• Welcome to Vulnerability Management (InsightVM)
    • Quick Start Guide
      • System Requirements
      • Download
    • Tour the Home Page
      • Changes to the Security Console Administration page
    • Service start, stop, and status controls
    • Vulnerability Management (InsightVM) glossary of terms
    • Activate your console on the Insight platform
    • Deploy Additional Consoles
    • Email Confirmation for Command Platform (Insight Platform) Account Mapping
    • Configure communications with the Insight platform
    • Using the Rapid7 Agent (Insight Agent) with Vulnerability Management (InsightVM)
    • Correlate Assets with Rapid7 Agent (Insight Agent) UUIDs
    • How Vulnerability Management (InsightVM) correlates non-persistent VDIs
    • Modify Security Console Sync Interval
    • Dashboards
      • Global Dashboard Filtering
    • Cards
      • Query in Cards
    • Remediation Projects
    • Ticketing Integration for Remediation Projects
      • Jira
      • ServiceNow
    • Custom Policy Builder
      • Audit Logs
    • Goals and SLAs
      • Create Goals or SLAs
      • Goal Cards
      • Share Goals or SLAs
      • Manage Goals and SLAs
      • Use Cases
    • Query Builder
      • Query Operators
    • Cloud Reporting
      • Executive Summary Report
      • Create and Manage Reports
    • Vulnerability Management (InsightVM) Platform Login
    • Quick Actions in Vulnerability Management (InsightVM)
    • Collectors in Vulnerability Management (InsightVM)
    • Collector Requirements
    • Collector Installation and Deployment
    • Collector Troubleshooting
    • Collector Proxy Configuration
    • Automation Feature Access Prerequisites and Recommended Best Practices
    • Vulnerability Management (InsightVM) Automation Features
    • Notifications
    • Automation Workflows
      • Microsoft SCCM - Automation-Assisted Patching
      • IBM BigFix - Automation-Assisted Patching
    • What is a site?
    • Creating your first site
    • Site creation use cases
    • Create and edit sites
    • Giving users access to a site
    • Adding assets to sites
    • Best practices for adding assets
    • Deleting sites
    • Site Detail View
    • Scan Engines
    • Distributed Scan Engines
    • Post-Installation Engine-to-Console Pairing
    • External Scanning Service
    • Scan Engine Pools
    • Containerized Scan Engine
    • AWS Scan Engines
    • Azure Scan Engines
    • Scan Engine Communication Methods
    • Scan Engine Data Collection - Rules and Details
    • Scan Engine Management on the Command Platform (Insight Platform)
    • Selecting a scan template
    • Scan template best practices
    • Scanning with multiple templates
    • Scan templates appendix
    • Authenticated Discovery Scans
    • Configuring scan credentials
    • Maximizing security with credentials
    • Configuring site-specific scan credentials
    • Managing shared scan credentials
    • Creating and Managing CyberArk Credentials
    • Kerberos Credentials for Authenticated Scans
    • Using SSH public key authentication
    • Elevating permissions
    • Database scanning credential requirements
    • Using LM/NTLM hash authentication
    • Authentication on Windows: best practices
    • Authentication on Unix and related targets: best practices
    • Using PowerShell with your scans
    • Using the Scan Assistant
    • Setting up scan alerts
    • Scheduling scans
    • Scan blackouts
    • Exporting your Calendar
    • Managing dynamic discovery of assets
    • Discovering mobile devices
    • Discovering Amazon Web Services instances
    • Discovering Microsoft Azure instances
    • Discovering Virtual Machines Managed by VMware vCenter or ESX/ESXi
    • Discovering Assets through DHCP Log Queries
    • Discovering Assets managed by McAfee ePolicy Orchestrator
    • Discovering vulnerability data collected by McAfee Data Exchange Layer (DXL)
    • Discovering Assets managed by Active Directory
    • Creating and managing Dynamic Discovery connections
    • Initiating Dynamic Discovery
    • Using filters to refine Dynamic Discovery
    • Monitoring Dynamic Discovery
    • Configuring a site using a Dynamic Discovery connection
