IoT Security Integration Guide
    : Get Vulnerability Scan Reports from Rapid7
    Focus
    Download PDF
    Focus
    1. Home
    2. IoT
    3. IoT Security Integration Guide
    4. Vulnerability Scanning
    5. Get Vulnerability Scan Reports from Rapid7
    Download PDF

    IoT Security Integration Guide

    Get Vulnerability Scan Reports from Rapid7

    Table of Contents

    Get Vulnerability Scan Reports from Rapid7

    Generate and import Rapid7 vulnerability scan reports into IoT Security and then view them from the IoT Security portal.
    Cortex XSOAR can run jobs that generate vulnerability scan reports that Rapid7 performed, even those not initiated from the IoT Security portal, and then import them to IoT Security when they include devices in the IoT Security inventory.
    There are two pairs of jobs that generate vulnerability scan reports and import them into IoT Security. One pair runs periodically and imports scan reports incrementally. The first job in this pair generates vulnerability scan reports that Rapid7 performed within the past hour, and the second job imports them. The other pair of jobs must be manually initiated and imports scan reports into IoT Security in bulk. The first job in this pair generates vulnerability scan reports that Rapid7 performed over the past 30 days, and the second job imports them.
    Because the bulk job retrieves all vulnerability reports for the past 30 days, older reports for devices with dynamically assigned IP addresses might not align with devices using these IP addresses now. As a result, vulnerability information might be associated with the wrong devices and risk scores might be miscalculated. Therefore, use this tool sparingly and with caution, or rely solely on the periodic job to gather recently generated reports from Rapid7 incrementally.
    Rapid7 supports scans of single devices and multiple devices. If a Rapid7 vulnerability scan report for single or multiple devices includes any devices in your IoT Security inventory, then the IoT Security portal displays the report on the Device Details page for the included devices and on Logs & ReportsReportsVulnerability Scan Reports.
    A vulnerability scan report for multiple devices contains results for all the scanned devices. However, IoT Security changes the report name of the file that each scanned device links to so that the name includes its MAC address. As a result, different report names will link to the same file if the report includes results for multiple devices.
    The following is the pair of Cortex XSOAR jobs that generate vulnerability scan reports performed in the last hour and then import them from Rapid7 to IoT Security:
    • Incremental Report Generation for Rapid7 Scans – This job instructs Rapid7 to generate reports for all vulnerability scans it performed within the last hour. These are not only scans initiated from the IoT Security portal but all scans that Rapid7 performed regardless of where they were initiated. By default, this job runs every 60 minutes after you enable it.
    • PANW IoT Incremental Import of Reports from Rapid7 – Enable this job to import the reports that Rapid7 generated for the last hour. Consider enabling this job 10 or 15 minutes after the first job to give Rapid7 time to finish generating its reports.
    If you are using the default integration instance (and haven’t changed its name), select Jobs in the left navigation panel in the Cortex XSOAR interface, search for rapid7, select the name of the job, and click Enable.
    The following is the pair of Cortex XSOAR jobs that generate vulnerability scan reports for the past 30 days and then import them in bulk from Rapid7 to IoT Security:
    • Bulk Report Generation for Rapid7 Scans – This job instructs Rapid7 to generate reports for all vulnerability scans it performed over the last 30 days. These are not only scans initiated from the IoT Security portal but all scans that Rapid7 performed regardless of where they were initiated. Run this report on demand.
    • PANW IoT Bulk Import of Reports from Rapid7 – When the status of the previous job is complete, run this job to import the reports that Rapid7 generated for the last 30 days. Check the status on the Jobs page in the Cortex XSOAR interface.
    If you are using the default integration instance (and haven’t changed its name), select Jobs in the left navigation panel in the Cortex XSOAR interface, search for rapid7, select the name of the job, and click Run.
    If you are using a custom-defined integration instance that you created, follow the steps below.
    1. Create a job in Cortex XSOAR to generate Rapid7 vulnerability scan reports incrementally.
      1. Navigate to Settings in the Cortex XSOAR UI, open the Rapid7 integration instance that you previously created, and copy the integration instance name.
      2. Navigate to Jobs and then click New Job at the top of the page.
      3. In the New Job panel that appears, enter the following and leave the other settings at their default values:
        Recurring: Select this to poll Rapid7 periodically for new reports.
        Every: Enter a number and set the interval value (Minutes, Hours, Days, or Weeks) and select the days on which to run the job. (To run the job every day, either select all days or leave them unselected.) This determines how often Cortex XSOAR checks Rapid7 for scan reports generated within the past hour and downloads them if available.
        To ensure IoT Security doesn’t miss any reports, set this for 1 hour (or 60 minutes).
        Name: Enter a name for the job.
        Playbook: Choose Incremental Rapid7 Get Scans and Generate Reports V2- PANW IoT 3rd Party Integration.
        Integration Instance Name: Paste the Rapid7 integration instance name you copied.
      4. Click Create new job.
      5. To start running the job at recurring intervals, select the job and click Enable at the top of the Jobs table.
    2. Create a job to import Rapid7 vulnerability scan reports incrementally.
      1. Repeat the previous step but choose Incremental Rapid7 Get Scans and Report Handling V2- PANW IoT 3rd Party Integration for the playbook.
      2. Wait 10 or 15 minutes after enabling the previous job, select the name of this job, and then click Enable at the top of the Jobs table.
    3. Create a job to generate Rapid7 vulnerability scan reports in bulk.
      1. On the Settings page in the Cortex XSOAR UI, open the Rapid7 integration instance that you previously created and copy the integration instance name.
      2. Navigate to Jobs and then click New Job at the top of the page.
      3. In the New Job panel, enter the following and leave the other settings at their default values:
        Name: Enter a name for the job.
        Playbook: Choose Bulk Rapid7 Get Scans and Generate Reports V2- PANW IoT 3rd Party Integration.
        Integration Instance Name: Paste the Rapid7 integration instance name you copied.
      4. Click Create new job.
      5. To initiate the job, select it and then click Run now at the top of the Jobs table.
    4. Create a job to import Rapid7 vulnerability scan reports in bulk.
      1. Repeat the previous step but choose Bulk Rapid7 Get Scans and Report Handling V2- PANW IoT 3rd Party Integration for the playbook.
      2. Wait until the previous job is finished, select the name of this job, and then click Run now at the top of the Jobs table.
    5. View imported vulnerability scan reports in the IoT Security portal.
      Open the Device Details page for a device whose report you want to see and then click the link to the PDF in the Security summary section near the top of the page.
      or
      Click Logs & ReportsReportsVulnerability Scan Reports and click the report name for a scanned device.

    © 2024 Palo Alto Networks, Inc. All rights reserved.