Skip to main content
Sign in

Creating an extended integration for Rapid7 InsightVM assets

Caroline Maguire
  • June 08, 2022 15:21
  • Updated

Let Oomnitza be your single source of truth!

You'll get complete visibility of your assets as data from Rapid7 InsightVM is automatically transformed into consumable information and actionable insights.

Connect Oomnitza and Rapid7 InsightVM in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

  • Configurable dashboards and list views of key asset and software information
  • Configurable reports to share information about assets and software with your colleagues and management such as corporate-wide reports that detail the distribution and status of the assets and software in your environment
  • Configurable workflows that you can easily create to automate tasks such as:
    • Getting asset information and deleting assets
    • Getting and deleting asset tags

Navigation

small_blue_link.svgSetting your Rapid7 Subdomain as a global variable

small_blue_link.svgAdding the credentials

small_blue_link.svgCreating the asset integration

small_blue_link.svgCreating custom mappings

small_blue_link.svg Creating workflows

Creating asset workflows with the API block

Get Asset Details

Get Asset Users

Delete Asset

Get Asset Tags

Assign Tag to Asset

Delete Tag from Asset

Before you start

Best practice
For the integration with Oomnitza, create a dedicated user account.

To stream Rapid7 InsightVM asset and user data into Oomnitza, you must add your Rapid7 authentication credentials to the vault in Oomnitza. 

To create the integrations with Oomnitza, you need to know:

  • The email address of a Rapid7 user with administrator privileges
  • The Rapid7 port number and host name. If you don't know the Rapid7 port number and host name, contact Rapid7 Support. 

small_blue_link.svg For more information, see INSIGHTVM API (V3) 

Setting your Rapid7 API host name and port as a global variable

To save time entering information when you integrate Rapid7, you can add the API port number and API host name as global variables in Oomnitza.

  1. From the menu, go to Configuration>General.
  2. Click Global Settings.
  3. Click Add new variable (+). 
  4. Enter Rapid7.Rapid7 API Port as the variable name.
  5. Enter the port number.
  6. Click SAVE.
  7. Repeat step 1 and 2.
  8. Enter Rapid7.Rapid7 API Host as the variable name.
  9.  Enter the host name.
  10. Click SAVE.

Adding the credentials

To authorize connections between Oomnitza and Rapid7, complete these steps:

  1. In Oomnitza, go to Configuration>Security>Credentials.
  2. Click Add new credential (+).
  3. Add the information details.
  4. Click the AUTHORIZATION tab.
  5. As authorization type, ensure that Basic Auth is selected .
  6. Enter the email address and password of a Rapid7 user with administrator privileges.
  7. Click CREATE

You use the credentials that you added to create and customize your Rapid7 integrations with Oomnitza.

Creating the asset integration

To configure the integration for the Rapid7 Asset Load, complete the following steps:

  1. From the menu, go to Configuration>Integrations>Overview.
  2. Click Integrations List View small_SettingsListView.svg.
  3. On the Integrations page, scroll down to the Extended section for Assets.
  4. Click NEW INTEGRATION.
  5. In the New Asset Integration sidebar, click Rapid7.
  6. To integrate Oomnitza with the Rapid7 Asset Load, click APPLY and then click NEXT twice.

On the connect page, complete the following steps to connect the integration:

  1. Enter a descriptive name for the integration such as Rapid7 Assets. That'll be the name of the integration that is shown on the Integrations page.
  2. Select Cloud as the installation type.
  3. From the Credentials list, select the credentials from the Oomnitza vault that you added for the connection.
  4. From the Integration Preferences list, select Create & Update
  5. Enter the name of the user of the integration.
  6. Enter the Rapid7 API host name. The format of the URL is https://<host>:<port>/api/3 . You enter the host part of the URL.
  7. Enter the Rapid7 API port number. The format of the URL is https://<host>:<port>/api/3 . You enter the number that is shown after the colon (:).
  8. Click Next.

Creating custom mappings

Map Rapid7 fields to Oomnitza fields to get the asset information that you need. For the field mapping, it is recommended to follow these steps:

  1. Click SMART MAPPINGS.
  2. You must create a custom mapping for the Rapid7 Id field. To do this, complete these steps:
    1. Click the down arrow on the Id field.
    2. Select Add new Oomnitza assets field.
    3. Change the name of the Id field to Rapid7 Device ID
    4. Click CREATE
  3. Create custom mappings to map any other field that you want to add to Oomnitza:
    1. Click the down arrow on the field that you want to map.
    2. Select Add new Oomnitza assets field.
    3. Change the name of the field.
    4. Click CREATE
  4. Assign a sync key to the Rapid7 Device ID field.
  5. Click NEXT

Tracking information for asset loads 

When the integration is run, you can track the name of the credentials that were used and the source of the data. To do this, you map the following fields to Oomnitza:   

  • Connect: Credentials
  • Connect: Rapid7 API Host
  • Connect: Rapid7 API Port

Custom mappings

Connector Sync Time
Fingerprint Product
Host Name
Id
Ip
Is Assessed For Policies
Is Assessed For Vulnerabilities
Mac
Os
Os Fingerprint Architecture
Os Fingerprint Cpe Edition
Os Fingerprint Cpe Language
Os Fingerprint Cpe Other
Os Fingerprint Cpe Part
Os Fingerprint Cpe Product
Os Fingerprint Cpe Sw Edition
Os Fingerprint Cpe Target HW
Os Fingerprint Cpe Target SW
Os Fingerprint Cpe Update
Os Fingerprint Cpe V2.2
Os Fingerprint Cpe V2.3
Os Fingerprint Cpe Vendor
Os Fingerprint Cpe Version
Os Fingerprint Description
Os Fingerprint Family
Os Fingerprint Id
Os Fingerprint System Name
Os Fingerprint Type
Os Fingerprint Vendor
Os Fingerprint Version
Raw Risk Score
Risk Score
Type
Vulnerabilities Critical
Vulnerabilities Exploits
Vulnerabilities Malware Kits
Vulnerabilities Moderate
Vulnerabilities Severe
Vulnerabilities Total

blue_link.svg Learn more about mapping

 

When you've completed mapping Rapid7 fields to Oomnitza fields, click NEXT.   

