Configure communications with the Insight Platform
Still need to opt-in to the cloud?
See Activating your console on the Insight Platform for instructions.
Data upload
You may need to configure your firewall rules to allow outbound connectivity to the following hostnames according to your selected region in order to successfully upload data to the Insight Platform:
Is your Rapid7 product subscription provisioned for the United States? Check your region code first!
As of April 12th, 2021, all new customers subscribing to Rapid7 Insight products that elect to store their data in the United States will be provisioned for one of three data centers. Since these data centers have unique endpoints, any firewall rules you configure must correspond to the data center your organization is assigned to. Follow these steps to determine which United States data center your organization is part of:
- Go to insight.rapid7.com and sign in with your Insight account email address and password.
- Navigate to the Platform Home page.
- If you are not taken to this page by default, expand the product dropdown in the upper left and click My Account.
- Look for the Data Storage Region tag in the upper right corner of the page below your account name. Your United States region tag will show one of the following data centers:
- United States - 1
- United States - 2
- United States - 3
All hostnames listed below are reached via TCP port 443.
| Region | Web | Data | S3 |
|---|---|---|---|
| United States - 1 | exposure-analytics.insight.rapid7.com | data.insight.rapid7.com us.deployment.endpoint.ingress.rapid7.com | s3.amazonaws.com |
| United States - 2 | us2.exposure-analytics.insight.rapid7.com | us2.data.insight.rapid7.com us2.deployment.endpoint.ingress.rapid7.com | s3.us-east-2.amazonaws.com |
| United States - 3 | us3.exposure-analytics.insight.rapid7.com | us3.data.insight.rapid7.com us3.deployment.endpoint.ingress.rapid7.com | s3.us-west-2.amazonaws.com |
| Canada | ca.exposure-analytics.insight.rapid7.com | ca.data.insight.rapid7.com ca.deployment.endpoint.ingress.rapid7.com | s3.ca-central-1.amazonaws.com |
| Europe | eu.exposure-analytics.insight.rapid7.com | eu.data.insight.rapid7.com eu.deployment.endpoint.ingress.rapid7.com | s3.eu-central-1.amazonaws.com |
| Japan | ap.exposure-analytics.insight.rapid7.com | ap.data.insight.rapid7.com ap.deployment.endpoint.ingress.rapid7.com | s3-ap-northeast-1.amazonaws.com s3.ap-northeast-1.amazonaws.com |
| Australia | au.exposure-analytics.insight.rapid7.com | au.data.insight.rapid7.com au.deployment.endpoint.ingress.rapid7.com | s3-ap-southeast-2.amazonaws.com s3.ap-southeast-2.amazonaws.com |
Test This!
You can test your connection to the Insight Platform with the Security Console's Cloud Diagnostics tool. To do so, click the Administration tab, in Console > Troubleshooting section, click Troubleshoot issues.
Uncheck all boxes except for Cloud Diagnostics and click Perform Diagnostics.
After a few seconds, you'll see if you can communicate with the Insight Platform!
Ticketing and Container Registry connections
Rapid7 provides the following list of static IP addresses that you may use to allow traffic originating from the Insight Platform to your on-premises JIRA or container registries:
NOTE
This does not address agent proxying use cases or scenarios relating to communication originating from customer environments to the Insight Platform.
All IP addresses listed below are reached via TCP port 443.
| United States - 1 | United States - 2 | United States - 3 | Canada | Europe | Japan | Australia |
|---|---|---|---|---|---|---|
| 52.87.0.92 | 3.132.61.192 | 44.235.43.237 | 35.182.161.111 | 52.28.227.72 | 13.113.44.15 | 13.55.206.11 |
| 34.203.6.73 | 3.137.118.102 | 52.10.164.197 | 52.60.69.60 | 52.58.219.32 | 52.69.171.127 | 13.54.208.29 |
| 34.202.19.138 | 3.14.210.196 | 52.88.123.237 | 52.63.226.244 | |||
| 52.2.37.56 |
Data Transmitted to the Insight Platform
The following types of information are transmitted to the Insight Platform:
- Asset information
- Asset groups
- Asset owners
- Vulnerabilities
- Vulnerability exceptions
- Tags
- Scan Engine information
- InsightVM Console information
- User information
InsightVM does not transmit service or user credentials of any kind to the Insight Platform.
Looking for Security Console port information?
See Requirements for console-specific port needs.
Firewall configuration for enabling Extensible Ingress
Enabling Extensible Ingress provides several benefits such as increased data reliability between the Security Console and InsightVM and decreased file upload sizes to improve the performance of the system. For information regarding firewall configuration for Extensible Ingress, refer to our Collector Requirements doc. Refer to our Connectivity requirements doc for information about Deep Packet Inspection, allowlist, and additional regional IPs.
Extensible Ingress FAQ
The following only apply to the embedded Console collector and does not correspond to Agent Collectors.
How do I configure my organization's firewall to migrate to Extensible Ingress?
You must configure your firewall rules to allow outbound connectivity to the following region specific URLs using Port 443.
| Region | Region URL |
|---|---|
| United States - 1 | https://us.api.endpoint.ingress.rapid7.com:443 |
| United States - 2 | https://us2.api.endpoint.ingress.rapid7.com:443 |
| United States West | https://us3.api.endpoint.ingress.rapid7.com:443 |
| Europe | https://eu.api.endpoint.ingress.rapid7.com:443 |
| Canada | https://ca.api.endpoint.ingress.rapid7.com:443 |
| Asia Pacific Northeast 1 | https://ap.api.endpoint.ingress.rapid7.com:443 |
| Asia Pacific Southeast 2 | https://au.api.endpoint.ingress.rapid7.com:443 |
How do I know if I was migrated over to Extensible Ingress?
You will automatically be rolled over between April 26, 2023 and June 1, 2023. There is no visible indicator to your migration to Extensile Ingress but you should experience an increase in your Security Console's stability. Extensible Ingress provides improved data synchronization which decreases inconsistencies between the Security Console and the Insight Platform.
What will happen to the old data ingestion system?
The Collector will be deprecated by the end of 2023, and Extensible Ingress will be the only client. There is no required action for users to deprecate the Collector. Further details will be provided in May about the End-of-Life of this service.
How will I know if there is an issue with Extensible Ingress?
Users will be notified in the Notification Center when Extensible Ingress fails to upload files to the S3 bucket to be shown in InsightVM. If you see this notification, notify Rapid7 Support specifying an Ingress Upload Failure.