Get Vulnerability Scan Reports from Rapid7
Table of Contents
Expand all | Collapse all
-
- Integrate IoT Security with AIMS
- Set up AIMS for Integration
- Set up IoT Security and XSOAR for AIMS Integration
- Send Work Orders to AIMS
- Integrate IoT Security with Microsoft SCCM
- Set up Microsoft SCCM for Integration
- Set up IoT Security and XSOAR for SCCM Integration
- Integrate IoT Security with Nuvolo
- Set up Nuvolo for Integration
- Set up IoT Security and XSOAR for Nuvolo Integration
- Send Security Alerts to Nuvolo
- Send Vulnerabilities to Nuvolo
- Integrate IoT Security with ServiceNow
- Set up ServiceNow for Integration
- Set up IoT Security and XSOAR for ServiceNow Integration
- Send Security Alerts to ServiceNow
- Send Vulnerabilities to ServiceNow
-
- Integrate IoT Security with Cortex XDR
- Set up Cortex XDR for Integration
- Set up IoT Security and XSOAR for XDR Integration
- Integrate IoT Security with CrowdStrike
- Set up CrowdStrike for Integration
- Set up IoT Security and XSOAR for CrowdStrike Integration
- Integrate IoT Security with Microsoft Defender XDR
- Set up Microsoft Defender XDR for Integration
- Set up IoT Security and Cortex XSOAR for Microsoft Defender XDR Integration
- Integrate IoT Security with Tanium
- Set up Tanium for Integration
- Set up IoT Security and XSOAR for Tanium Integration
-
- Integrate IoT Security with Aruba AirWave
- Set up Aruba AirWave for Integration
- Set up IoT Security and Cortex XSOAR for Aruba AirWave Integration
- View Device Location Information
- Integrate IoT Security with Aruba Central
- Set up Aruba Central for Integration
- Set up IoT Security and XSOAR for Aruba Central Integration
- Integrate IoT Security with Cisco DNA Center
- Set up Cisco DNA Center to Connect with XSOAR Engines
- Set up IoT Security and XSOAR for DNA Center Integration
- Integrate IoT Security with Cisco Meraki Cloud
- Set up Cisco Meraki Cloud for Integration
- Set up IoT Security and XSOAR for Cisco Meraki Cloud
- Integrate IoT Security with Cisco Prime
- Set up Cisco Prime to Accept Connections from IoT Security
- Set up IoT Security and XSOAR for Cisco Prime Integration
- Integrate IoT Security with Network Switches for SNMP Discovery
- Set up IoT Security and Cortex XSOAR for SNMP Discovery
- Integrate IoT Security with Switches for Network Discovery
- Set up IoT Security and Cortex XSOAR for Network Discovery
-
- Integrate IoT Security with Aruba WLAN Controllers
- Set up Aruba WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Aruba WLAN Controllers
- Integrate IoT Security with Cisco WLAN Controllers
- Set up Cisco WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Cisco WLAN Controllers
-
- Integrate IoT Security with Aruba ClearPass
- Set up Aruba ClearPass for Integration
- Set up IoT Security and XSOAR for ClearPass Integration
- Put a Device in Quarantine Using Aruba ClearPass
- Release a Device from Quarantine Using Aruba ClearPass
- Integrate IoT Security with Cisco ISE
- Set up Cisco ISE to Identify IoT Devices
- Set up Cisco ISE to Identify and Quarantine IoT Devices
- Configure ISE Servers as an HA Pair
- Set up IoT Security and XSOAR for Cisco ISE Integration
- Put a Device in Quarantine Using Cisco ISE
- Release a Device from Quarantine Using Cisco ISE
- Apply Access Control Lists through Cisco ISE
- Integrate IoT Security with Cisco ISE pxGrid
- Set up Integration with Cisco ISE pxGrid
- Put a Device in Quarantine Using Cisco ISE pxGrid
- Release a Device from Quarantine Using Cisco ISE pxGrid
- Integrate IoT Security with Forescout
- Set up Forescout for Integration
- Set up IoT Security and XSOAR for Forescout Integration
- Put a Device in Quarantine Using Forescout
- Release a Device from Quarantine Using Forescout
-
- Integrate IoT Security with Qualys
- Set up QualysGuard Express for Integration
- Set up IoT Security and XSOAR for Qualys Integration
- Perform a Vulnerability Scan Using Qualys
- Get Vulnerability Scan Reports from Qualys
- Integrate IoT Security with Rapid7
- Set up Rapid7 InsightVM for Integration
- Set up IoT Security and XSOAR for Rapid7 Integration
- Perform a Vulnerability Scan Using Rapid7
- Get Vulnerability Scan Reports from Rapid7
- Integrate IoT Security with Tenable
- Set up Tenable for Integration
- Set up IoT Security and XSOAR for Tenable Integration
- Perform a Vulnerability Scan Using Tenable
- Get Vulnerability Scan Reports from Tenable
Get Vulnerability Scan Reports from Rapid7
Generate and import Rapid7 vulnerability scan reports into IoT Security and then
view them from the IoT Security portal.
Cortex XSOAR can run jobs that generate vulnerability scan reports that Rapid7 performed,
even those not initiated from the IoT Security portal, and then import them to
IoT Security when they include devices in the IoT Security
inventory.
There are two pairs of jobs that generate vulnerability scan reports and import them into IoT Security. One pair runs periodically and imports scan reports
incrementally. The first job in this pair generates vulnerability scan reports that
Rapid7 performed within the past hour, and the second job imports them. The other
pair of jobs must be manually initiated and imports scan reports into IoT Security in bulk. The first job in this pair generates vulnerability scan
reports that Rapid7 performed over the past 30 days, and the second job imports
them.
