About the connector
The Rapid7 InsightVM platform integrates Rapid7’s library of Nexpose vulnerability research, Metasploit exploit knowledge, global attacker behavior, internet-wide scanning data, and threat exposure analytics. InsightVM takes advantage of this powerful analytics platform to automatically collect, monitor, and analyze your network for new and existing risks.
This document provides information about the Rapid7 InsightVM connector, which facilitates automated interactions, with a Rapid7 InsightVM server using FortiSOAR™ playbooks. Add the Rapid7 InsightVM connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving information about assets, sites, scans, and vulnerabilities.
Version information
Connector Version: 1.2.0
FortiSOAR™ Version Tested on: 6.0.0-790
Rapid7 InsightVM Versions Tested on: 6.5.8
Authored By: Fortinet.
Certified: Yes
Release Notes for version 1.2.0
Following enhancements have been made to the Rapid7 InsightVM connector in version 1.2.0:
- Added the following operations and playbooks:
- Get Site Scan Engine
- Get Site Scan Templates
- Create Site Scan Schedules
- Get Scan Schedules
- Get Specified Scan Schedule
- Delete Site Scan Schedule
Installing the connector
From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:
yum install cyops-connector-rapid7-insightvm
For the detailed procedure to install a connector, click here.
Prerequisites to configuring the connector
- You must have the URL of Rapid7 InsightVM to which you will connect and perform the automated operations and credentials (Username-Password pair) to access that server.
- You must have the user credentials and port number to access the Rapid7 InsightVM REST API.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
- The minimum privilege that requires to be assigned to users who are going to use this connector and run actions on Rapid7 InsightVM is access to "Manage Sites" under "Global Permissions".
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the Connectors page, select the Rapid7 InsightVM connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details.
| Parameter |
Description |
| Server URL |
IP address or Hostname URL of the Rapid7 InsightVM server to which you will connect and perform the automated operations. |
| Port |
Port number used to access the Rapid7 InsightVM server. |
| Username |
Username that has administrative privileges on the Rapid7 InsightVM server. |
| Password |
Password to access the Rapid7 InsightVM server. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function |
Description |
Annotation and Category |
| Get Asset(s) |
Retrieves information about all assets or specific asset(s) (based on the filter criteria you have specified) from Rapid7 InsightVM. |
get_asset
Investigation |
| Get Asset Vulnerability |
Retrieves information about vulnerabilities that are associated with a particular asset from Rapid7 InsightVM, based on the asset ID you have specified. |
get_vulnerabilities
Investigation |
| Get Vulnerability |
Retrieves information about all vulnerabilities or a specific vulnerability (based on the vulnerability ID you have specified) from Rapid7 InsightVM. |
get_vulnerabilities
Investigation |
| Get Site |
Retrieves information about all sites or a specific site (based on the site ID you have specified) from Rapid7 InsightVM. |
get_site
Investigation |
| Get Scan |
Retrieves information about all scans or a specific scan (based on the scan ID you have specified) from Rapid7 InsightVM. |
get_scan
Investigation |
| Get Softwares on Asset |
Retrieves a list of all installed software on a specific asset from Rapid7 InsightVM based on the asset ID you have specified. |
get_software
Investigation |
| Get Exploits |
Retrieves a list of all known exploits from Rapid7 InsightVM based on the filter criteria you have specified. |
get_exploits
Investigation |
| Get Exploit Details |
Retrieves details about a specific exploit from Rapid7 InsightVM based on the exploit ID you have specified. |
get_exploit_details
Investigation |
| Get Exploitable Vulnerabilities |
Retrieves information about the exploitable vulnerabilities associated with a specific exploit from Rapid7 InsightVM based on the exploit ID you have specified. |
get_exploitable_vulnerabilities
Investigation |
| Get Scan Engines |
Retrieves information about all scan engines or specific scan engine(s) (based on the scan engine ID you have specified) that are available to use for scanning from Rapid7 InsightVM. |
get_scan_engines
Investigation |
| Get Scan Templates |
Retrieves information about all scan templates or specific scan template(s) (based on the scan template ID you have specified) from Rapid7 InsightVM. |
get_scan_templates
Investigation |
| Get Asset Groups |
Retrieves information about all asset groups or specific group(s) (based on the filter criteria you have specified) from Rapid7 InsightVM. |
get_asset_groups
Investigation |
| Launch Site Scan |
Starts a scan for a specified site based on the engine ID, template ID and other parameters you have specified. |
launch_scan
Investigation |
| Get Site Scan Engines |
Retrieves the resources of the scan engines assigned to the site based on the site ID you have specified. |
get_scan_engines
Investigation |
| Get Site Scan Templates |
Retrieves the resources of the scan templates assigned to the site based on the site ID you have specified. |
get_scan_templates
Investigation |
| Create Site Scan Schedules |
Creates a new scan schedule for the specified site based on the site ID, scan schedule, and other input parameters you have specified. |
create_schedule_scan
Investigation |
| Get Scan Schedules |
Retrieves the schedules for all the scans from Rapid7 InsightVM. |
get_site
Investigation |
| Get Specified Scan Schedule |
Retrieves the specific scan schedule for a specific site from Rapid7 InsightVM based on the site ID and schedule scan ID you have specified. |
get_site_scan_schedule
Investigation |
| Delete Site Scan Schedule |
Deletes the specific scan schedule for a specific site from Rapid7 InsightVM based on the site ID and schedule scan ID you have specified. |
delete_schedule_scan
Investigation |
operation: Get Asset(s)
Input parameters
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
| Parameter |
Description |
| Apply Filter Criteria |
Logical operator to be applied to searching assets based on the filter criteria. The following options are available: Any or All.
