Get Started with Agent Based Policy Assessment

Welcome to the InsightVM Agent Based Policy Preview program. You should now have access to the Agent Based Policy feature in your InsightVM interface.

We designed this preview program so we could partner with a select group of customers to get their feedback and learn about their use cases while the feature is in active development. This helps us deliver a robust solution at launch. Program participants will have direct access to resources from Rapid7’s engineering, user experience, and product management teams. We’ll also provide a public Slack channel (named #general) for you and other customers to share ideas on this upcoming feature and discuss solutions.

Before you start, we’d like to thank you for taking the time and effort to participate. Your feedback and participation help us create the best possible experience for our customers.

How do I get support for the Agent Based Policy feature?

Rapid7 will provide support for the Agent Based Policy feature through dedicated Slack channels. If you have any issues with access, need to report defects, or want to request additional enhancements, send a message through your private channel or the #general channel and we’ll be happy to assist you. If you do not have access to Slack, please let us know and we’ll add you and anyone else from your organization who you would like to include.

Overview

This guide is intended to get you started with the Agent Based Policy feature. The Agent Based Policy interface will allow you to view and drill down into assessment results for agent based policies you have selected to watch.

Access the Agent Based Policy Feature

To access the Agent Based Policy feature:

1. Sign in to your Insight platform account page .
   • If InsightVM does not open automatically upon signing in, expand the app switcher dropdown in the upper left corner of your screen and click InsightVM.
2. Copy and paste the following URL into your browser tab:

https://exposure-analytics.insight.rapid7.com/#/policy/compliance

Agent Based Policy Landing Page

After accessing the Agent Based Policy interface, you will land on a policy page based upon your previous selections:

• If no agent based policies are selected for your organization, you will see the Update Watch List page.
• If there are any agent based policies selected for your organization, you will see the Watched Policies page.

Watch a Policy

A fundamental component of the Agent Based Policy feature is the concept of policy watching. Instead of wading through assessment results for all the policy content that Rapid7 supports, this feature allows you to watch only the policies that are meaningful to your organization. Policy watching allows you to consume tailored results based on your watch list after assessment takes place.

You can select one or more agent based policies to watch from the Update Watch List page.

Use the filters on the left side of the page or enter text in the search field to narrow down the list of policies.

Select one or more policies from the policy table that you would like to watch. To help you find and watch the policies that are meaningful to your organization, the number of assets each policy applies to appears in the right column of the table.

View Watched Policies

The Watched Policies page displays a card for each agent based policy that has been selected for your organization.

If necessary, you can scroll the list up and down to see all watched policies.

Click the Update Watch List button to open the Update Watch List page and change your watched policy selections, if necessary.

Clicking on a policy name will take you to the results page for that policy.

View Results for a Watched Policy

Go to the policy results page to see detailed assessment results for a specific policy.

By default, the Rules tab is displayed. The rules table includes the name of the rule, the number of assets that failed the rule, the number of assets that passed the rule, and compliance as a percentage.

Clicking on a rule name will take you to the results page for that rule.

Clicking on the Assets tab will display the asset table for the policy results.

The assets table includes the asset host name, IP address, location, the number of rules the asset passed, the time the asset was last assessed, and compliance as a percentage.

Clicking on a host name will take you to the results page for that asset.

Clicking on the (i) icon next to the policy name at the top of the page will display some policy details.

View Results for a Policy Rule

Go to the policy rule results page to see detailed assessment results for a specific policy rule.

The page displays the results of the assets tested against the rule. The table includes the hostname, IP address, location, the time the asset was last assessed, and the assessment status of the asset against the rule.

Clicking on a hostname will take you to the results page for that asset.

Clicking on the (i) icon next to the policy rule name at the top of the page will display some policy rule details including the rule description, remediation, rationale for the rule, and applicable controls.

Clicking the rightmost column in the table will display the proof information.

View Results for an Asset

Go to the asset results page to see detailed assessment results for a specific asset.

The page displays the results of the policy rules against which the asset was tested. The table includes the policy rule name and the status of the asset against the rule.

Clicking on a rule name will take you to the results page for that asset.

Clicking on the rightmost column in the table will display the proof of the test of this asset against the rule.