Rapid7 InsightVM Cloud Connector
The following is not supported in Tenable FedRAMP Moderate environments. For more information, see the Tenable FedRAMP Product Offering.
The Rapid7 InsightVM Cloud solution identifies risks across all endpoints, cloud environments, and virtualized infrastructure. It enables comprehensive network scanning, prioritizes vulnerabilities, and provides actionable remediation guidance for IT and DevOps teams. InsightVM also offers real-time visibility into your risk posture and helps track and communicate progress toward security program goals.
Connector Details
| Details | Description |
|---|---|
|
Supported products |
|
|
Category |
Endpoint Security |
|
Ingested data |
Assets and Findings |
|
Ingested Asset Classes |
Device |
|
Integration type |
UNI directional (data is transferred from the Connector to Tenable Exposure Management in one direction) |
|
Supported version and type |
SaaS (latest) |
Prerequisites and User Permissions
Before you begin configuring the connector, make sure to:
-
Identify the region of your Rapid7 InsightVM Cloud instance (United States, Europe, Canada, Australia, or Japan).
-
Create or use a Rapid7 InsightVM Cloud user with Admin permissions.
-
Generate a Rapid7 API Key:
-
Login to Rapid7 using an Admin user.
-
Navigate to Settings > API Keys.
-
Click GenerateNew User Key.
-
Select the appropriate organization, assign a name to the API key, and click Submit.
-
Copy the API key immediately, as it will only be visible during its creation. You will use this API key later when configuring the Rapid7 InsightVM Cloud connector in Exposure Management.
-
Add a Connector
To add a new connector:
-
In the left navigation menu, click Connectors.
The Connectors page appears.
-
In the upper-right corner, click
Add new connector.The Connector Library appears.
-
In the search box, type the name of the connector.
-
On the tile for the connector, click Connect.
The connector configuration options appear.
Configure the Rapid7 Insight VM Cloud Connector
-
(Optional) In the Connector's Name text box, type a descriptive name for the connector.
-
(Optional) To use a preconfigured on-prem connector to connect to this connector, from the Gateway drop-down, select the on-prem connector you want to use for the connector. Otherwise, select Don't use gateway.
Note: For information about configuring a gateway, see Tenable On-Prem Connector. -
In the Region drop-down, select the relevant region of your Rapid7 instance.
-
In the API Key text box, paste the API Key you generated in Rapid7.
-
In the Data pulling configuration section, you can configure dynamic settings specific to the connector.
-
In the Asset Retention text box, type the number of days after which you want assets to be removed from Tenable Exposure Management. If an asset has not been detected or updated within the specified number of days, it is automatically removed from the application, ensuring your asset inventory is current and relevant.
Tip: For more information, see Asset Retention.
-
-
In the Test connectivity section, click the Test Connectivity button to verify that Tenable Exposure Management can connect to your connector instance.
-
A successful connectivity test confirms that the platform can connect to the connector instance. It does not, however, guarantee that the synchronization process will succeed, as additional syncing or processing issues may arise.
-
If the connectivity test fails, an error message with details about the issue appears. Click Show tests for more information about the exact error.
-
-
In the Connector scheduling section, configure the time and day(s) on which you want connector syncs to occur.
Tip: For more information, see Connector Scheduling. -
Click Create. Tenable Exposure Management begins syncing the connector. The sync can take some time to complete.
-
To confirm the sync is complete, do the following:
-
Navigate to the Connectors page and monitor the connector's status. Sync is complete once the connector status is Connected.
-
View the sync logs for the connector to monitor the logs for a successful connection.
-
Rapid7 Insight VM Cloud in Tenable Exposure Management
Locate Connector Assets in Tenable Exposure Management
As the connector discovers assets, Tenable Exposure Management ingests those devices for reporting.
To view assets by connector:
-
In Tenable Exposure Management, navigate to the Assets page.
-
In the Filters section, under 3rd Party Connectors, click the connector name for which you want to view assets.
The asset list updates to show only assets from the selected connector.
-
Click on any asset to view Asset Details.
Locate Connector Weaknesses in Tenable Exposure Management
As the connector discovers weaknesses, Tenable Exposure Management ingests those weaknesses for reporting.
To view weaknesses by connector:
-
In Tenable Exposure Management, navigate to the Weaknesses page.
-
In the Filters section, under 3rd Party Connectors, click the connector name for which you want to view weaknesses.
The weaknesses list updates to show only weaknesses from the selected connector.
-
Click on any weakness to view Weakness Details.
Locate Connector Findings in Tenable Exposure Management
As the connector discovers individual findings, Tenable Exposure Management ingests those findings for reporting.
To view findings by connector:
-
In Tenable Exposure Management, navigate to the Findings page.
-
In the Filters section, under 3rd Party Connectors, click the connector name for which you want to view findings
The findings list updates to show only assets from the selected connector.
-
Click on any asset to view Finding Details.
Data Mapping
Exposure Management integrates with the connector via API to retrieve relevant weakness and asset data, which is then mapped into the Exposure Management system. The following tables outline how fields and their values are mapped from the connector to Exposure Management.
