Set up Rapid7 InsightVM for Integration

Set up Rapid7 for integration with IoT Security through Cortex XSOAR.
When either the Cortex XSOAR cloud or an on-premises XSOAR engine connects to either a cloud-based or on-premises Rapid7 management system, it must authenticate itself by presenting a valid username and password belonging to a user account with all security console permission. It can either use an existing user account or one that you can create specifically for it.
These integration instructions assume you have already set up one or more sites and know where the devices you want to scan are. Although they are based on Rapid7 InsightVM 6.5.67, you can still use them as a guide if you’re integrating IoT Security with Rapid7 Nexpose.
  1. Log in to the security console of your Rapid7 management system.
    After logging in to the system for the site where you want to scan IoT devices, note the URL. You will need it when configuring the Rapid7 instance in Cortex XSOAR later.
  2. Create a user account.
    1. Click
      Administration
      and then click
      Create
      in the Users section.
    2. In the General tab, enter the following:
      User Name
      : Enter the name for the user account such as IoTSecurity1.
      Authentication method
      : InsightVM user
      Full name
      : Enter a name such as user1.
      E-mail address
      : Enter your email address.
      Password
      and
      Confirm Password
      : Enter a password for the user account.
      Passwords must be at least six characters long.
      Account enable
      : (select)
    3. Click
      Roles
      and choose
      Global Administrator
      from the Role drop-down list.
    4. Click
      Site Access
      and confirm that
      Allow this user to access all sites
      is selected.
    5. Click
      Asset Group Access
      and confirm that
      Allow this user to access all asset groups
      is selected.
    6. Save
      your changes.

Recommended For You