If you select Any, then results are displayed if any of the filter criteria that you have specified is met and if you select All, then results are displayed only if all the filter criteria that you have specified is met. |
| IP Address Operator |
Logical operator to be applied to searching asset based on the IP address value. The following options are available: Is, Is Not, In Range, Not In Range, Like, or Not Like. |
| IP Address Value |
If you specify the IP Address Operator (other than In Range or Not In Range operator), then you must specify the IP address based on which you want to search for asset(s). |
From IP Address
And
To IP Address |
Only applicable if you have selected the In Range or Not In Range operator.
If you have selected the In Range or Not In Range operator, then specify the from (lower) value of the IP address that is part of the IP address range you want to use to search the asset(s).
If you have selected the In Range or Not In Range operator, then specify the to (higher) value of the IP address that is part of the IP address range you want to use to search the asset(s). |
| Asset Name Operator |
Logical operator to be applied to searching asset based on the name of the asset.
The following options are available: Is, Is Not, Starts With, Ends With, Contains, Not Contains, Is Empty, Is Not Empty, Like, or Not Like. |
| Asset Name |
If you specify the Asset Name Operator, then you must specify the name of the asset based on which you want to search for asset(s). |
| OS Operator |
Logical operator to be applied to searching asset based on the OS.
The following options are available: Contains, Not Contains, Is Empty, or Is Not Empty |
| OS Value |
If you specify the OS Operator, then you must specify the OS based on which you want to search for asset(s). |
| Site ID Operator |
Logical operator to be applied to searching asset based on the ID of the site. The following options are available: In, or Not In. |
| Site ID |
If you specify the Site ID Operator, then you must specify the ID of the site based on which you want to search for asset(s). |
| Open Port Number Operator |
Logical operator to be applied to searching asset based on the open port number. The following options are available: Is, Is Not, or In Range. |
| Open Port Number |
If you specify the Open Port Number Operator (other than the In Range operator), then you must specify the open port number based on which you want to search for asset(s). |
From Open Port Number
And
To Open Port Number |
Only applicable if you have selected the In Range operator.
If you have selected the In Range operator, then specify the from (lower) value of the open port number that is part of the open port number range you want to use to search the asset(s).
If you have selected the In Range operator, then specify the to (higher) value of the open port number that is part of the open port number range you want to use to search the asset(s).set(s). |
| User-Added Custom Tag Operator |
Logical operator to be applied to searching asset based on a user-added custom tag. The following options are available: Is, Is Not, Starts With, Ends With, Contains, Not Contains, Is Applied, or Is Not Applied. |
| User-Added Custom Tag |
If you specify the User-Added Custom Tag Operator, then you must specify the value of the user-added custom tag based on which you want to search for asset(s). |
| Vulnerability Category Operator |
Logical operator to be applied to searching asset based on a vulnerability category.
The following options are available: Is, Is Not, Starts With, Ends With, Contains, or Not Contains. |
| Vulnerability Category |
If you specify the Vulnerability Category Operator, then you must specify the value of the vulnerability category based on which you want to search for asset(s). |
| Vulnerability Title Operator |
Logical operator to be applied to searching asset based on a vulnerability title.
