Collector Requirements
The Machine with Collector Software installed acts as a server.
Before you install a Collector please consider that the machine with Collector Software is a server. It’s intended use is collecting data for the Insight Platform and it should not be used for any other purpose.
In order to set up a collector the following requirements should be met. If you do not meet these requirements before attempting to set up a collector it may not operate properly. Read the following sections and understand their importance to determine if deploying a collector is right for your organization.
General Requirements and Recommendations
Consider the following before choosing a Collector host:
- DO NOT install a Collector on a host that already runs a Security Console or Scan Engine.
- Security Consoles and Scan Engines will not function properly if a Collector is present on the same host.
- Only install one Collector per machine, whether physical or virtual.
- Additionally, Rapid7 recommends that the host be entirely dedicated to the Collector’s use to maximize resource availability.
- Your Collector host must be configured with a Fully Qualified Domain Name (FQDN).
Hardware Requirements and Recommendations
You can install a Collector on a network server or virtual machine that meets the following minimum hardware requirements:
- 2 CPU cores with 2GHz+ on each core
- 8 GB RAM
- 60 GB available disk space
For optimal performance, Rapid7 recommends the following hardware specifications:
Collector Size | Number of Agents | Recommended CPU Cores | Recommended RAM | Recommended Disk Space* |
|---|---|---|---|---|
Small | Up to 500 | 4 | 8 GB | 60 GB |
Medium | Up to 2,400 | 4 | 8 GB | 80 GB |
Large | Up to 600 per CPU core** | 4+ | 16 GB | 100 GB |
* Disk Space
In cases where a connection to the Insight Platform is interrupted or lost, the Collector will hold data in the form of logs written to the disk until a connection can be reestablished.
The more disk space a Collector has, the longer it can operate without a connection to the Insight Platform.
** CPU Cores
The Collector can only be responsible for 600 agents per CPU core. Mutlicore CPUs are recommended for taking on additional agents per Collector.
If your Collector CPU usage stays consistently above 40% under normal load, consider deploying an additional Collector.
Supported Operating Systems
Refer to these tables to view the OS versions that the Collector currently supports and the End-Of-Life (EOL) schedule for each.
Microsoft Windows Server
| Name | EOL for Collector support |
|---|---|
| Windows Server 2022 | Oct 14, 2031 |
| Windows Server 2019 | Jan 9, 2029 |
| Windows Server 2016 | Jan 11, 2027 |
Linux
| Distribution | Architecture | EOL for Collector support |
|---|---|---|
| Debian 11 | x86-64 | Jun 1, 2026 |
| Debian 10 | x86-64 | Jun 1, 2024 |
| Red Hat Enterprise Linux / Oracle Enterprise Linux / Rocky Linux 9.1 | x86-64 | May 31, 2034 |
| Red Hat Enterprise Linux / Oracle Enterprise Linux / Rocky Linux 9.0 | x86-64 | May 31, 2034 |
| Fedora 37 | x86-64 | Dec 12, 2023 |
| Fedora 36 | x86-64 | May 16, 2023 |
| Red Hat Enterprise Linux / Oracle Enterprise Linux / Rocky Linux / Alma Linux 9.1 | x86-64 | May 31, 2034 |
| Red Hat Enterprise Linux / Oracle Enterprise Linux / Rocky Linux / Alma Linux 9.0 | x86-64 | May 31, 2034 |
| Red Hat Enterprise Linux / Oracle Enterprise Linux / Rocky Linux 8.7 | x86-64 | May 31, 2031 |
| Red Hat Enterprise Linux / Oracle Enterprise Linux / Rocky Linux 8.6 | x86-64 | May 31, 2031 |
| Red Hat Enterprise Linux / Oracle Enterprise Linux / Rocky Linux 8.5 | x86-64 | May 31, 2031 |
| Red Hat Enterprise Linux / Oracle Enterprise Linux / Rocky Linux 8.4 | x86-64 | May 31, 2031 |
| Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 8.3 | x86-64 | May 31, 2031 |
| Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 8.2 | x86-64 | May 31, 2031 |
| Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 8.1 | x86-64 | May 31, 2031 |
| Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 8.0 | x86-64 | May 31, 2031 |
| Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 7.0-7.9 | x86-64 | Jun 30, 2025 |
| Red Hat Enterprise Linux / Oracle Enterprise Linux / CentOS 6.0-6.10 | x86-64 | Jun 30, 2024 |
| SUSE Linux Enterprise Server 15 | x86-64 | Jul 31, 2028 |
| SUSE Linux Enterprise Server 12 | x86-64 | Oct 31, 2024 |
| Ubuntu 22.04 (Standard Support) | x86-64 | Apr 2027 |
| Ubuntu 22.04 (Pro Support) | x86-64 | Apr 2032 |
| Ubuntu 20.04 | x86-64 | Apr 2, 2030 |
| Ubuntu 18.04 (Pro Support) | x86-64 | Apr 2, 2028 |
| Ubuntu 16.04 | x86-64 | Apr 2, 2026 |
| Ubuntu 14.04 | x86-64 | Apr 2, 2024 |
Supported Browsers
You need to access your InsightVM web interface in order to retrieve the installer and complete the activation process. To do so, use either of the following supported web browsers:
- Mozilla Firefox (latest stable version)
- Google Chrome (latest stable version)
Networking Requirements
Implementing Collectors for the InsightVM use case requires the following connectivity.
