Rapid7 InsightVM

From Hornbill
Revision as of 12:59, 8 April 2020 by SteveGoldthorpe (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Home > Administration > IT Operations Management > ITOM Package Library > Rapid7 InsightVM Index

Rapid7 logo.png

Introduction

The Rapid7 InsightVM package for Hornbill's IT Operations Management (ITOM) contains operations to automate vulnerability management operations within Rapid7 InsightVM deployments.

Related Articles

Target Environment Requirements

Script Execution Machine Requirements

  • If the script execution policy on the machine executing these operations is set to Restricted, then this will need to be updated to something less restrictive. See the PowerShell Documentation for more information.

KeySafe Configuration

Insightvm keysafe.png

When creating SIS jobs for operations contained within this package, they need to be run on the target machine as a user who has the correct privileges within your environment, and will require an additional KeySafe Key to hold the account credentials to connect to InsightVM.

To configure your Target Machine account authentication in KeySafe:

  • In the Admin console, navigate to: System > Security > KeySafe;
  • Click on + then select Username + Password;
  • Give the KeySafe Key a Title (this is the name/identifier for the target machine account as you will see it when creating an IT Automation Job, or adding an IT Automation node to a Business Process or Runbook);
  • Optionally add a description;
  • Populate the Username field with the domain/local account username for the account being used on the target machine;
  • Populate the Password field with the password for the above account;
  • Select Create Key to save.

To configure your InsightVM account authentication in KeySafe:

  • In the Admin console, navigate to: System > Security > KeySafe;
  • Click on + then select Username + Password;
  • Give the KeySafe Key a Title (this is the name/identifier for the target machine account as you will see it when creating an IT Automation Job, or adding an IT Automation node to a Business Process or Runbook);
  • Optionally add a description;
  • Populate the Username field with the Username of the InsightVM account that ITOM will use to perform the operations;
  • Populate the Password field with the password for the above account;
  • Endpoint - this should be populated with the API Endpoint for your Rapid7 InsightVM deployment. For example: https://{your.insightvm.hostname}:3780 where {your.insightvm.hostname} should be replaced by the host domain of the InsightVM server, and 3780 is the default port for making API calls to the server;
  • Select Create Key to save.

Package Operations

Insightvm job.png

The Rapid7 InsightVM package contains the following operations, than can be used to create ITOM Jobs directly, or included in your Business Processes and/or IT Operations Management Rubooks.

Start Scan

Starts a Scan against a Host on a Site. See the InsightVM operation documentation for more information.

Extra Credentials

This operation requires an extra credential to be provided:

Credential Reference: credential1 Credential Keysafe Key Type: Username + Password

Input Parameters

  • IgnoreBadCerts (MANDATORY) - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
  • SiteID (MANDATORY) - The ID of the Site to initiate the scan against;
  • EngineID (MANDATORY) - The identifier of the scan engine;
  • Asset (MANDATORY) - The IP or Name of the Asset to scan;
  • TemplateID (MANDATORY) - The identifier of the scan template;
  • Name - The user-driven scan name for the scan.

Output Parameters

  • errors - Any errors returned by the operation;
  • outcome - Outcome of the operation. Can be OK or FAIL;
  • id - The ID of the Scan.

Get Scan Details

Retrives information about a scan. See the InsightVM operation documentation for more information.

Extra Credentials

This operation requires an extra credential to be provided:

Credential Reference: credential1 Credential Keysafe Key Type: Username + Password

Input Parameters

  • IgnoreBadCerts (MANDATORY) - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
  • ScanID (MANDATORY) - The ID of the Scan to retrieve.

Output Parameters

  • errors - Any errors returned by the operation;
  • outcome - Outcome of the operation. Can be OK or FAIL;
  • id - The ID of the Scan;
  • startTime - The start date and time of the Scan;
  • endTime - The end date and time of the Scan;
  • status - The status of the Scan;
  • vCritical - The number of Critial Vulnerabilities detected by the Scan;
  • vModerate - The number of Moderate Vulnerabilities detected by the Scan;
  • vSevere - The number of Severe Vulnerabilities detected by the Scan;
  • vTotal - The total number of Vulnerabilities detected by the Scan.