The following options are available: Is, Is Not, Starts With, Ends With, Contains, or Not Contains. |
| Vulnerability Title |
If you specify the Vulnerability Title Operator, then you must specify the value of the vulnerability title based on which you want to search for asset(s). |
| CVE ID Operator |
Logical operator to be applied to searching asset based on the CVE ID.
The following options are available: Is, Is Not, Contains, or Not Contains. |
| CVE ID |
If you specify the CVE ID Operator, then you must specify the value of the CVE ID based on which you want to search for asset(s). |
| User-Added Tag(Location) Value Operator |
Logical operator to be applied to searching asset based on a user-added location tag.
The following options are available: IS, Is Not, Starts With, Ends With, Contains, Not Contains, Is Applied, or Is Not Applied. |
| User-Added Tag(Location) Value |
If you specify the User-Added Tag(Location) Operator, then you must specify the value of the user-added location tag based on which you want to search for asset(s). |
| User-Added Criticality Level Operator |
Logical operator to be applied to searching asset based on a user-added criticality level.
The following options are available: Very High, High, Medium, Low, Very Low. |
| User-Added Criticality Level Value |
If you specify the User-Added Criticality Level Operator, then you must specify the value of the user-added criticality level based on which you want to search for asset(s). |
| User-Added Tag(Owners) Operator |
Logical operator to be applied to searching asset based on a user-added owners tag.
The following options are available: Is, Is Not, Starts With, Ends With, Contains, Not Contains, Is Applied, or Is Not Applied |
| User-Added Tag(Owners) Value |
If you specify the User-Added Tag(Owners) Operator, then you must specify the value of the user-added owners tag based on which you want to search for asset(s). |
| Page Number |
Page number from which you want to retrieve records. |
| Records Per Page |
Maximum number of results that this operation should return.
By default, this is set to 10. |
Output
The output contains the following populated JSON schema:
{
"resources": [
{
"addresses": [
{
"ip": "",
"mac": ""
}
],
"ip": "",
"assessedForPolicies": "",
"history": [
{
"version": "",
"scanId": "",
"date": "",
"type": ""
}
],
"id": "",
"mac": "",
"osFingerprint": {
"version": "",
"cpe": {
"version": "",
"vendor": "",
"part": "",
"v2.2": "",
"v2.3": "",
"product": ""
},
"vendor": "",
"type": "",
"description": "",
"id": "",
"family": "",
"systemName": "",
"product": ""
},
"vulnerabilities": {
"moderate": "",
"critical": "",
"malwareKits": "",
"exploits": "",
"total": "",
"severe": ""
},
"riskScore": "",
"rawRiskScore": "",
"os": "",
"services": [
{
"protocol": "",
"links": [
{
"rel": "",
"href": ""
}
],
"port": ""
}
],
"links": [
{
"rel": "",
"href": ""
}
],
"assessedForVulnerabilities": ""
}
],
"links": [
{
"rel": "",
"href": ""
}
],
"page": {
"totalPages": "",
"totalResources": "",
"size": "",
"number": ""
}
}
operation: Get Softwares on Asset
Input parameters
| Parameter |
Description |
| Asset ID |
Identifier of the asset for which you want to retrieve the list of installed software. |
Output
The output contains the following populated JSON schema:
{
"version": "",
"links": [
{
"rel": "",
"href": ""
}
],
"vendor": "",
"type": "",
"description": "",
"id": "",
"resources": [
{
"cpe": {
"update": "",
"v2.3": "",
"edition": "",
"swEdition": "",
"part": "",
"version": "",
"vendor": "",
"language": "",
"targetSW": "",
"targetHW": "",
"v2.2": "",
"other": "",
"product": ""
},
"configurations": [
{
"name": "",
"value": ""
}
]
}
],
"family": "",
"product": ""
}
operation: Get Asset Vulnerability
Input parameters
| Parameter |
Description |
| Asset ID |
ID of an asset whose associated vulnerabilities information you want to retrieve from Rapid7 InsightVM. |
| Detailed Reports |
(Optional) Select this option if you require detailed reports.
By default, this option is set to True. |
| Page Number |
(Optional) Page number from which you want to retrieve records. |
| Records Per Page |
(Optional) Maximum number of results that this operation should return.
By default, this is set to 10. |
Output
The JSON output contains information about the vulnerabilities associated with a specific asset retrieved from Rapid7 InsightVM, based on the asset ID you have specified.
