Integrate InsightVM with ServiceNow Security Operations

The Rapid7 Integration for Security Operations allows you to incorporate InsightVM vulnerability assessment data into your ServiceNow Security Operations instance using an API. You can then consume this data with dashboards and other ServiceNow analytics tools.

With this integration, you can:

  • Import Rapid7 InsightVM scan data directly into ServiceNow Security Operations.
  • Gain more context and visibility into individual vulnerabilities and overall risk.
  • Reduce exposure time through data-centric collaboration between IT Operations and Security.
  • Maximize output while minimizing effort through an automated and closed-loop workflow.
  • Easily deploy the integration from the ServiceNow Marketplace.

This article covers the following topics:

How this integration works

Here’s a high-level overview of how this integration works:

  1. InsightVM scans your environment to assess your assets' level of risk and processes the vulnerability data.
  2. ServiceNow Security Operations (SecOps) periodically queries InsightVM for the latest vulnerability information.
  3. ServiceNow creates remediation tickets for vulnerabilities and closes tickets that have been fixed.
  4. With future queries of InsightVM, ServiceNow checks closed tickets for successful remediation.

Requirements

Before you get started with this integration, verify that you meet the following requirements.

Network traffic rules for the Insight Platform

For ServiceNow to retrieve data from InsightVM, your network must allow outbound traffic to the hostname that corresponds to your current InsightVM data region. The following table contains hostnames for each of the current InsightVM data regions:

Region

Hostname

United States

us.api.insight.rapid7.com

Europe

eu.api.insight.rapid7.com

Canada

ca.api.insight.rapid7.com

Japan

ap.api.insight.rapid7.com

Australia

au.api.insight.rapid7.com

Make sure to configure your network for the correct region!

The region that houses your InsightVM data depends entirely on what region was selected during your InsightVM deployment. The network rule you configure here must correspond to the data region you selected previously in InsightVM, or this integration will be unable to retrieve any data.

Rapid7 API key

Your Rapid7 API key allows ServiceNow to request data from your InsightVM environment. For your API key to be usable with this integration, it must be generated by an Insight Platform user with the Platform Administrator role.

We’ll cover how to generate your API key in the deployment procedure.

System requirements

The integration has several system requirements that you must satisfy, including installed plugins and user roles. You can review these requirements on the integrations’ ServiceNow Store page:

https://store.servicenow.com/sn_appstore_store.do#!/store/application/8a2aa078e7330300809a268b03f6a988

Deployment

Complete the following steps to deploy the Rapid7 Integration for Security Operations.

Generate your API key

Platform Administrator role required

As a reminder, you must generate your API key with an Insight Platform user that has the Platform Administrator role. API keys generated by Insight Platform users in other roles will not be usable with this integration.

Follow these steps to generate your API key:

  1. Go to insight.rapid7.com and sign in with your Insight account email address and password.
  2. Click the API Key Management tab on your left menu.
  3. On the API Keys page, switch to the User Key view and click + New User Key.
  1. On the Generate New User Key panel, select the organization to which your InsightVM deployment belongs from the dropdown list.
  2. Finally, give your API key a name for reference purposes. Click Generate to finish.
  3. With your API key generated, copy and save the key in a secure location.

This is your only chance to copy this API key!

For security purposes, your API key will not be viewable again after this opportunity. Make sure you copy and save it now.

If you inadvertently skip this step, you can always generate a new API key.

  1. Click Done after copying your API key. The key record will now appear by name in your User Key table.

Install and configure the integration

Now that you have your API key handy, follow these steps to access and install the Rapid7 Integration for Security Operations in ServiceNow:

  1. Go to the Rapid7 Integration for Security Operations page in the ServiceNow store to add the integration to your ServiceNow application.

Integration types

The ServiceNow document listed previously details separate procedures for two integration types:

  • InsightVM integration type
  • Data warehouse integration type

The procedures in this article are meant for the InsightVM integration type.

  1. After installing the integration, log in to your ServiceNow application and navigate to the Rapid7 Vulnerability Integration on your left menu.
  2. Expand the Administration dropdown and click Configuration.
  3. Select InsightVM from the Integration Type dropdown.
  4. On the Integration Setup tab, select the region that corresponds to your InsightVM data region from the Server URL dropdown.
  5. Paste your API key in the provided field.
  1. Click Test Credentials to verify that the integration is configured correctly and can communicate with InsightVM.
    • If the credential test succeeds, the Validation Status field will display Valid. Click Save to finish your integration deployment.
    • If the credential test fails, verify that you’ve configured your network traffic rules for the correct data region and check that your Server URL and API Key values are input correctly before trying again.

Rapid7 Integration for Security Operations deployment complete!

InsightVM data will now appear in your ServiceNow application to help manage your remediation efforts.