Get Asset Details

Retrives information about an asset, when supplied the assets HostName or IP Address. If values for both are provided then the HostName will be used. See the InsightVM operation documentation for more information.

Extra Credentials

This operation requires an extra credential to be provided:

Credential Reference: credential1 Credential Keysafe Key Type: Username + Password

Input Parameters

  • IgnoreBadCerts (MANDATORY) - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
  • HostName - The HostName of the Asset to retrieve;
  • IPAddress - The IP Address of the Asset to retrieve.

Output Parameters

  • errors - Any errors returned by the operation;
  • outcome - Outcome of the operation. Can be OK or FAIL;
  • id - The ID of the Asset;
  • ip - The IP Address of the Asset;
  • hostName - The HostName of the Asset;
  • riskScore - The Risk Score for the Asset;
  • vCritical - The number of Critial Vulnerabilities on the Asset;
  • vExploits - The number of Exploit Vulnerabilities on the Asset;
  • vModerate - The number of Moderate Vulnerabilities on the Asset;
  • vSevere - The number of Severe Vulnerabilities on the Asset;
  • vTotal - The total number of Vulnerabilities on the Asset.

Create Tag

Creates a new Tag. See the InsightVM operation documentation for more information.

Extra Credentials

This operation requires an extra credential to be provided:

Credential Reference: credential1 Credential Keysafe Key Type: Username + Password

Input Parameters

  • IgnoreBadCerts (MANDATORY) - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
  • Color - Color of the new Tag;
  • Name (MANDATORY) - The Name of the new Tag;
  • RiskModifier - The Risk Modifier value of the new Tag;
  • Type (MANDATORY) - The Type of the new Tag.

Output Parameters

  • errors - Any errors returned by the operation;
  • outcome - Outcome of the operation. Can be OK or FAIL;
  • id - The ID of the Tag.

Add Asset Tag

Adds a Tag to an Asset. See the InsightVM operation documentation for more information.

Extra Credentials

This operation requires an extra credential to be provided:

Credential Reference: credential1 Credential Keysafe Key Type: Username + Password

Input Parameters

  • IgnoreBadCerts (MANDATORY) - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
  • AssetID (MANDATORY) - The ID of the Asset;
  • TagID (MANDATORY) - The ID of the Tag.

Output Parameters

  • errors - Any errors returned by the operation;
  • outcome - Outcome of the operation. Can be OK or FAIL;

Remove Asset Tag

Removes a Tag from an Asset. See the InsightVM operation documentation for more information.

Extra Credentials

This operation requires an extra credential to be provided:

Credential Reference: credential1 Credential Keysafe Key Type: Username + Password

Input Parameters

  • IgnoreBadCerts (MANDATORY) - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
  • AssetID (MANDATORY) - The ID of the Asset;
  • TagID (MANDATORY) - The ID of the Tag.

Output Parameters

  • errors - Any errors returned by the operation;
  • outcome - Outcome of the operation. Can be OK or FAIL;

Add Vulnerability Exception

Creates a vulnerability exception. See the InsightVM operation documentation for more information.

Extra Credentials

This operation requires an extra credential to be provided:

Credential Reference: credential1 Credential Keysafe Key Type: Username + Password

Input Parameters

  • IgnoreBadCerts (MANDATORY) - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
  • ScopeID (MANDATORY) - The exception scope ID;
  • Type (MANDATORY) - The type of the exception scope. One of: 'Global', 'Site', 'Asset', 'Asset Group', 'Instance';
  • VunerabilityID (MANDATORY) - The Vunerability ID;
  • State (MANDATORY) - The state of the vulnerability exception. One of: 'Deleted', 'Expired', 'Approved', 'Rejected', 'Under Review';
  • Comment (MANDATORY) - A comment from the submitter as to why the exception was submitted;
  • Reason (MANDATORY) - The reason the vulnerability exception was submitted. One of: 'False Positive', 'Compensating Control', 'Acceptable Use', 'Acceptable Risk', 'Other';
  • Expires - The date and time the vunerability exception is set to expire;
  • Key - If the scope type is 'Instance', an optional key to discriminate the instance the exception applies to;
  • Port - If the scope type is 'Instance' and the vulnerability is detected on a service, the port on which the exception applies.

Output Parameters

  • errors - Any errors returned by the operation;
  • outcome - Outcome of the operation. Can be OK or FAIL;
  • id - The identifier of the resource created.

Remove Vulnerability Exception

Removes a Vunerability Exception record. See the InsightVM operation documentation for more information.

Extra Credentials

This operation requires an extra credential to be provided:

Credential Reference: credential1 Credential Keysafe Key Type: Username + Password

Input Parameters

  • IgnoreBadCerts (MANDATORY) - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
  • ID (MANDATORY) - The ID of the Vulnerability Exception record.

Output Parameters

  • errors - Any errors returned by the operation;
  • outcome - Outcome of the operation. Can be OK or FAIL;

Update Vunerability Exception Status

Updates the Status of a Vunerability Exception record. See the InsightVM operation documentation for more information.

Extra Credentials

This operation requires an extra credential to be provided:

Credential Reference: credential1 Credential Keysafe Key Type: Username + Password

Input Parameters

  • IgnoreBadCerts (MANDATORY) - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
  • ID (MANDATORY) - The ID of the Vulnerability Exception record.
  • Status (MANDATORY) - Update the status of the vulnerability exception. The status can be one of: 'recall', 'approve', or 'reject'.

Output Parameters

  • errors - Any errors returned by the operation;
  • outcome - Outcome of the operation. Can be OK or FAIL;

Add Asset Vunerability Validation

Creates a vulnerability validation for a vulnerability on an asset. The validation signifies that the vulnerability has been confirmed exploitable by an external tool, such as Metasploit. See the InsightVM operation documentation for more information.

Extra Credentials

This operation requires an extra credential to be provided:

Credential Reference: credential1 Credential Keysafe Key Type: Username + Password

Input Parameters

  • IgnoreBadCerts (MANDATORY) - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
  • AssetID (MANDATORY) - The identifier of the asset.;
  • VulnerabilityID (MANDATORY) - The identifier of the vulnerability;
  • Date (MANDATORY) - The date and time the vulnerability was validated, in the ISO8601 format;
  • Key (MANDATORY) - The identifier or name of the exploit that was used to validate the vulnerability;
  • Name (MANDATORY) - The name of the source used to validate the vulnerability.

Output Parameters

  • errors - Any errors returned by the operation;
  • outcome - Outcome of the operation. Can be OK or FAIL;
  • id - The identifier of the resource created.

Remove Asset Vunerability Validation

Removes a vulnerability validation for a vulnerability from an asset. See the InsightVM operation documentation for more information.

Extra Credentials

This operation requires an extra credential to be provided:

Credential Reference: credential1 Credential Keysafe Key Type: Username + Password

Input Parameters

  • IgnoreBadCerts (MANDATORY) - When set to true, the IgnoreBadCerts input parameter will allow the operation to function even if the SSL certificate on your InsightVM deployment is self-certified or expired;
  • AssetID (MANDATORY) - The identifier of the asset.;
  • VulnerabilityID (MANDATORY) - The identifier of the vulnerability;
  • ValidationID (MANDATORY) - The ID of the Validation record.

Output Parameters

  • errors - Any errors returned by the operation;
  • outcome - Outcome of the operation. Can be OK or FAIL.
Personal tools
Namespaces

Variants
Views
Actions
Navigation
Tools