Device Mapping
| Tenable Exposure Management UI Field |
Rapid7 InsightVM Cloud field |
|---|---|
| Unique Identifier | id |
| Asset - Name | host_name or ip or id |
| Asset - Operating Systems | os_system_name or os_name or os_family |
| Asset - Host Fully Qualified DNS | host_name |
|
Asset - IPv4 Adresses Asset - IPv6 Adresses |
ip |
| Asset - Last Observed At | last_scan_end or last_assessed_for_vulnerabilities |
|
Asset - External Tags |
tags.name from tags |
| Asset Custom Attributes |
os_version os_description Host ID- id type os_architecture risk_score |
Finding Mapping
| Tenable Exposure Management UI Field |
Rapid7 InsightVM Cloud field |
|---|---|
| Unique Identifier | port and protocol |
| Finding Name | data.title |
| CVEs | data.cves |
| Severity Driver | data.severity_score or data.cvss_v3_score |
| Description | data.description |
| Finding Custom Attributes |
port protocol proof status data.categories data.cvss_v2_exploit_score data.cvss_v2_impact_score data.cvss_v2_score data.cvss_v2_vector data.cvss_v3_attack_complexity data.cvss_v3_attack_vector data.cvss_v3_availability_impact data.cvss_v3_confidentiality_impact data.cvss_v3_exploit_score data.cvss_v3_impact_score data.denial_of_service data.pci_cvss_score data.pci_fail data.pci_severity_score data.pci_special_notes data.pci_status data.references data.risk_score data.severity data.severity_score |
| First Seen | first_found |
| Last seen (Observed) | last_found |
Finding Status Mapping
|
Tenable Exposure Management Status |
Rapid7 InsightVM Cloud Status |
|---|---|
|
Active |
All other statuses including EXCEPTION_VULN_EXPL or EXCEPTION_VULN_VERS |
|
Fixed |
NOT_VULNERABLE |
Finding Severity Mapping
|
Tenable Exposure Management Severity |
Rapid7 InsightVM Cloud Score |
|---|---|
|
Critical |
CVSS: 9.0 - 10.0 Severity: Critical |
|
High |
CVSS: 7.0 - 8.9 Severity: High |
|
Medium |
CVSS: 4.0 - 6.9 Severity: Medium |
|
Low |
CVSS: 1-3.9 Severity:Low |
|
None |
CVSS:0 |
Note:For Rapid7 Insight VM Cloud, Tenable uses the data.severity_score or cvssScore field to determine severity.
Status Update Mechanisms
Every day, Tenable Exposure Management syncs with the vendor's platform to receive updates on existing findings and assets and to retrieve new ones (if any were added).
The table below describes how the status update mechanism works in the connector for findings and assets ingested into Tenable Exposure Management.
|
Update Type in Exposure Management |
Mechanism (When?) |
|---|---|
|
Archiving Assets |
- Asset that appears in Tenable Exposure Management and isn't returned on the next connector's sync - Asset not seen for X days according to Last Seen. See Asset Retention. |
|
Change of a Finding status from "Active" to "Fixed" |
- Finding no longer appears in the scan findings - Finding status changes to NOT_VULNERABLE on the vendor's side |
Uniqueness Criteria
Tenable Exposure Management uses defined uniqueness criteria to determine whether an ingested asset or finding should be recognized as a distinct record. These criteria help define how assets and findings are identified and counted from each connector.
Tip: Read all about Third-Party Data Deduplication in Tenable Exposure Management .
The uniqueness criteria for this connector are as follows:
|
Data |
Uniqueness Criteria |
|---|---|
|
Asset |
id |
|
Finding |
port and protocol |
API Endpoints in Use
API version: v4.0
|
API |
Use in Tenable Exposure Management |
|---|---|
|
vm/v4/integration/vulnerabilities
|
Findings enrichment |
|
vm/v4/integration/asset |
Mapping Assets & Findings |
Data Validation
This section shows how to validate and compare data between Tenable Exposure Management and the Rapid7 InsightVM Cloud platform.
Asset Data Validation
Objective: Ensure the number of assets (devices) in Rapid7 InsightVM Cloud aligns with the number of devices displayed in Tenable Exposure Management.
In Rapid7 InsightVM Cloud:
-
Navigate to Dashboard > Newly Discovered Assets.
-
Click Total new assets.
The total number of newly discovered assets appears.
In Tenable Exposure Management:
-
Compare the total number of assets between Rapid7 InsightVM Cloud and Tenable Exposure Management.
Expected outcome: The total number of devices in Exposure Management should match the number of assets shown in Rapid7.
If an asset is not visible in Exposure Management, check the following conditions:
-
The asset was archived based on its last observed date (last_seen field).
-
The asset was archived because it did not return in the connector's last sync.
Tip: To learn more on how assets are archived and findings change status, see Status Update Mechanisms.
Finding Data Validation
Objective: Ensure the number of active findings in Rapid7 InsightVM Cloud aligns with the findings displayed in Exposure Management.
In Rapid7 InsightVM Cloud:
-
Navigate to Dashboard > Newly Discovered Assets page.
-
Click on any asset name.
-
To validate the number of findings:
-
Perform a query using the API and refer to the findings count in the new response field.
-
The count displayed in the UI may not reflect the actual ingested data. The values highlighted in the following image differ from the numbers retrieved via the API.
-
In Tenable Exposure Management:
-
Compare the total number of findings between Rapid7 InsightVM Cloud and Tenable Exposure Management.
Expected outcome: The total numbers returned in Rapid7 InsightVM Cloud and Exposure Management should match.
Important! The number of findings displayed in the Rapid7 InsightVM Cloud user interface may not match the number retrieved via the API. Exposure Management aligns with the findings count provided in the API response.
If a finding is missing from Exposure Management or no longer active, check the following conditions:
-
The finding is marked as Fixed (status = NOT_VULNERABLE) and appears under the Fixed state on the Findings screen.
-
The finding no longer appears in the scan findings.
-
The finding no longer appears because its related asset was archived.
Tip: To learn more on how assets are archived and findings change status, see Status Update Mechanisms.