    • Working with Project Sonar
    • Importing AppSpider scan data
    • Running a manual scan
    • Understanding different scan engine statuses and states
    • Viewing scan results and scan logs
    • Scan threads and port statuses
    • Stopping all in-progress scans
    • Automating security actions in changing environments
    • Enabling Remote Registry Activation
    • Configuring scan authentication on target Web applications
      • Creating a logon for Web site form authentication
      • Creating a logon for Web site session authentication with HTTP headers
    • Measuring scan performance and time
    • Scanning a load balancer
    • Using the Metasploit Remote Check Service
    • Assess
    • Locating and working with assets
    • Fingerprint certainty
    • Enabling and disabling Fingerprinting during scans
    • Applying RealContext with tags
    • Working with vulnerabilities
    • Vulnerability metrics explained
    • Vulnerability exceptions
    • Policy Manager
    • Policy rule overrides
    • Assess with agent-based policies
    • Bulk export agent-based policies and vulnerabilities with the API
    • Scanning for specific vulnerabilities
      • Spring4Shell (CVE-2022-22965)
      • Apache Log4j (CVE-2021-44228)
      • Meltdown and Spectre (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754)
      • WannaCry
    • Working with asset groups
    • Performing filtered asset searches
    • Creating a dynamic or static asset group from asset searches
    • Working with reports
    • Report templates and sections
    • Report creation wizard
    • Creating a basic report
    • Viewing, editing, and running reports
    • Working with risk trends in reports
    • For ASVs: Consolidating three report templates into one custom template
    • Distributing, sharing, and exporting reports
    • Configuring data warehousing settings
    • Configuring custom report templates
    • Understanding report content
    • Working with report formats
    • Report start times and durations
    • Upload externally created report templates signed by Rapid7
    • View Risk Across Cloud and On-Prem Environments
      • Executive Risk View Dashboard Cards
    • Remediate Risk Across Cloud and On-Prem Environments
    • Creating reports based on SQL queries
    • Understanding the reporting data model: Overview and query design
    • Understanding the reporting data model: Facts
    • Understanding the reporting data model: Dimensions
    • Understanding the reporting data model: Functions
    • SQL Query Export examples
    • Tune
    • Working with scan templates and tuning scan performance
    • Configuring custom scan templates
    • Configuring asset discovery
    • Configuring service discovery
    • Selecting vulnerability checks
      • Writing vulnerability checks
      • Common vulnerability check examples
      • Building weak credential vulnerability checks
      • Converting a NASL check
    • Selecting Policy Manager checks
    • Configuring verification of standard policies
    • Configuring scans of various types of servers
    • Configuring File Searches on Target Systems
    • Using other tuning options
    • Managing certificates for scanning
    • Creating a custom policy
    • Uploading custom SCAP policies
    • Risk Strategies
    • Adjusting risk with criticality
    • Sending custom fingerprints to paired Scan Engines
    • Scan property tuning options for specific use cases
      • Set maximum scan duration per device
      • Set maximum concurrent scans per engine
      • Set a Scan Engine proxy for the Security Console
    • Managing users and authentication
    • Setting password policies
    • Two factor authentication
    • LDAP authentication
    • Kerberos authentication
    • Configure SSO authentication
      • Okta SSO SAML
      • Azure SSO SAML
      • ADFS SSO SAML
      • Duo SSO SAML
      • Google SSO SAML
      • OneLogin SSO SAML
      • PingFederate SSO SAML
      • Troubleshooting SSO
    • Remove an authentication source from Vulnerability Management (InsightVM)
    • How to reset a password
    • Managing the Security Console