Schedule

By default, data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

  1. Configure your schedule.
  2. Click FINISH.

Result

A new tile is created for the integration on the Integrations page. 

What to do next

If you want to see what information is collected now, click the tile on the Integrations page and click RUN NOW.

If you want to change the integration settings, you can click a navigation link on the page, such as 4 Mappings, and edit the settings.

edit-integration.svg 

Tip
To view the information that is collected about your mobile assets, click Assets

Creating workflows

Creating asset workflows with the API block

To reduce your workload and automate complex and repetitive tasks, you can create workflows with the API block by following the steps in Creating asset workflows with the API blockTo locate the available presets, enter Rapid7 in the Select Preset search fieldSelect your preset of choice and for every preset enter the following information in the Configure section:

  • Your Rapid7 API host name and port number, which is derived from the global variable Rapid7.Rapid7 API Host and Rapid7.Rapid7 API Port that you configured in Setting your Rapid7 Subdomain as a global variable. Alternatively, you can enter this information manually.
  • You credentials, which you created in Adding the credentials.
  • The Rapid7 Device ID. The Rapid7 Device ID is assumed to be stored in the Rapid7 Device ID field that you created in Custom mappings. To manually modify the device id, complete the following steps:
    1. Click the Advanced Mode button located in the upper right of the window.
    2. In the Information tab, replace the field {{rapid7_device_id}} in the URL with the device id. 

The Rapid7 API block workflow comes with the following presets for assets:

Get Asset Details
Get Asset Users
Delete Asset
Get Asset Tags
Assign Tag to Asset
Delete Tag from Asset

Using the Rapid7 Get Asset Details Preset

The Get Asset Details preset returns the details of an asset. You can use the Advanced Mode to configure the message payload. To do this, complete the following steps:

  1. In the API block window, click the Advanced Mode button located in the upper right of the window.
  2. In the Information tab, you will notice that the Rapid7 Device ID is referenced in the field {{rapid7_device_id}}that you created in Creating custom mappings. 
  3. Select the Response tab. You can map the entire response by placing {{response}} in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. For further information on how to map an API response, see Mapping Response variables.

Refer to the Rapid7 REST API documentation: Get Asset Details for further information.

Using the Rapid7 Get Asset Users preset

The Get Asset Users preset returns asset users enumerated on an asset. You can follow the steps in Using the Rapid7 Get Asset Details Preset to configure the message payload.

Refer to the Rapid7 REST API documentation: Asset Users for further information.

Using the Rapid7 Delete Asset Preset

The Delete Asset preset allows you to delete an asset. You can follow the steps in Using the Rapid7 Get Asset Details Preset to configure the message payload.

Refer to the Rapid7 REST API documentation: Delete Asset for further information.

Using the Rapid7 Get Asset Tags Preset

The Get Asset Tags returns all tags on an asset. You can use the Advanced Mode to configure the message payload. To do this, complete the following steps:

  1. In the API block window, click the Advanced Mode button located in the upper right of the window.
  2. In the Information tab, you will notice that the Rapid7 Device ID is referenced in the field {{rapid7_device_id}} that you created in Creating custom mappings. 
  3. Select the Response tab. You can map the entire response by placing {{response}} in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. For further information on how to map an API response, see Mapping Response variables.
  4. Once you have the entire response, you can then map individual JSON values to custom fields. For example, you could map the tag id returned in the Get Asset Tag response to a custom Oomnitza field as per the example below. rapid7apiblock.PNG

Refer to the Rapid7 REST API documentation: Get Asset Tags for further information.

Using the Rapid7 Assign Tag to Asset Preset

The Assign Tag to Asset preset allows you to assign a tag to an asset. When you select this preset, you need to supply your Rapid7 Tag Id. You can follow the steps in Using the Rapid7 Get Asset Tags Preset to retrieve your Rapid Tag Id.

Refer to the Rapid7 REST API documentation: Tag Asset for further information.

Using the Rapid7 Delete Tag from Asset Preset

The Delete Tag from Asset preset allows you to delete a tag from an asset. When you select this preset, you need to supply your Rapid7 Tag Id. You can follow the steps in Using the Rapid7 Get Asset Tags Preset to retrieve your Rapid Tag Id.

Refer to the Rapid7 REST API documentation: Delete Asset Tag for further information.

For further information on workflows see:
small_blue_link.svg Understanding workflows
small_blue_link.svg Enhanced API Block
small_blue_link.svg Mapping Response variables

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

      • Configure dashboards for your users and software
      • Configure custom reports about your users and software
      • Create workflows to automate tasks

See small_blue_link.svg Getting started for more information.

Did you know
You can also create extended connector integrations for Rapid7 Users.
small_blue_link.svg Creating an extended integration for Rapid7 users

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk