Skip to main content
Sign in

Creating an extended integration for Rapid7 InsightVM assets and software

  • November 10, 2024 13:07
  • Updated

Let Oomnitza be your single source of truth!

You'll get complete visibility of your assets as data from Rapid7 InsightVM is automatically transformed into consumable information and actionable insights.

Connect Oomnitza and Rapid7 InsightVM in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

  • Configurable dashboards and list views of key asset and software information
  • Configurable reports to share information about assets and software with your colleagues and management such as corporate-wide reports that detail the distribution and status of the assets and software in your environment
  • Configurable workflows that you can easily create to automate tasks such as:
    • Getting asset information and deleting assets
    • Getting and deleting asset tags

Navigation

small_blue_link.svgSetting your Rapid7 Subdomain as a global variable

small_blue_link.svgAdding the credentials

small_blue_link.svgCreating the asset integration

small_blue_link.svgCreating custom mappings

small_blue_link.svg Creating workflows

Creating asset workflows with the API block

Get Asset Details

Get Asset Users

Delete Asset

Get Asset Tags

Assign Tag to Asset

Delete Tag from Asset

Before you start

Best practice
For the integration with Oomnitza, create a dedicated user account.

To stream Rapid7 InsightVM asset and user data into Oomnitza, you must add your Rapid7 authentication credentials to the vault in Oomnitza. 

To create the integrations with Oomnitza, you need to know:

  • The email address and password of a Rapid7 user with administrator privileges. When adding the credentials to Oomnitza, you enter the email as the username.
  • The Rapid7 API host name. The format of the URL is https://<host>:<port>/api/3 . You enter the host part of the URL. If you don't know the Rapid7 host name, contact Rapid7 Support. 
  • The Rapid7 API port number. The format of the URL is https://<host>:<port>/api/3 . You enter the number that is shown after the colon (:). If you don't know the Rapid7 port number contact Rapid7 Support. 

small_blue_link.svg For more information, see INSIGHTVM API (V3) 

Setting your Rapid7 API host name and port as a global variable

To save time entering information when you integrate Rapid7, you can add the API port number and API host name as global variables in Oomnitza.

  1. From the menu, go to Configuration>General.
  2. Click Global Settings.
  3. Click Add new variable (+). 
  4. Enter Rapid7.Api Port as the variable key.
  5. Enter the port number as the value.
  6. Click SAVE.
  7. Repeat step 1 and 2.
  8. Enter Rapid7.Api Host as the variable key.
  9.  Enter the host name as the value.
  10. Click SAVE.

Adding the credentials

To authorize connections between Oomnitza and Rapid7, complete these steps:

  1. In Oomnitza, go to Configuration>Security>Credentials.
  2. Click Add new credential (+).
  3. Search for the integration, and then click the forward button > to select the integration.
  4. Enter the user name and password of your account
  5. Click Create.

Integration not in the list? Click Advanced Mode and complete these steps:

  1. Add the information details.
  2. Click the AUTHORIZATION tab.
  3. Ensure that Basic Auth is selected as the authorization type.
  4. Enter the user name and password of your account.
  5. Click Create

You use the credentials that you added to create and customize your Rapid7 integrations with Oomnitza.

Creating the asset integration

information_blue_icon.svgWhen you create asset integrations, you can also stream information about the software, such as the software name and version into Oomnitza. This option is only available if you add the software module to Oomnitza.

  1. In Oomnitza, click Configuration> Integrations> Overview.
  2. Click Block view block_view.PNG
  3. Scroll down to the Extended section for asset integrations.
  4. Click NEW INTEGRATION.
  5. Select the integration in the sidebar.
  6. Click ADD.

Integration details overview

More information is provided about the following fields to help you complete the integration:

Installation type

Select Cloud if you want to store credentials in the Oomnitza cloud.

Select Local if you want to store credentials locally. Local extended integrations do not support AWS and OAuth authentication. If you want to sync Oomnitza with vendor applications that require AWS or OAUTH authentication, select Cloud.

Integration preferences

By default, the option Create & Update option is selected. Select this option  when you want to edit records and add new records. If you want to edit records and not add new records, select Update Only. If you only want to add new records, select Create Only.

