Documentation Index

Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt

Use this file to discover all available pages before exploring further.

Rapid7 InsightCloudSec

  • 3 minute(s) read
Prev Next

Overview

Nucleus enables you to ingest cloud resources and cloud misconfiguration findings from Rapid7 InsightCloudSec directly into your Nucleus console using an automated connector. The connector uses the APIs provided by Rapid7 to seamlessly sync data into your Nucleus project for use in analysis, triage, automation, and reporting.

The Rapid7 InsightCloudSec connector supports importing insight findings as compliance findings for cloud resources that have been evaluated against one or more insight packs.

Connector Setup

Connector Setup Checklist

Follow the steps in this checklist to successfully set up this connector:

  1. API Access
    Create an API key in InsightCloudSec.

  2. Connector Configuration
    Create and configure the connector in your Nucleus project.

  3. Data Ingestion
    Create an ingest rules to ingest cloud resources and compliance findings from Rapid7 InsightCloudSec.

1. API Access

Account Access
The InsightCloudSec's API's are arbitrarily limited for basic API-only accounts such that the connector is unable to access all Insight definitions, resulting in missing finding data during normalize and ingestion. Due to this API limitation, we recommend creating an API key for a separate Read-Only Admin account to use as a service account instead of generating a personal API key for a real user's account.
  1. Follow the steps in Rapid7's InsightCloudSec documentation to generate a new Domain Admin with Read-Only permissions.
  2. Login as this new user account.
  3. Click on the user icon in the top right hand corner of the screen, then click Profile.
  4. In the section Personal API Keys, click Generate.
  5. In the Confirm Key Generation dialog, give the new key a name and set the Expiration date to Never. Click Generate.
  6. Make a copy of the API key for use when configuring the connector.

2. Connector Configuration

  1. Open Nucleus and go to Integration Hub > Connector Setup.
  2. Under the Scanners section, click the Rapid7InsightCloudSec icon. You will see the following popup:
  3. In the Setup Rapid7 InsightVM Cloud Connector popup, enter the following information:
FieldDescription
NameEnter an optional name for your connector.
DescriptionEnter an optional description for your connector.
Instance URLEnter the URL to your instance of InsightCloudSec.
API KeyEnter the API Key you created in API Access.
  1. Click Verify Credentials.
  2. Click Save.

3. Data Ingestion

  1. Go to Integration Hub > Import via Connector.
  2. Select the Rapid7 InsightCloudSec connector you just created.
  3. Select importing All Supported Cloud Resources.
  4. Select a schedule to import data into the project.
  5. Click Save & Finish.

Connector Behaviour

Filtering Resource Types

The connector ingest job can be be further limited to only retrieve a subset of resource types. To have this filter enabled, please contact support or your Nucleus Customer Success Manager to request it be put in place, providing the list of resource types you would like to ingest.

Limiting Insight Packs

By default the connector will import all discovered insights for any supported resource type. The connector also supports limiting down the insights by one or more Insight Packs. To have this filter enabled, please contact support or your Nucleus Customer Success Manager to request it to be put in place, providing a list of the insight pack id's to limit by. Note that the insight pack id's should include the source and number, e.g. custom:123.

API Limitation - Missing Insight Definition

The connector uses the InsightCloudSec v2 List Insights API to retrieve definitions for all insights, and uses this during the normalize stage to populate all fields of the compliance finding. According to Rapid7 engineering, this API endpoint will not return definitions for Custom Insights with a named owner. Setting it up in that way means only owners who either created the insight, or are domain admins will be able to see the insight.

If the connector is configured without a user that has Domain Admin permissions and these findings are found, a separate finding called Insight Not Returned From InsightCloudSec v2 List Insights API will be created for each such Insight on each identified asset. For each insight, please update the permission settings to allow anyone to view the Insight, or change the connector's integration account to be a Domain Admin.

Supported Resources Types

The connector supports these resource types:

  • restapi
  • dataanalyticsworkspace
  • servicecertificate
  • contentdeliverynetwork
  • apiaccountingconfig
  • serviceeventbus
  • serviceeventrule
  • serviceloggroup
  • elasticcluster
  • dbcluster
  • dbinstance
  • distributedtable
  • distributedtablecluster
  • mcinstance
  • mcsnapshot
  • snapshot
  • volume
  • privateimage
  • ecstaskdefinition
  • containercluster
  • containerdeployment
  • container
  • containernodegroup
  • containerservice
  • sharedfilesystem
  • loadbalancer
  • mapreducecluster
  • esinstance
  • serviceaccesskey
  • servicepolicy
  • serviceuser
  • servicerole
  • serviceencryptionkey
  • deliverystream
  • datastream
  • serverlessfunction
  • bigdatainstance
  • dnszone
  • servicedomain
  • storagecontainer
  • storageaccount
  • notificationtopic
  • messagequeue
  • storedparameter
  • resourceaccesslist
  • resourceaccesslistrule
  • networkendpointservice
  • privatenetwork
  • webapp
  • serviceencryptionkeyvault
  • bastionhost