      • Configure HTTPS Options
    • Security Console best practices
    • PostgreSQL Database Migration Guide
    • Using a Proxy Server
    • Planning a deployment
    • Database Backup, Restore, and Data Retention
    • Migrate a Backup to a New Security Console Host
    • Managing versions, updates, and licenses
      • SCAP compliance
      • Live Licensing
    • Setting Up a Sonar Query
    • Enabling FIPS mode
    • Using the command console
    • Troubleshooting
    • Running the Windows uninstaller
    • Running the Linux uninstaller
    • Configuring maximum performance in an enterprise environment
    • Define your goals
    • Ensuring complete coverage
    • Planning your Scan Engine Deployment
    • Setting up the application and getting started
    • Planning for capacity requirements
    • Bulk asset delete operations
    • Amazon Web Services (AWS)
      • Amazon Web Services FAQs
      • AWS Security Hub
    • Microsoft Defender for Cloud
    • Integrate Vulnerability Management (InsightVM) with ServiceNow Security Operations
    • Intergrate Vulnerability Management (InsightVM) with Rapid7 Agent (Insight Agent)
    • ServiceNow CMDB Data Synchronization
    • Vulnerability Management (InsightVM) Technology Add-On for Splunk
    • Resources
    • RESTful API
    • Application encryption types
    • How Vulnerability Management (InsightVM) links assets across sites
    • Using regular expressions
    • Using Exploit Exposure
    • Performing configuration assessment
    • AWS Edition Quick Start Guide
      • Objective 1: Deploy the Rapid7 Agent (Insight Agent)
      • Objective 2: Build a Dashboard
      • Objective 3: Create a Goal
      • Objective 4: Create and Assign Remediation Projects
      • Objective 5: Assess Your Containers
    • Virtual Appliance Guide
    • Patching Appliances for Meltdown/Spectre
    • Recurring vulnerability coverage
      • Configure Dell PowerStore coverage
    • Request vulnerability coverage
    • Command Platform Release Notes
    • Investigate false positives
    • Contact the Rapid7 Support Team
    • Share an idea with Rapid7
    • Finding out what features your license supports
    • Legacy Risk Strategies
    • Microsoft Defender BYOL integration End-of-Life announcement
    • Container Security End-of-Life announcement
    • Cloud Configuration Assessment (CCA) End-of-Life announcement
    • Cloud Configuration Assessment, Container Security, and Built-in Automation Workflows change in feature availability announcement
    • BeyondTrust (Previously Liberman) Privileged Identity End-of-Life announcement
    • Manage Engine Service Desk legacy integration End-of-Life announcement
    • Thycotic legacy integration End-of-Life announcement
    • Internet Explorer 11 browser support end-of-life announcement
    • Legacy data warehouse and report database export End-of-Life announcement
    • Amazon Web Services (AWS) legacy discovery connection End-of-Life announcement
    • NSX Manager End-of-Life announcement
    • Legacy CyberArk ruby gem End-of-Life announcement
    • ServiceNow ruby gem End-of-Life announcement
    • Legacy Imperva integration End-of-Life announcement
    • Cisco FireSight (previously Sourcefire) ruby gem integration End-of-Life announcement
    • Microsoft System Center Configuration Manager (SCCM) ruby gem integration End-of-Life announcement
    • TLS 1.0 and 1.1 support for Insight solutions End-of-Life announcement
    • Rapid7 Agent (Insight Agent) Windows XP support End-of-Life announcement
    • Rapid7 Agent (Insight Agent) Windows Server 2003 End-of-Life announcement
    • Collector JRE 1.7 support End-of-Life announcement

RESTful API
Copy link

These APIs are available for Vulnerability Management (InsightVM):

  • Version 3 of the Security Console API: https://help.rapid7.com/insightvm/en-us/api/index.html 
  • Version 4 of the Cloud Integrations API: https://help.rapid7.com/insightvm/en-us/api/integrations.html 

If you have any questions or would like further guidance on usage of these APIs, visit the Rapid7 Discussion Community .

  • © Rapid7
    • Legal Terms
    • Privacy Policy
    • Export Notice
    • Trust