Difference between revisions of "Rapid7 InsightVM"

From Hornbill
Jump to navigation Jump to search
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
{{bluebanner|[[Main_Page|Home]] > [[Administration]] > [[IT_Operations_Management|IT Operations Management]] > [[ITOM_Package_Library|ITOM Package Library]] > Rapid7 InsightVM|[[:Category:ITOM|Index]]}}
+
This document can now be found at its new location in the [https://docs.hornbill.com/itom-packages/welcome Hornbill Document Library].
[[File:rapid7_logo.png|300px]]
 
{{IntroAndLinks|The Rapid7 InsightVM package for Hornbill's IT Operations Management (ITOM) contains operations to automate vulnerability management operations within Rapid7 InsightVM deployments.
 
|
 
<!-- Related Links go here -->
 
:* [[IT_Operations_Management|IT Operations Management]]
 
:* [[Business_Process_Designer|Business Process Designer]]
 
:* [[Hornbill_KeySafe|KeySafe]]
 
}}
 
  
==Target Environment Requirements==
+
    [[file:hornbill-document-library.png|ITOM Package Reference|link=https://docs.hornbill.com/itom-packages/welcome]]
 
+
[[Category:HDOC]]
===Script Execution Machine Requirements===
 
 
 
* If the script execution policy on the machine executing these operations is set to Restricted, then this will need to be updated to something less restrictive. See the [https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-6 PowerShell Documentation] for more information.
 
 
 
==KeySafe Configuration==
 
[[File:insightvm_keysafe.png|300px|right|link=https://wiki.hornbill.com/images/5/5f/Insightvm_keysafe.png]]
 
 
 
When creating SIS jobs for operations contained within this package, they need to be run on the target machine as a user who has the correct privileges within your environment, and will require an additional KeySafe Key to hold the account credentials to connect to InsightVM.
 
 
 
To configure your '''Target Machine''' account authentication in '''[[Hornbill_KeySafe|KeySafe]]''':
 
 
 
* In the Admin console, navigate to: System > Security > KeySafe;
 
* Click on + then select <code>Username + Password</code>;
 
* Give the KeySafe Key a Title (this is the name/identifier for the target machine account as you will see it when creating an IT Automation Job, or adding an IT Automation node to a Business Process or Runbook);
 
* Optionally add a description;
 
* Populate the Username field with the domain/local account username for the account being used on the target machine;
 
* Populate the Password field with the password for the above account;
 
* Select Create Key to save.
 
 
 
To configure your '''InsightVM''' account authentication in '''[[Hornbill_KeySafe|KeySafe]]''':
 
 
 
* In the Admin console, navigate to: System > Security > KeySafe;
 
* Click on + then select <code>Username + Password</code>;
 
* Give the KeySafe Key a Title (this is the name/identifier for the target machine account as you will see it when creating an IT Automation Job, or adding an IT Automation node to a Business Process or Runbook);
 
* Optionally add a description;
 
* Populate the Username field with the Username of the InsightVM account that ITOM will use to perform the operations;
 
* Populate the Password field with the password for the above account;
 
* Endpoint - this should be populated with the API Endpoint for your Rapid7 InsightVM deployment. For example: '''https://{your.insightvm.hostname}:3780''' where {your.insightvm.hostname} should be replaced by the host domain of the InsightVM server, and 3780 is the default port for making API calls to the server;
 
* Select Create Key to save.
 
 
 
==Package Operations==
 
[[File:Insightvm_job.png|300px|right|link=https://wiki.hornbill.com/images/d/d5/Insightvm_job.png]]
 
 
 
The Rapid7 InsightVM package contains the following operations, than can be used to create ITOM Jobs directly, or included in your [[Business_Process_Designer|Business Processes]] and/or IT Operations Management Rubooks.
 
 
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px">
 
===Start Scan===
 
<div class="mw-collapsible-content">
 
Starts a Scan against a Host on a Site. See the [https://help.rapid7.com/insightvm/en-us/api/index.html#operation/startScan InsightVM operation documentation] for more information.
 
 
 
====Extra Credentials====
 
 
 
This operation requires an extra credential to be provided:
 
 
 
Credential Reference: credential1
 
Credential Keysafe Key Type: Username + Password
 
 
 
====Input Parameters====
 
 
 
* <code>IgnoreBadCerts</code> '''(MANDATORY)''' - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
 
* <code>SiteID</code> '''(MANDATORY)''' - The ID of the Site to initiate the scan against;
 
* <code>EngineID</code> '''(MANDATORY)''' - The identifier of the scan engine;
 
* <code>Asset</code> '''(MANDATORY)''' - The IP or Name of the Asset to scan;
 
* <code>TemplateID</code> '''(MANDATORY)''' - The identifier of the scan template;
 
* <code>Name</code> - The user-driven scan name for the scan.
 
