Configure communications with the Command Platform
Copy link

ℹ️

Improve your experience with Security Console 8.17.0

To ensure compatibility with our new navigation  and future experiences, we strongly recommend updating your Security Console  to version 8.17.0 or later and allowlisting the following URLs  which enable communication with the Command Platform:

  • https://platform.insight.rapid7.com
  • https://eu.api.insight.rapid7.com
  • https://rapid7ipimseu.okta-emea.com

Once configured, your Security Console will be prepared for future improvements, beyond version 8.17.0. You’ll be able to take advantage of these improvements if you log in through the Command Platform.

Already updated and allowlisted? You’re all set—no further action needed.

Prerequisites
Copy link

Prior to configuring communications with the Command Platform, you will need to opt-in to the cloud. See Activating your console on the Command Platform for instructions.

Data upload
Copy link

You may need to configure your firewall rules to allow outbound connectivity to the following hostnames according to your selected region in order to successfully upload data to the Command Platform:

⚠️

Is your Rapid7 product subscription provisioned for the United States? Check your region code first!

As of April 12th, 2021, all new customers subscribing to Rapid7 Insight products that elect to store their data in the United States will be provisioned for one of three data centers. Since these data centers have unique endpoints, any firewall rules you configure must correspond to the data center your organization is assigned to. Follow these steps to determine which United States data center your organization is part of:

  1. Go to insight.rapid7.com  and sign in with your Insight account email address and password.
  2. Navigate to the Platform Home page.
    • If you are not taken to this page by default, expand the product dropdown in the upper left and click My Account.
  3. Look for the Data Storage Region tag in the upper right corner of the page below your account name. Your United States region tag will show one of the following data centers:
    • United States - 1
    • United States - 2
    • United States - 3

All hostnames listed below are reached via TCP port 443.

RegionWebDataS3 (Agent Downloads only)
United States - 1exposure-analytics.insight.rapid7.comus.deployment.endpoint.ingress.rapid7.com

us.api.endpoint.ingress.rapid7.com
s3.amazonaws.com
United States - 2us2.exposure-analytics.insight.rapid7.comus2.deployment.endpoint.ingress.rapid7.com

us2.api.endpoint.ingress.rapid7.com
s3.us-east-2.amazonaws.com
United States - 3us3.exposure-analytics.insight.rapid7.comus3.deployment.endpoint.ingress.rapid7.com

us3.api.endpoint.ingress.rapid7.com
s3.us-west-2.amazonaws.com
Canadaca.exposure-analytics.insight.rapid7.comca.deployment.endpoint.ingress.rapid7.com

ca.api.endpoint.ingress.rapid7.com
s3.ca-central-1.amazonaws.com
Europeeu.exposure-analytics.insight.rapid7.comeu.deployment.endpoint.ingress.rapid7.com

eu.api.endpoint.ingress.rapid7.com
s3.eu-central-1.amazonaws.com
Japanap.exposure-analytics.insight.rapid7.comap.deployment.endpoint.ingress.rapid7.com

ap.api.endpoint.ingress.rapid7.com
s3-ap-northeast-1.amazonaws.com

s3.ap-northeast-1.amazonaws.com
Australiaau.exposure-analytics.insight.rapid7.comau.deployment.endpoint.ingress.rapid7.com

au.api.endpoint.ingress.rapid7.com
s3-ap-southeast-2.amazonaws.com

s3.ap-southeast-2.amazonaws.com
ℹ️

Test this!

You can test your connection to the Command Platform with the Security Console’s Cloud Diagnostics tool. To do so, click the Administration tab, in Console > Troubleshooting section, click Troubleshoot issues.
Uncheck all boxes except for Cloud Diagnostics and click Perform Diagnostics.
After a few seconds, you’ll see if you can communicate with the Command Platform!

Ticketing and Container Registry connections
Copy link

Rapid7 provides the following list of static IP addresses that you may use to allow traffic originating from the Command Platform to your on-premises JIRA or container registries:

⚠️

Agent proxying not addressed

This does not address agent proxying use cases or scenarios relating to communication originating from customer environments to the Command Platform.

All IP addresses listed below are reached via TCP port 443.

| United States - 1 | United States - 2 | United States - 3 | Canada | Europe | Japan | Australia | | --- | --- | --- | --- | --- | --- | --- | --- | | 52.87.0.92 | 3.132.61.192 | 44.235.43.237 | 35.182.161.111 | 52.28.227.72 | 13.113.44.15 | 13.55.206.11 | | 34.203.6.73 | 3.137.118.102 | 52.10.164.197 | 52.60.69.60 | 52.58.219.32 | 52.69.171.127 | 13.54.208.29 | | 34.202.19.138 | 3.14.210.196 | 52.88.123.237 | | | | 52.63.226.244 | | 52.2.37.56 | | | | | | |

Data Transmitted to the Command Platform
Copy link

The following types of information are transmitted to the Command Platform:

  • Asset information
  • Asset groups
  • Asset owners
  • Vulnerabilities
  • Vulnerability exceptions
  • Tags
  • Scan Engine information
  • Vulnerability Management (InsightVM) Console information
  • User information

Vulnerability Management (InsightVM) does not transmit service or user credentials of any kind to the Command Platform.

ℹ️

Looking for Security Console port information?

See Requirements for console-specific port needs.