The output contains the following populated JSON schema:
{
"page": {
"size": "",
"number": "",
"totalPages": "",
"totalResources": ""
},
"links": [
{
"href": "",
"rel": ""
}
],
"resources": [
{
"malwareKits": "",
"severity": "",
"modified": "",
"exploits": "",
"published": "",
"cvss": {
"v2": {
"accessComplexity": "",
"score": "",
"authentication": "",
"confidentialityImpact": "",
"impactScore": "",
"vector": "",
"exploitScore": "",
"integrityImpact": "",
"accessVector": "",
"availabilityImpact": ""
},
"links": [
{
"href": "",
"rel": ""
}
]
},
"title": "",
"severityScore": "",
"pci": {
"status": "",
"adjustedSeverityScore": "",
"adjustedCVSSScore": "",
"fail": ""
},
"id": "",
"denialOfService": "",
"description": {
"html": "",
"text": ""
},
"added": "",
"riskScore": "",
"categories": [],
"links": [
{
"href": "",
"rel": ""
}
]
}
]
}
operation: Get Vulnerability
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Input parameters
| Parameter |
Description |
| Vulnerability ID |
ID of a vulnerability whose information you want to retrieve from Rapid7 InsightVM. |
| Page Number |
Page number from which you want to retrieve records. |
| Records Per Page |
Maximum number of results that this operation should return.
By default, this is set to 10. |
Output
The JSON output contains details of all the vulnerabilities or a specific vulnerability (based on the vulnerability ID you have specified) from Rapid7 InsightVM.
The output contains the following populated JSON schema:
{
"resources": [
{
"modified": "",
"title": "",
"severity": "",
"description": {
"html": "",
"text": ""
},
"id": "",
"exploits": "",
"denialOfService": "",
"severityScore": "",
"riskScore": "",
"categories": [],
"malwareKits": "",
"added": "",
"links": [
{
"rel": "",
"href": ""
}
],
"pci": {
"adjustedCVSSScore": "",
"fail": "",
"status": "",
"adjustedSeverityScore": ""
},
"published": "",
"cvss": {
"links": [
{
"rel": "",
"href": ""
}
],
"v2": {
"score": "",
"accessComplexity": "",
"impactScore": "",
"accessVector": "",
"vector": "",
"exploitScore": "",
"authentication": "",
"confidentialityImpact": "",
"integrityImpact": "",
"availabilityImpact": ""
}
}
}
]
}
operation: Get Site
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Input parameters
| Parameter |
Description |
| Site ID |
ID of a site whose information you want to retrieve from Rapid7 InsightVM. |
| Page Number |
Page number from which you want to retrieve records. |
| Records Per Page |
Maximum number of results that this operation should return.
By default, this is set to 10. |
Output
The JSON output contains details of all the sites or a specific site (based on the site ID you have specified) from Rapid7 InsightVM.
The output contains the following populated JSON schema:
{
"resources": [
{
"scanTemplate": "",
"name": "",
"description": "",
"id": "",
"scanEngine": "",
"lastScanTime": "",
"vulnerabilities": {
"moderate": "",
"total": "",
"critical": "",
"severe": ""
},
"riskScore": "",
"type": "",
"assets": "",
"links": [
{
"rel": "",
"href": ""
}
],
"importance": ""
}
],
"links": [
{
"rel": "",
"href": ""
}
],
"page": {
"totalPages": "",
"number": "",
"size": "",
"totalResources": ""
}
}
operation: Get Scan
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Input parameters
| Parameter |
Description |
| Scan ID |
ID of a scan whose information you want to retrieve from Rapid7 InsightVM. |
| Show Active Scan Report |
Select this option if you want to include only active scan reports.
By default, this option is set to False. |
| Page Number |
Page number from which you want to retrieve records. |
| Records Per Page |
Maximum number of results that this operation should return.
By default, this is set to 10. |
Output
The JSON output contains details of all the scans or a specific scan (based on the scan ID you have specified) from Rapid7 InsightVM.
The output contains the following populated JSON schema:
{
"resources": [
{
"startTime": "",
"scanType": "",
"scanName": "",
"siteId": "",
"status": "",
"engineId": "",
"engineName": "",
"endTime": "",
"vulnerabilities": {
"moderate": "",
"total": "",
"critical": "",
"severe": ""
},
"id": "",
"assets": "",
"links": [
{
"href": "",
"rel": ""
}
],
"siteName": "",
"duration": ""
}
],
"links": [
{
"href": "",
"rel": ""
}
],
"page": {
"totalPages": "",
"number": "",
"size": "",
"totalResources": ""
}
}
operation: Get Exploits
Input parameters
| Parameter |
Description |
| Page Number |
Page number from which you want to retrieve records. |
| Records Per Page |
Maximum number of results that this operation should return.
