Rapid7 Insight Platform
The Rapid7 Insight Platform is a cloud-based security solution offering integrated tools for vulnerability management, incident detection, and application security, enhanced by advanced analytics and automation for efficient threat identification and response.
- Installation guide
- Rapid7 Insight Platform data model
Installation
Configuration in Rapid7 Insight Platform
- Go to the Rapid7 Insight Platform.
- Click in the gear icon at the top right corner and when the dropdown is opened click on API Keys.
- Inside API Key Management -> User Keys, click Generate New User Key. Select your Organization and create a name for your API key.
Please make sure the user that generates the API key is Platform Admin. This can be checked inside Settings -> User Management -> Click user -> Navigate to Role Management. - The created API key will be addded to the JupiterOne integration instance configuration. Your API key will be displayed only one time so make sure to copy it before closing the creation modal.
Configuration in JupiterOne
To install the Rapid7 Insight integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Rapid7 Insight Platform. Click New Instance to begin configuring your integration.
Creating a configuration requires the following:
Organization ID: this can be found in Settings -> Organization Settings.
API Key: the created API key should be added here.
Insight Region: the region to ingest Insight data from. This can be found in the top right cornet of your Rapid7 Insight Dashboard. You should be able to see something like:
United States - 2. Valid region codes: us, us2, us3, eu, ca, au or ap.Product Codes to Ingest: Here we will add the Insight product codes to ingest. Please select the products that you want to ingest. The unselected ones will be skipped in the integration steps.
The Account Name used to identify the Rapid7 Insight Platform account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled.Description to assist in identifying the integration instance, if desired.
Data Source Settigns: here you will be able to customize the steps to be ingested. If desired, specific steps can be enabled/disabled from here.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | rapid7_insight_account | Account |
| Insight Service | rapid7_insight_service | Service |
| InsightAppSec App | insightappsec_app | Application |
| InsightAppSec Engine | insightappsec_engine | Scanner |
| InsightAppSec Engine Group | insightappsec_engine_group | Group |
| InsightAppSec Scan | insightappsec_scan | Assessment |
| InsightAppSec Scan Config | insightappsec_scan_config | Configuration |
| InsightAppSec Vulnerability | insightappsec_vulnerability | Vulnerability |
| InsightVM Device | insightvm_device | Device |
| InsightVM Host | insightvm_host | Host |
| InsightVM Site | insightvm_site | Site |
| InsightVM Vulnerability | insightvm_vulnerability | Vulnerability |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
insightappsec_app | HAS | insightappsec_vulnerability |
insightappsec_engine_group | HAS | insightappsec_engine |
insightappsec_engine_group | USES | insightappsec_scan_config |
insightappsec_scan | PROTECTS | insightappsec_app |
insightappsec_scan_config | PERFORMED | insightappsec_scan |
insightvm_device | HAS | insightvm_host |
insightvm_device | HAS | insightvm_vulnerability |
insightvm_site | MONITORS | insightvm_device |
insightvm_site | MONITORS | insightvm_host |
rapid7_insight_account | HAS | rapid7_insight_service |
rapid7_insight_service | HAS | insightappsec_engine_group |
rapid7_insight_service | HAS | insightvm_site |
Mapped Relationships
The following mapped relationships are created:
Source Entity _type | Relationship _class | Target Entity _type | Direction |
|---|---|---|---|
insightvm_host | IS | *aws_instance* | FORWARD |
insightvm_vulnerability | IS | *cve* | FORWARD |