 
 
====Output Parameters====
 
 
 
* <code>errors</code> - Any errors returned by the operation;
 
* <code>outcome</code> - Outcome of the operation. Can be OK or FAIL;
 
* <code>id</code> - The ID of the Scan.
 
</div></div>
 
 
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px">
 
===Get Scan Details===
 
<div class="mw-collapsible-content">
 
Retrives information about a scan. See the [https://help.rapid7.com/insightvm/en-us/api/index.html#operation/getScans InsightVM operation documentation] for more information.
 
 
 
====Extra Credentials====
 
 
 
This operation requires an extra credential to be provided:
 
 
 
Credential Reference: credential1
 
Credential Keysafe Key Type: Username + Password
 
 
 
====Input Parameters====
 
 
 
* <code>IgnoreBadCerts</code> '''(MANDATORY)''' - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
 
* <code>ScanID</code> '''(MANDATORY)''' - The ID of the Scan to retrieve.
 
 
 
====Output Parameters====
 
 
 
* <code>errors</code> - Any errors returned by the operation;
 
* <code>outcome</code> - Outcome of the operation. Can be OK or FAIL;
 
* <code>id</code> - The ID of the Scan;
 
* <code>startTime</code> - The start date and time of the Scan;
 
* <code>endTime</code> - The end date and time of the Scan;
 
* <code>status</code> - The status of the Scan;
 
* <code>vCritical</code> - The number of Critial Vulnerabilities detected by the Scan;
 
* <code>vModerate</code> - The number of Moderate Vulnerabilities detected by the Scan;
 
* <code>vSevere</code> - The number of Severe Vulnerabilities detected by the Scan;
 
* <code>vTotal</code> - The total number of Vulnerabilities detected by the Scan.
 
</div></div>
 
 
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px">
 
===Get Asset Details===
 
<div class="mw-collapsible-content">
 
Retrives information about an asset, when supplied the assets HostName or IP Address. If values for both are provided then the HostName will be used. See the [https://help.rapid7.com/insightvm/en-us/api/index.html#operation/getAsset InsightVM operation documentation] for more information.
 
 
 
====Extra Credentials====
 
 
 
This operation requires an extra credential to be provided:
 
 
 
Credential Reference: credential1
 
Credential Keysafe Key Type: Username + Password
 
 
 
====Input Parameters====
 
 
 
* <code>IgnoreBadCerts</code> '''(MANDATORY)''' - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
 
* <code>HostName</code> - The HostName of the Asset to retrieve;
 
* <code>IPAddress</code> - The IP Address of the Asset to retrieve.
 
 
 
====Output Parameters====
 
 
 
* <code>errors</code> - Any errors returned by the operation;
 
* <code>outcome</code> - Outcome of the operation. Can be OK or FAIL;
 
* <code>id</code> - The ID of the Asset;
 
* <code>ip</code> - The IP Address of the Asset;
 
* <code>hostName</code> - The HostName of the Asset;
 
* <code>riskScore</code> - The Risk Score for the Asset;
 
* <code>vCritical</code> - The number of Critial Vulnerabilities on the Asset;
 
* <code>vExploits</code> - The number of Exploit Vulnerabilities on the Asset;
 
* <code>vModerate</code> - The number of Moderate Vulnerabilities on the Asset;
 
* <code>vSevere</code> - The number of Severe Vulnerabilities on the Asset;
 
* <code>vTotal</code> - The total number of Vulnerabilities on the Asset.
 
</div></div>
 
 
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px">
 
===Create Tag===
 
<div class="mw-collapsible-content">
 
Creates a new Tag. See the [https://help.rapid7.com/insightvm/en-us/api/index.html#operation/createTag InsightVM operation documentation] for more information.
 
 
 
====Extra Credentials====
 
 
 
This operation requires an extra credential to be provided:
 
 
 
Credential Reference: credential1
 
Credential Keysafe Key Type: Username + Password
 
 
 
====Input Parameters====
 
 
 
* <code>IgnoreBadCerts</code> '''(MANDATORY)''' - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
 
* <code>Color</code> - Color of the new Tag;
 
* <code>Name</code> '''(MANDATORY)''' - The Name of the new Tag;
 
* <code>RiskModifier</code> - The Risk Modifier value of the new Tag;
 
* <code>Type</code> '''(MANDATORY)''' - The Type of the new Tag.
 
 
 
====Output Parameters====
 
 
 
* <code>errors</code> - Any errors returned by the operation;
 
* <code>outcome</code> - Outcome of the operation. Can be OK or FAIL;
 
* <code>id</code> - The ID of the Tag.
 
</div></div>
 
 
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px">
 
===Add Asset Tag===
 
<div class="mw-collapsible-content">
 
Adds a Tag to an Asset. See the [https://help.rapid7.com/insightvm/en-us/api/index.html#operation/addAssetTag InsightVM operation documentation] for more information.
 
 
 
====Extra Credentials====
 
 
 
This operation requires an extra credential to be provided:
 
 
 
Credential Reference: credential1
 
Credential Keysafe Key Type: Username + Password
 
 
 
====Input Parameters====
 
 
 
* <code>IgnoreBadCerts</code> '''(MANDATORY)''' - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
 
* <code>AssetID</code> '''(MANDATORY)''' - The ID of the Asset;
 
* <code>TagID</code> '''(MANDATORY)''' - The ID of the Tag.
 
 
 
====Output Parameters====
 
 
 
* <code>errors</code> - Any errors returned by the operation;
 
* <code>outcome</code> - Outcome of the operation. Can be OK or FAIL;
 
</div></div>
 
 
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px">
 
===Remove Asset Tag===
 
<div class="mw-collapsible-content">
 
Removes a Tag from an Asset. See the [https://help.rapid7.com/insightvm/en-us/api/index.html#operation/removeAssetTag InsightVM operation documentation] for more information.
 
 
 
====Extra Credentials====
 
 
 
This operation requires an extra credential to be provided:
 
 
 
Credential Reference: credential1
 
Credential Keysafe Key Type: Username + Password
 
 
 
====Input Parameters====
 
 
 
* <code>IgnoreBadCerts</code> '''(MANDATORY)''' - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
 
* <code>AssetID</code> '''(MANDATORY)''' - The ID of the Asset;
 
* <code>TagID</code> '''(MANDATORY)''' - The ID of the Tag.
 
 
 
====Output Parameters====
 
 
 
* <code>errors</code> - Any errors returned by the operation;
 
* <code>outcome</code> - Outcome of the operation. Can be OK or FAIL;
 
</div></div>
 
 
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px">
 
===Add Vulnerability Exception===
 
<div class="mw-collapsible-content">
 
Creates a vulnerability exception. See the [https://help.rapid7.com/insightvm/en-us/api/index.html#operation/createVulnerabilityException InsightVM operation documentation] for more information.
 
 
 
====Extra Credentials====
 
 
 
This operation requires an extra credential to be provided:
 
 
 
Credential Reference: credential1
 
Credential Keysafe Key Type: Username + Password
 
 
 
====Input Parameters====
 
 
 
* <code>IgnoreBadCerts</code> '''(MANDATORY)''' - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
 
* <code>ScopeID</code> '''(MANDATORY)''' - The exception scope ID;
 
* <code>Type</code> '''(MANDATORY)''' - The type of the exception scope. One of: 'Global', 'Site', 'Asset', 'Asset Group', 'Instance';
 
* <code>VunerabilityID</code> '''(MANDATORY)''' - The Vunerability ID;
 
* <code>State</code> '''(MANDATORY)''' - The state of the vulnerability exception. One of: 'Deleted', 'Expired', 'Approved', 'Rejected', 'Under Review';
 
* <code>Comment</code> '''(MANDATORY)''' - A comment from the submitter as to why the exception was submitted;
 
* <code>Reason</code> '''(MANDATORY)''' - The reason the vulnerability exception was submitted. One of: 'False Positive', 'Compensating Control', 'Acceptable Use', 'Acceptable Risk', 'Other';
 
* <code>Expires</code> - The date and time the vunerability exception is set to expire;
 
* <code>Key</code> - If the scope type is 'Instance', an optional key to discriminate the instance the exception applies to;
 
* <code>Port</code> - If the scope type is 'Instance' and the vulnerability is detected on a service, the port on which the exception applies.
 
 
 
====Output Parameters====
 
 
 
* <code>errors</code> - Any errors returned by the operation;
 
* <code>outcome</code> - Outcome of the operation. Can be OK or FAIL;
 
* <code>id</code> - The identifier of the resource created.
 
</div></div>
 
 
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px">
 
===Remove Vulnerability Exception===
 
<div class="mw-collapsible-content">
 
Removes a Vunerability Exception record. See the [https://help.rapid7.com/insightvm/en-us/api/index.html#operation/removeVulnerabilityException InsightVM operation documentation] for more information.
 
 
 
====Extra Credentials====
 
 
 
This operation requires an extra credential to be provided:
 
 
 
Credential Reference: credential1
 
Credential Keysafe Key Type: Username + Password
 
 
 
====Input Parameters====
 
 
 
* <code>IgnoreBadCerts</code> '''(MANDATORY)''' - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
 
* <code>ID</code> '''(MANDATORY)''' - The ID of the Vulnerability Exception record.
 
