Rapid7 Nexpose
Visualize Rapid7 Nexpose users, devices, scanners, findings, and vulnerabilities, map Rapid7 Nexpose users to employees, and monitor changes through queries and alerts.
- Installation guide
- Rapid7 Nexpose data model
Installation
For this integration, you will need to acquire and provide the following within JupiterOne:
- The InsightVM Security Console Socket Address: The publicly-accessible socket (host:port) of your InsightVM Security Console. e.g.
{hostname}:3780. - An InsightVM Username and Password: You will need to use an existing user or create a user that has the Global Administrator Role.
For more information for InsightVM user management, see Rapid7 Nexpose's documentation.
Configuration in JupiterOne
To install the Rapid7 Nexpose integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Rapid7. Click New Instance to begin configuring your integration.
Creating a configuration requires the following:
The Account Name used to identify the Rapid7 Nexpose account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled.Description to assist in identifying the integration instance, if desired.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration.Your InsightsVM Security Console Socket Address which is publicly accessible.
The InsightsVM Username and InsightsVM Password of an admin user in the security console.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | insightvm_account | Account |
| Asset | insightvm_asset | Device |
| Finding | insightvm_finding | Finding |
| Scan | insightvm_scan | Assessment |
| Site | insightvm_site | Site |
| User | insightvm_user | User |
| Vulnerability | insightvm_vulnerability | Vulnerability |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
insightvm_account | HAS | insightvm_asset |
insightvm_account | HAS | insightvm_site |
insightvm_account | HAS | insightvm_user |
insightvm_asset | HAS | insightvm_finding |
insightvm_finding | IS | insightvm_vulnerability |
insightvm_site | HAS | insightvm_user |
insightvm_site | MONITORS | insightvm_asset |
insightvm_site | PERFORMED | insightvm_scan |
insightvm_user | OWNS | insightvm_asset |