Documentation Index

Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt

Use this file to discover all available pages before exploring further.

Rapid7 InsightVM Cloud

  • 2 minute(s) read
Prev Next

Overview

Nucleus enables you to ingest assets and vulnerabilities from Rapid7 InsightVM Cloud directly into your Nucleus console using an automated connector. The connector uses the APIs provided by Rapid7 to seamlessly sync data into your Nucleus project for use in analysis, triage, automation, and reporting.

The Rapid7 InsightVM Cloud connector supports importing vulnerabilities for all assets that have had a vulnerability scan conducted against them.

Connector Setup

Connector Setup Checklist

Follow the steps in this checklist to successfully set up this connector:

  1. API Access
    Create an organization API key in the Insight Platform.

  2. Connector Configuration
    Create and configure the connector in your Nucleus project.

  3. Data Ingestion
    Create one or more ingest rules to ingest assets and vulnerabilities from Rapid7 InsightVM Cloud.

1. API Access

Account Access
We recommend generating an organization key instead of a user key to ensure maximum security and uninterrupted integration.
  1. Follow the steps in Rapid7's Insight Platform documentation to generate an organization API key.
  2. Make a copy of the API key for use when configuring the connector.

2. Connector Configuration

  1. Open Nucleus and go to Integration Hub > Connector Setup.
  2. Under the Scanners section, click the Rapid7InsightVM Cloud icon. You will see the following popup:
  3. In the Setup Rapid7 InsightVM Cloud Connector popup, enter the following information:
FieldDescription
NameEnter an optional name for your connector.
DescriptionEnter an optional description for your connector.
Instance URLEnter the URL to your instance of the InsightVM Platform. See here for available region codes.
API KeyEnter the API Key token you created in API Access.
  1. Click Verify Credentials.
  2. Click Save.

3. Data Ingestion

  1. Go to Integration Hub > Import via Connector.
  2. Select the Rapid7 InsightVM Cloud connector you just created.
  3. Select importing All Hosts.
  4. Select a schedule to import data into the project.
  5. Click Save & Finish.

FAQ

InsightVM Cloud Reintroduced Findings and Discovered Date handling

When ingesting data from InsightVM Cloud, a finding can sometimes be reintroduced after previously being mitigated or no longer observed.

Historically, Rapid7/InsightVM may preserve the original first_found date when that finding resurfaces. Because Nucleus used that source date for the Nucleus Discovered date, the finding could appear much older than it actually is from an operational perspective.

This created problems for teams tracking:

* SLA aging

* MTTR

* Overdue findings

* Dwell time

* Reporting based on active finding age


What is the new behavior?

Nucleus now supports a new behavior for reintroduced findings from InsightVM Cloud:

When a finding is reintroduced after previously being mitigated and later resurfacing, the Nucleus Discovered date can be set to the reintroduction date instead of the original first_found date.

This allows the finding’s age in Nucleus to better reflect when the vulnerability became active again in the environment.


How do I enable it?

If you would like this behavior enabled for your environment, please reach out to Customer Success and request that the feature flag be turned on.