 
 
====Output Parameters====
 
 
 
* <code>errors</code> - Any errors returned by the operation;
 
* <code>outcome</code> - Outcome of the operation. Can be OK or FAIL;
 
</div></div>
 
 
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px">
 
===Update Vunerability Exception Status===
 
<div class="mw-collapsible-content">
 
Updates the Status of a Vunerability Exception record. See the [https://help.rapid7.com/insightvm/en-us/api/index.html#operation/updateVulnerabilityExceptionStatus InsightVM operation documentation] for more information.
 
 
 
====Extra Credentials====
 
 
 
This operation requires an extra credential to be provided:
 
 
 
Credential Reference: credential1
 
Credential Keysafe Key Type: Username + Password
 
 
 
====Input Parameters====
 
 
 
* <code>IgnoreBadCerts</code> '''(MANDATORY)''' - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
 
* <code>ID</code> '''(MANDATORY)''' - The ID of the Vulnerability Exception record.
 
* <code>Status</code> '''(MANDATORY)''' - Update the status of the vulnerability exception. The status can be one of: 'recall', 'approve', or 'reject'.
 
 
 
====Output Parameters====
 
 
 
* <code>errors</code> - Any errors returned by the operation;
 
* <code>outcome</code> - Outcome of the operation. Can be OK or FAIL;
 
</div></div>
 
 
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px">
 
===Add Asset Vunerability Validation===
 
<div class="mw-collapsible-content">
 
Creates a vulnerability validation for a vulnerability on an asset. The validation signifies that the vulnerability has been confirmed exploitable by an external tool, such as Metasploit. See the [https://help.rapid7.com/insightvm/en-us/api/index.html#operation/createVulnerabilityValidation InsightVM operation documentation] for more information.
 
 
 
====Extra Credentials====
 
 
 
This operation requires an extra credential to be provided:
 
 
 
Credential Reference: credential1
 
Credential Keysafe Key Type: Username + Password
 
 
 
====Input Parameters====
 
 
 
* <code>IgnoreBadCerts</code> '''(MANDATORY)''' - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
 
* <code>AssetID</code> '''(MANDATORY)''' - The identifier of the asset.;
 
* <code>VulnerabilityID</code> '''(MANDATORY)''' - The identifier of the vulnerability;
 
* <code>Date</code> '''(MANDATORY)''' - The date and time the vulnerability was validated, in the ISO8601 format;
 
* <code>Key</code> '''(MANDATORY)''' - The identifier or name of the exploit that was used to validate the vulnerability;
 
* <code>Name</code> '''(MANDATORY)''' - The name of the source used to validate the vulnerability.
 
 
 
====Output Parameters====
 
 
 
* <code>errors</code> - Any errors returned by the operation;
 
* <code>outcome</code> - Outcome of the operation. Can be OK or FAIL;
 
* <code>id</code> - The identifier of the resource created.
 
</div></div>
 
 
 
<div class="mw-collapsible mw-collapsed" data-collapsetext="Show Less" data-expandtext="Read More" style="width:1050px">
 
===Remove Asset Vunerability Validation===
 
<div class="mw-collapsible-content">
 
Removes a vulnerability validation for a vulnerability from an asset. See the [https://help.rapid7.com/insightvm/en-us/api/index.html#operation/deleteVulnerabilityValidation InsightVM operation documentation] for more information.
 
 
 
====Extra Credentials====
 
 
 
This operation requires an extra credential to be provided:
 
 
 
Credential Reference: credential1
 
Credential Keysafe Key Type: Username + Password
 
 
 
====Input Parameters====
 
 
 
* <code>IgnoreBadCerts</code> '''(MANDATORY)''' - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
 
* <code>AssetID</code> '''(MANDATORY)''' - The identifier of the asset.;
 
* <code>VulnerabilityID</code> '''(MANDATORY)''' - The identifier of the vulnerability;
 
* <code>ValidationID</code> '''(MANDATORY)''' - The ID of the Validation record.
 
 
 
====Output Parameters====
 
 
 
* <code>errors</code> - Any errors returned by the operation;
 
* <code>outcome</code> - Outcome of the operation. Can be OK or FAIL.
 
</div></div>
 
 
 
[[Category:ITOM]]
 

Latest revision as of 20:00, 10 April 2024

This document can now be found at its new location in the Hornbill Document Library. 

   ITOM Package Reference
Retrieved from "https://wiki.hornbill.com/index.php?title=Rapid7_InsightVM&oldid=32175"