Collector communication with Insight Agents
Since InsightVM implements Collectors as intermediaries between your deployed Insight Agents and the Insight Platform, your Collectors must allow different kinds of traffic from your agents on the following ports:
| Data Type | Direction | Port |
|---|---|---|
| Agent communication to Collector | Inbound | 5508 |
| Agent update requests to Collector | Inbound | 6608 |
| Agent file upload to Collector | Inbound | 8037 (TCP and UDP) |
Collector communication with the Insight Platform
Is your Rapid7 product subscription provisioned for the United States? Check your region code first!
As of April 12th, 2021, all new customers subscribing to Rapid7 Insight products that elect to store their data in the United States will be provisioned for one of three data centers. Since these data centers have unique endpoints, any firewall rules you configure must correspond to the data center your organization is assigned to. Follow these steps to determine which United States data center your organization is part of:
- Go to insight.rapid7.com and sign in with your Insight account email address and password.
- Navigate to the Platform Home page.
- If you are not taken to this page by default, expand the product dropdown in the upper left and click My Account.
- Look for the Data Storage Region tag in the upper right corner of the page below your account name. Your United States region tag will show one of the following data centers:
- United States - 1
- United States - 2
- United States - 3
All Collectors must be able to establish outbound connectivity on port 443 to *.endpoint.ingress.rapid7.com and communicate with the domains shown in the Data and Storage (S3) columns of the following table according to your geographic region. For example, for InsightVM subscribers that elect to store their data in Australia, Collectors must be able to communicate with the following endpoints using port 443:
*.endpoint.ingress.rapid7.comau.data.insight.rapid7.coms3-ap-southeast-2.amazonaws.com
| Region | Data endpoint | Storage (S3 endpoint) |
|---|---|---|
| United States - 1 | data.insight.rapid7.com | s3.amazonaws.com |
| United States - 2 | us2.data.insight.rapid7.com | s3.us-east-2.amazonaws.com |
| United States - 3 | us3.data.insight.rapid7.com | s3.us-west-2.amazonaws.com |
| Canada | ca.data.insight.rapid7.com | s3.ca-central-1.amazonaws.com |
| Europe | eu.data.insight.rapid7.com | s3.eu-central-1.amazonaws.com |
| Japan | ap.data.insight.rapid7.com | s3-ap-northeast-1.amazonaws.com |
| Australia | au.data.insight.rapid7.com | s3-ap-southeast-2.amazonaws.com |
If you intend to deploy token-based Insight Agents through your Collectors, you also need to allow outbound connectivity from each Collector on port 443 to the endpoint that provides the agent's configuration files. Just like the Data and Storage endpoints in the previous table, you can configure your firewall rules to allow your Collectors to connect to a region-specific version of the Deployment endpoint to meet this requirement:
| Region | Deployment endpoint |
|---|---|
| United States - 1 | us.deployment.endpoint.ingress.rapid7.com/api/v1/get_agent_files |
| United States - 2 | us2.deployment.endpoint.ingress.rapid7.com/api/v1/get_agent_files |
| United States - 3 | us3.deployment.endpoint.ingress.rapid7.com/api/v1/get_agent_files |
| Canada | ca.deployment.endpoint.ingress.rapid7.com/api/v1/get_agent_files |
| Europe | eu.deployment.endpoint.ingress.rapid7.com/api/v1/get_agent_files |
| Japan | ap.deployment.endpoint.ingress.rapid7.com/api/v1/get_agent_files |
| Australia | au.deployment.endpoint.ingress.rapid7.com/api/v1/get_agent_files |
Collector communication for InsightVM-specific data
Finally, your Collectors must be able to reach out on port 443 and communicate with one of the following InsightVM-specific endpoints according to your geographic region. This endpoint is responsible for displaying your vulnerability assessment data and powers several InsightVM features:
| Region | Endpoint |
|---|---|
| United States - 1 | exposure-analytics.insight.rapid7.com |
| United States - 2 | us2.exposure-analytics.insight.rapid7.com |
| United States - 3 | us3.exposure-analytics.insight.rapid7.com |
| Canada | ca.exposure-analytics.insight.rapid7.com |
| Europe | eu.exposure-analytics.insight.rapid7.com |
| Japan | ap.exposure-analytics.insight.rapid7.com |
| Australia | au.exposure-analytics.insight.rapid7.com |
Firewall rule alternatives
If you need an alternative to the URL firewall rule configuration method shown here, see the Insight Agent connectivity requirements page for a table of IP addresses by region that you can use instead.