InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

InsightVM Integration

Instructions for Integration Between InsightVM & InsightCloudSec

Overview

The integration with Rapid7's InsightVM provides InsightCloudSec with the ability to ingest vulnerability and Common Vulnerabilities and Exposures (CVE) information associated with cloud instances and identify gaps in agent deployment gaps across a company's cloud footprint. The following use cases are possible using the InsightCloudSec/InsightVM integration:

  • Identify cloud assets which do/do not have the InsightVM agent installed
  • Auto-removal of agents when the upstream instance is terminated in the cloud
  • Leverage CVEs for added context when defining InsightCloudSec Insights/controls
  • Bot automation based on the presence of specific vulnerabilities
  • Risk Score Analysis

For more information check out the InsightVM Cloud Integration docs, or the main InsightVM documentation.

Integration Configuration in InsightCloudSec

1. To set up this integration navigate to "Administration --> Integrations" and locate the "InsightVM" tile from your InsightCloudSec platform.

InsightVM IntegrationInsightVM Integration

InsightVM Integration

2. Configure the integration as follows:

  • Select your desired region from the drop-down
    • Note: for the US-based regions you can specify a location
  • Provide your API Key (from your desired InsightVM configuration)
InsightVM Integration SettingsInsightVM Integration Settings

InsightVM Integration Settings

3. Click "Save" to complete the integration setup.

Using The Integration

Once configured, the integration will harvest vulnerabilities and agent information from your InsightVM console. Note: the harvest operation runs twice a day to limit the amount of traffic and API calls generated against your console.

The following Filters are available for configuration within InsightCloudSec once the integration is active:

  • Instance With InsightVM Agent Last Assessment Threshold
  • Instance With InsightVM Agent Configured
  • Instance Without InsightVM Agent Configured
  • Resource InsightVM Risk Score
  • Resource InsightVM Vulnerability Count
  • Resource Vulnerable To Specific Vulnerability (CVE)
  • Resource Vulnerability Wildcard Search

Resources

A "Vulnerability View" toggle will be available when viewing Instances within the Resources interface. Toggling this on displays risk and vulnerability assessment information for each instance instead of resource attributes.

Vulnerability ViewVulnerability View

Vulnerability View

If you toggle on the Vulnerability View and open the resource properties for a vulnerable resource, there will be an "InsightVM Vulnerabilities" tab available that enumerates and classifies the vulnerabilities for that resource.

Resource Properties - VulnerabilitiesResource Properties - Vulnerabilities

Resource Properties - Vulnerabilities

Using Bots with InsightVM

The integration also includes a Bot action that allows administrators to leverage InsightCloudSec automation to remove agents from the InsightVM console. We recommend using the action "Deregister InsightVM Agent" with the Resource Deleted hookpoint. This ensures that when your AWS EC2 Instances, Azure Virtual Machines and GCP Instances are terminated in the Cloud that they are also deleted in the IVM console.

For questions or other information reach out to us through [email protected].

Updated 23 days ago

InsightVM Integration


Instructions for Integration Between InsightVM & InsightCloudSec

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.