Integration details

To review or update the integrations details, click Edit edit_black_pencil_icon.svg.

  1. Update the integration name if necessary. 
  2. Select an installation type.
  3. For integration preferences, select an option.
  4. Enter the name of the integration user.

Credential details

If you selected Cloud as the installation type, choose one of the following options:

  • Select the credentials that were created for the integration.
  • Edit the credentials that were created for the integration.
  • Create new credentials

Schedule

By default, data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

  1. Click the Edit edit_black_pencil_icon.svg.
  2. Configure your schedule.
  3. Click Update.

Mappings

To map the fields to Oomnitza, click Edit edit_black_pencil_icon.svg.

TipBulb_Icon_small.svgYou can define rules for your integration by selecting Edit integration edit_integration.svg on the mapping page. For example, you may only want to run the integration if a certain contact or region exists. See Filtering integration results.  
You can add new fields to your integration by selecting Add new field  add_grey_rectangel_icon.svg on the mapping page. All you need to do is specify the property name. See Creating custom API fields. 

Creating custom mappings

Map Rapid7 fields to Oomnitza fields to get the asset information that you need. For the field mapping, it is recommended to follow these steps:

  1. Click SMART MAPPINGS.
  2. You must create a custom mapping for the Rapid7 Id field. To do this, complete these steps:
    1. Click the down arrow on the Id field.
    2. Select Add new Oomnitza assets field.
    3. Change the name of the Id field to Rapid7 Device ID
    4. Click CREATE
  3. Create custom mappings to map any other field that you want to add to Oomnitza:
    1. Click the down arrow on the field that you want to map.
    2. Select Add new Oomnitza assets field.
    3. Change the name of the field.
    4. Click CREATE
  4. Assign a sync key to the Rapid7 Device ID field.
  5. Click UPDATE

Tracking information for asset loads 

When the integration is run, you can track the name of the credentials that were used and the source of the data. To do this, you map the following fields to Oomnitza:   

  • Connect: Credentials
  • Connect: Rapid7 API Host
  • Connect: Rapid7 API Port

Custom mappings

Connector Sync Time
Fingerprint Product
Host Name
Id
Ip
Is Assessed For Policies
Is Assessed For Vulnerabilities
Mac
Os
Os Fingerprint Architecture
Os Fingerprint Cpe Edition
Os Fingerprint Cpe Language
Os Fingerprint Cpe Other
Os Fingerprint Cpe Part
Os Fingerprint Cpe Product
Os Fingerprint Cpe Sw Edition
Os Fingerprint Cpe Target HW
Os Fingerprint Cpe Target SW
Os Fingerprint Cpe Update
Os Fingerprint Cpe V2.2
Os Fingerprint Cpe V2.3
Os Fingerprint Cpe Vendor
Os Fingerprint Cpe Version
Os Fingerprint Description
Os Fingerprint Family
Os Fingerprint Id
Os Fingerprint System Name
Os Fingerprint Type
Os Fingerprint Vendor
Os Fingerprint Version
Raw Risk Score
Risk Score
Type
Vulnerabilities Critical
Vulnerabilities Exploits
Vulnerabilities Malware Kits
Vulnerabilities Moderate
Vulnerabilities Severe
Vulnerabilities Total

Launching the integration

Your integration is in Draft mode until the required mandatory fields are added. When added, click Launch to activate your integration. 

small_blue_link.svg If you selected Cloud as the installation type when creating the integration, see Running an extended integration

small_blue_link.svg If you selected Local as the installation type when creating the integration, see Running an extended integration locally.

Viewing data ingested by Oomnitza

Viewing ingested asset data

For asset integrations, click Hardware. If the asset integration also ingests software data, click Software.

Viewing ingested user data

For user integrations, click People. If you chose the option to ingest User and SaaS user data, click Software > SaaS, click the SaaS app, and then click the Users tab. 