Because the bulk job retrieves all
vulnerability reports for the past 30 days, older reports for devices
with dynamically assigned IP addresses might not align with devices
using these IP addresses now. As a result, vulnerability information
might be associated with the wrong devices and risk scores might
be miscalculated. Therefore, use this tool sparingly and with caution,
or rely solely on the periodic job to gather recently generated
reports from Rapid7 incrementally.
Rapid7 supports scans of single devices and multiple devices. If a Rapid7 vulnerability scan
report for single or multiple devices includes any devices in your IoT Security inventory, then the IoT Security portal displays the report on the
Device Details page for the included devices and on Logs & ReportsReportsVulnerability Scan Reports.
A
vulnerability scan report for multiple devices contains results for
all the scanned devices. However, IoT Security changes the report
name of the file that each scanned device links to so that the name
includes its MAC address. As a result, different report names will
link to the same file if the report includes results for multiple
devices.
The following is the pair of Cortex XSOAR jobs that generate vulnerability
scan reports performed in the last hour and then import them from Rapid7 to IoT Security:
- Incremental Report Generation for Rapid7 Scans – This job instructs Rapid7 to generate reports for all vulnerability scans it performed within the last hour. These are not only scans initiated from the IoT Security portal but all scans that Rapid7 performed regardless of where they were initiated. By default, this job runs every 60 minutes after you enable it.
- PANW IoT Incremental Import of Reports from Rapid7 – Enable this job to import the reports that Rapid7 generated for the last hour. Consider enabling this job 10 or 15 minutes after the first job to give Rapid7 time to finish generating its reports.
If you are using the default integration instance (and haven’t changed its
name), select Jobs in the left navigation panel in the Cortex XSOAR interface, search for rapid7, select
the name of the job, and click Enable.
The following is the pair of Cortex XSOAR jobs that generate
vulnerability scan reports for the past 30 days and then import them in bulk from
Rapid7 to IoT Security:
- Bulk Report Generation for Rapid7 Scans – This job instructs Rapid7 to generate reports for all vulnerability scans it performed over the last 30 days. These are not only scans initiated from the IoT Security portal but all scans that Rapid7 performed regardless of where they were initiated. Run this report on demand.
- PANW IoT Bulk Import of Reports from Rapid7 – When the status of the previous job is complete, run this job to import the reports that Rapid7 generated for the last 30 days. Check the status on the Jobs page in the Cortex XSOAR interface.
If you are using the default integration instance (and haven’t changed its
name), select Jobs in the left navigation panel in the Cortex XSOAR interface, search for rapid7, select
the name of the job, and click Run.
If you are
using a custom-defined integration instance that you created, follow the
steps below.
- Create a job in Cortex XSOAR to generate Rapid7 vulnerability scan reports incrementally.
- Navigate to Settings in the Cortex XSOAR UI, open the Rapid7 integration instance that you previously created, and copy the integration instance name.
- Navigate to Jobs and then click New Job at the top of the page.
- In the New Job panel that appears, enter the following and leave the other settings at their default values:Recurring: Select this to poll Rapid7 periodically for new reports.Every: Enter a number and set the interval value (Minutes, Hours, Days, or Weeks) and select the days on which to run the job. (To run the job every day, either select all days or leave them unselected.) This determines how often Cortex XSOAR checks Rapid7 for scan reports generated within the past hour and downloads them if available.To ensure IoT Security doesn’t miss any reports, set this for 1 hour (or 60 minutes).Name: Enter a name for the job.Playbook: Choose Incremental Rapid7 Get Scans and Generate Reports V2- PANW IoT 3rd Party Integration.Integration Instance Name: Paste the Rapid7 integration instance name you copied.
- Click Create new job.
- To start running the job at recurring intervals, select the job and click Enable at the top of the Jobs table.
Create a job to import Rapid7 vulnerability scan reports incrementally.- Repeat the previous step but choose Incremental Rapid7 Get Scans and Report Handling V2- PANW IoT 3rd Party Integration for the playbook.
- Wait 10 or 15 minutes after enabling the previous job, select the name of this job, and then click Enable at the top of the Jobs table.
Create a job to generate Rapid7 vulnerability scan reports in bulk.- On the Settings page in the Cortex XSOAR UI, open the Rapid7 integration instance that you previously created and copy the integration instance name.
- Navigate to Jobs and then click New Job at the top of the page.
- In the New Job panel, enter the following and leave the other settings at their default values:Name: Enter a name for the job.Playbook: Choose Bulk Rapid7 Get Scans and Generate Reports V2- PANW IoT 3rd Party Integration.Integration Instance Name: Paste the Rapid7 integration instance name you copied.
- Click Create new job.
- To initiate the job, select it and then click Run now at the top of the Jobs table.
Create a job to import Rapid7 vulnerability scan reports in bulk.- Repeat the previous step but choose Bulk Rapid7 Get Scans and Report Handling V2- PANW IoT 3rd Party Integration for the playbook.
- Wait until the previous job is finished, select the name of this job, and then click Run now at the top of the Jobs table.
View imported vulnerability scan reports in the IoT Security portal.Open the Device Details page for a device whose report you want to see and then click the link to the PDF in the Security summary section near the top of the page.orClick Logs & ReportsReportsVulnerability Scan Reports and click the report name for a scanned device.