The integration with Rapid7's InsightVM provides InsightCloudSec with the ability to ingest vulnerability and Common Vulnerabilities and Exposures (CVE) information associated with cloud instances and identify gaps in agent deployment gaps across a company's cloud footprint. The following use cases are possible using the InsightCloudSec/InsightVM integration:
- Identify cloud assets which do/do not have the InsightVM agent installed
- Auto-removal of agents when the upstream instance is terminated in the cloud
- Leverage CVEs for added context when defining InsightCloudSec Insights/controls
- Bot automation based on the presence of specific vulnerabilities
- Risk Score Analysis
1. To set up this integration navigate to "Administration --> Integrations" and locate the "InsightVM" tile from your InsightCloudSec platform.
2. Configure the integration as follows:
- Select your desired region from the drop-down
- Note: for the US-based regions you can specify a location
- Provide your API Key (from your desired InsightVM configuration)
3. Click "Save" to complete the integration setup.
Once configured, the integration will harvest vulnerabilities and agent information from your InsightVM console. Note: the harvest operation runs twice a day to limit the amount of traffic and API calls generated against your console.
The following Filters are available for configuration within InsightCloudSec once the integration is active:
- Instance With InsightVM Agent Last Assessment Threshold
- Instance With InsightVM Agent Configured
- Instance Without InsightVM Agent Configured
- Resource InsightVM Risk Score
- Resource InsightVM Vulnerability Count
- Resource Vulnerable To Specific Vulnerability (CVE)
- Resource Vulnerability Wildcard Search
A "Vulnerability View" toggle will be available when viewing Instances within the Resources interface. Toggling this on displays risk and vulnerability assessment information for each instance instead of resource attributes.
If you toggle on the Vulnerability View and open the resource properties for a vulnerable resource, there will be an "InsightVM Vulnerabilities" tab available that enumerates and classifies the vulnerabilities for that resource.
The integration also includes a Bot action that allows administrators to leverage InsightCloudSec automation to remove agents from the InsightVM console. We recommend using the action "Deregister InsightVM Agent" with the Resource Deleted hookpoint. This ensures that when your AWS EC2 Instances, Azure Virtual Machines and GCP Instances are terminated in the Cloud that they are also deleted in the IVM console.
For questions or other information reach out to us through [email protected].
Updated 23 days ago