Related Links

Creating workflows

Creating asset workflows with the API block

To reduce your workload and automate complex and repetitive tasks, you can create workflows with the API block by following the steps in Using the API blockTo locate the available presets, enter Rapid7 in the Select Preset search fieldSelect your preset of choice and for every preset enter the following information in the Configure section:

  • Your Rapid7 API host name and port number, which is derived from the global variable Rapid7.Api Host and Rapid7.Api Port that you configured in Setting your Rapid7 Subdomain as a global variable. Alternatively, you can enter this information manually.
  • You credentials, which you created in Adding the credentials.
  • The Rapid7 Device ID. The Rapid7 Device ID is assumed to be stored in the Rapid7 Device ID field that you created in Custom mappings. To manually modify the device id, complete the following steps:
    1. Click the Advanced Mode button located in the upper right of the window.
    2. In the Information tab, replace the field {{rapid7_device_id}} in the URL with the device id. 

The Rapid7 API block workflow comes with the following presets for assets:

Get Asset Details
Get Asset Users
Delete Asset
Get Asset Tags
Assign Tag to Asset
Delete Tag from Asset

Using the Rapid7 Get Asset Details Preset

The Get Asset Details preset returns the details of an asset. You can use the Advanced Mode to configure the message payload. To do this, complete the following steps:

  1. In the API block window, click the Advanced Mode button located in the upper right of the window.
  2. In the Information tab, you will notice that the Rapid7 Device ID is referenced in the field {{rapid7_device_id}}that you created in Creating custom mappings. 
  3. Select the Response tab. You can map the entire response by placing {{response}} in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. For further information on how to map an API response, see Mapping positive and negative responses.

Refer to the Rapid7 REST API documentation: Get Asset Details for further information.

Using the Rapid7 Get Asset Users preset

The Get Asset Users preset returns asset users enumerated on an asset. You can follow the steps in Using the Rapid7 Get Asset Details Preset to configure the message payload.

Refer to the Rapid7 REST API documentation: Asset Users for further information.

Using the Rapid7 Delete Asset Preset

The Delete Asset preset allows you to delete an asset. You can follow the steps in Using the Rapid7 Get Asset Details Preset to configure the message payload.

Refer to the Rapid7 REST API documentation: Delete Asset for further information.

Using the Rapid7 Get Asset Tags Preset

The Get Asset Tags returns all tags on an asset. You can use the Advanced Mode to configure the message payload. To do this, complete the following steps:

  1. In the API block window, click the Advanced Mode button located in the upper right of the window.
  2. In the Information tab, you will notice that the Rapid7 Device ID is referenced in the field {{rapid7_device_id}} that you created in Creating custom mappings. 
  3. Select the Response tab. You can map the entire response by placing {{response}} in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. For further information on how to map an API response, see Mapping positive and negative responses.
  4. Once you have the entire response, you can then map individual JSON values to custom fields. For example, you could map the tag id returned in the Get Asset Tag response to a custom Oomnitza field as per the example below. rapid7apiblock.PNG

Refer to the Rapid7 REST API documentation: Get Asset Tags for further information.

Using the Rapid7 Assign Tag to Asset Preset

The Assign Tag to Asset preset allows you to assign a tag to an asset. When you select this preset, you need to supply your Rapid7 Tag Id. You can follow the steps in Using the Rapid7 Get Asset Tags Preset to retrieve your Rapid Tag Id.

Refer to the Rapid7 REST API documentation: Tag Asset for further information.

Using the Rapid7 Delete Tag from Asset Preset

The Delete Tag from Asset preset allows you to delete a tag from an asset. When you select this preset, you need to supply your Rapid7 Tag Id. You can follow the steps in Using the Rapid7 Get Asset Tags Preset to retrieve your Rapid Tag Id.

Refer to the Rapid7 REST API documentation: Delete Asset Tag for further information.

articles_icon.svg Reference articles for workflows

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

      • Configure dashboards for your users and software
      • Configure custom reports about your users and software
      • Create workflows to automate tasks

See small_blue_link.svg Getting started for more information.

Did you know
You can also create extended connector integrations for Rapid7 Users.
small_blue_link.svg Creating an extended integration for Rapid7 users

Related articles

Comments

0 comments

Please sign in to leave a comment.