console has expired:

  • PKIX path validation failed error message:
 
1
sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
  • java.security.cert.CertificateExpiredException: NotAfter: <time & date>

To solve these issues, update the certificate in your Security Console. For instructions on how to do this, see the Managing the Security Console article in the InsightVM documentation.