Rapid7 InsightVM Import

Integrate your Rapid7 InsightVM Vulnerability Management cloud software account so you can import CVEs to Rapid7 Threat Command.

In addition to importing CVEs, you can enable the import of host information (host name, IP address, and last scan date). This data, which gives a better understanding of which assets are affected by each CVE, is displayed in the Affected Assets tab for each imported CVE.

During the integration setup, you will need this information from your InsightVM instance:

• Data Storage Region - https://docs.rapid7.com/insightvm/configure-communications-with-the-insight-platform/ - https://docs.rapid7.com/insight/managing-platform-api-keys/#generate-an-organization-key
• Organization (API) key - https://docs.rapid7.com/insight/managing-platform-api-keys/#generate-an-organization-key

Import CVEs from Rapid7 InsightVM to Threat Command

Import CVEs so you can manage them in Threat Command. CVEs are imported from 30 days back.

To import CVEs:

1. From the Threat Command main menu, select Automation > Integrations.
2. From the Integrations  window, click Cloud.
3. Click Add new device.
4. Type a user-defined name for the device.
   The name can contain a maximum of 50 letters, spaces, numbers, and underscores.
5. For the Device type, select Rapid7 InsightVM.
6. Select the region that matches the Data Storage Region from the Rapid7 InsightsVM instance.
7. Enter the API key for the Rapid7 InsightVM account.
8. (Optional) To enable the display of host information, select Enable collection of host information.
9. It is recommended to click Test Credentials to ensure that the credentials are valid.
   If the credentials are not valid, a message is displayed.
10. Click Add.

The new device is added to the cloud integrations device list. Next to the device name, there is a red dot, indicating that communication has not yet been established. The dot will change to green when the device is synchronized.

Integration credentials are checked periodically. An email message will be sent to the Rapid7 administrator if credentials have expired.

Edit Rapid7 InsightVM integration

You can edit the Rapid7 InsightVM connection credentials.
To edit a connection:

1. From the Threat Command main menu, select Automation > Integrations.
2. From the Integrations  window, click Cloud.
3. Select the integration to update.
   The integration details are displayed.
4. (Optional) You can enable or disable the collection of host information.
5. Make necessary corrections, then click Test Credentials.
   If the credentials are not valid, a message is displayed.
6. Click Save.