: Get Vulnerability Scan Reports from Rapid7
Focus
Focus

Get Vulnerability Scan Reports from Rapid7

Table of Contents

Get Vulnerability Scan Reports from Rapid7

Generate and import Rapid7 vulnerability scan reports into
IoT Security
and then view them from the
IoT Security
portal.
Cortex XSOAR
can run jobs that generate vulnerability scan reports that Rapid7 performed, even those not initiated from the
IoT Security
portal, and then import them to
IoT Security
when they include devices in the
IoT Security
inventory.
There are two pairs of jobs that generate vulnerability scan reports and import them into
IoT Security
. One pair runs periodically and imports scan reports incrementally. The first job in this pair generates vulnerability scan reports that Rapid7 performed within the past hour, and the second job imports them. The other pair of jobs must be manually initiated and imports scan reports into
IoT Security
in bulk. The first job in this pair generates vulnerability scan reports that Rapid7 performed over the past 30 days, and the second job imports them.
Because the bulk job retrieves all vulnerability reports for the past 30 days, older reports for devices with dynamically assigned IP addresses might not align with devices using these IP addresses now. As a result, vulnerability information might be associated with the wrong devices and risk scores might be miscalculated. Therefore, use this tool sparingly and with caution, or rely solely on the periodic job to gather recently generated reports from Rapid7 incrementally.
Rapid7 supports scans of single devices and multiple devices. If a Rapid7 vulnerability scan report for single or multiple devices includes any devices in your
IoT Security
inventory, then the
IoT Security
portal displays the report on the
Device Details
page for the included devices and on
Logs & Reports
Reports
Vulnerability Scan Reports
.
A vulnerability scan report for multiple devices contains results for all the scanned devices. However,
IoT Security
changes the report name of the file that each scanned device links to so that the name includes its MAC address. As a result, different report names will link to the same file if the report includes results for multiple devices.
The following is the pair of
Cortex XSOAR
jobs that generate vulnerability scan reports performed in the last hour and then import them from Rapid7 to
IoT Security
:
  • Incremental Report Generation for Rapid7 Scans
    – This job instructs Rapid7 to generate reports for all vulnerability scans it performed within the last hour. These are not only scans initiated from the
    IoT Security
    portal but all scans that Rapid7 performed regardless of where they were initiated. By default, this job runs every 60 minutes after you enable it.
  • PANW IoT Incremental Import of Reports from Rapid7
    – Enable this job to import the reports that Rapid7 generated for the last hour. Consider enabling this job 10 or 15 minutes after the first job to give Rapid7 time to finish generating its reports.
If you are using the default integration instance (and haven’t changed its name), select
Jobs
in the left navigation panel in the
Cortex XSOAR
interface, search for
rapid7
, select the name of the job, and click
Enable
.
The following is the pair of
Cortex XSOAR
jobs that generate vulnerability scan reports for the past 30 days and then import them in bulk from Rapid7 to
IoT Security
:
  • Bulk Report Generation for Rapid7 Scans
    – This job instructs Rapid7 to generate reports for all vulnerability scans it performed over the last 30 days. These are not only scans initiated from the
    IoT Security
    portal but all scans that Rapid7 performed regardless of where they were initiated. Run this report on demand.
  • PANW IoT Bulk Import of Reports from Rapid7
    – When the status of the previous job is complete, run this job to import the reports that Rapid7 generated for the last 30 days. Check the status on the Jobs page in the
    Cortex XSOAR
    interface.
If you are using the default integration instance (and haven’t changed its name), select
Jobs
in the left navigation panel in the
Cortex XSOAR
interface, search for
rapid7
, select the name of the job, and click
Run
.
If you are using a custom-defined integration instance that you created, follow the steps below.
  1. Create a job in
    Cortex XSOAR
    to generate Rapid7 vulnerability scan reports incrementally.
    1. Navigate to
      Settings
      in the
      Cortex XSOAR
      UI, open the Rapid7 integration instance that you previously created, and copy the integration instance name.
    2. Navigate to
      Jobs
      and then click
      New Job
      at the top of the page.
    3. In the New Job panel that appears, enter the following and leave the other settings at their default values:
      Recurring
      : Select this to poll Rapid7 periodically for new reports.
      Every
      : Enter a number and set the interval value (Minutes, Hours, Days, or Weeks) and select the days on which to run the job. (To run the job every day, either select all days or leave them unselected.) This determines how often
      Cortex XSOAR
      checks Rapid7 for scan reports generated within the past hour and downloads them if available.
      To ensure
      IoT Security
      doesn’t miss any reports, set this for 1 hour (or 60 minutes).
      Name
      : Enter a name for the job.
      Playbook
      : Choose
      Incremental Rapid7 Get Scans and Generate Reports V2- PANW IoT 3rd Party Integration
      .
      Integration Instance Name
      : Paste the Rapid7 integration instance name you copied.
    4. Click
      Create new job
      .
    5. To start running the job at recurring intervals, select the job and click
      Enable
      at the top of the Jobs table.
  2. Create a job to import Rapid7 vulnerability scan reports incrementally.
    1. Repeat the previous step but choose
      Incremental Rapid7 Get Scans and Report Handling V2- PANW IoT 3rd Party Integration
      for the playbook.
    2. Wait 10 or 15 minutes after enabling the previous job, select the name of this job, and then click
      Enable
      at the top of the Jobs table.
  3. Create a job to generate Rapid7 vulnerability scan reports in bulk.
    1. On the Settings page in the
      Cortex XSOAR
      UI, open the Rapid7 integration instance that you previously created and copy the integration instance name.
    2. Navigate to
      Jobs
      and then click
      New Job
      at the top of the page.
    3. In the New Job panel, enter the following and leave the other settings at their default values:
      Name
      : Enter a name for the job.
      Playbook
      : Choose
      Bulk Rapid7 Get Scans and Generate Reports V2- PANW IoT 3rd Party Integration
      .
      Integration Instance Name
      : Paste the Rapid7 integration instance name you copied.
    4. Click
      Create new job
      .
    5. To initiate the job, select it and then click
      Run now
      at the top of the Jobs table.
  4. Create a job to import Rapid7 vulnerability scan reports in bulk.
    1. Repeat the previous step but choose
      Bulk Rapid7 Get Scans and Report Handling V2- PANW IoT 3rd Party Integration
      for the playbook.
    2. Wait until the previous job is finished, select the name of this job, and then click
      Run now
      at the top of the Jobs table.
  5. View imported vulnerability scan reports in the
    IoT Security
    portal.
    Open the
    Device Details
    page for a device whose report you want to see and then click the link to the PDF in the Security summary section near the top of the page.
    or
    Click
    Logs & Reports
    Reports
    Vulnerability Scan Reports
    and click the report name for a scanned device.

Recommended For You