By default, this is set to 10. |
Output
The output contains the following populated JSON schema:
{
"resources": [
{
"source": {
"key": "",
"link": {
"rel": "",
"href": "",
"id": ""
},
"name": ""
},
"links": [
{
"rel": "",
"href": ""
}
],
"title": "",
"skillLevel": "",
"id": ""
}
],
"links": [
{
"rel": "",
"href": ""
}
],
"page": {
"totalPages": "",
"number": "",
"size": "",
"totalResources": ""
}
}
operation: Get Exploit Details
Input parameters
| Parameter |
Description |
| Exploit ID |
Identifier of the exploit whose details you want to retrieve from Rapid7 InsightVM. |
Output
The output contains the following populated JSON schema:
{
"source": {
"key": "",
"link": {
"rel": "",
"href": "",
"id": ""
},
"name": ""
},
"links": [
{
"rel": "",
"href": ""
}
],
"title": "",
"skillLevel": "",
"id": ""
}
operation: Get Exploitable Vulnerabilities
Input parameters
| Parameter |
Description |
| Exploit ID |
Identifier of the exploit whose associated exploitable vulnerabilities you want to retrieve from Rapid7 InsightVM. |
Output
The output contains the following populated JSON schema:
{
"resources": [
""
],
"links": [
{
"rel": "",
"href": ""
}
]
}
operation: Get Scan Engines
Input parameters
| Parameter |
Description |
| Scan Engine ID |
(Optional) Identifier of the scan engine whose information you want to retrieve from Rapid7 InsightVM. |
Output
The output contains the following populated JSON schema:
{
"links": [
{
"rel": "",
"href": ""
}
],
"resources": [
{
"sites": [],
"lastUpdatedDate": "",
"links": [
{
"rel": "",
"href": ""
}
],
"address": "",
"name": "",
"id": "",
"port": "",
"contentVersion": "",
"productVersion": ""
}
]
}
operation: Get Scan Templates
Input parameters
| Parameter |
Description |
| Scan Template ID |
(Optional) Identifier of the scan template whose information you want to retrieve from Rapid7 InsightVM. |
Output
The output contains the following populated JSON schema:
{
"links": [
{
"rel": "",
"href": ""
}
],
"resources": [
{
"enhancedLogging": "",
"webEnabled": "",
"maxScanProcesses": "",
"database": {
"oracle": []
},
"id": "",
"checks": {
"types": {
"disabled": [],
"enabled": []
},
"correlate": "",
"potential": "",
"individual": {
"disabled": [],
"enabled": []
},
"categories": {
"disabled": [],
"enabled": []
},
"unsafe": ""
},
"discovery": {
"asset": {
"fingerprintRetries": "",
"fingerprintMinimumCertainty": "",
"sendArpPings": "",
"collectWhoisInformation": "",
"sendIcmpPings": "",
"treatTcpResetAsAsset": "",
"ipFingerprintingEnabled": ""
},
"performance": {
"timeout": {
"initial": "",
"minimum": "",
"maximum": ""
},
"scanDelay": {
"minimum": "",
"maximum": ""
},
"retryLimit": "",
"parallelism": {
"minimum": "",
"maximum": ""
},
"packetRate": {
"defeatRateLimit": "",
"minimum": "",
"maximum": ""
}
},
"service": {
"serviceNameFile": "",
"tcp": {
"ports": "",
"method": ""
},
"udp": {
"ports": ""
}
}
},
"description": "",
"enableWindowsServices": "",
"discoveryOnly": "",
"web": {
"testXssInSingleScan": "",
"testCommonUsernamesAndPasswords": "",
"paths": {
"honorRobotDirectives": ""
},
"dontScanMultiUseDevices": "",
"performance": {
"maximumLinkDepth": "",
"maximumTime": "",
"threadsPerServer": "",
"maximumDirectoryLevels": "",
"maximumForeignHosts": "",
"maximumRetries": "",
"maximumPages": "",
"responseTimeout": "",
"httpDaemonsToSkip": []
},
"patterns": {
"sensitiveField": ""
},
"includeQueryStrings": "",
"userAgent": ""
},
"maxParallelAssets": "",
"telnet": {},
"name": "",
"vulnerabilityEnabled": "",
"policy": {
"recursiveWindowsFSSearch": "",
"storeSCAP": ""
},
"policyEnabled": ""
}
]
}
operation: Get Asset Groups
Input parameters
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
| Parameter |
Description |
| Group Type |
Type of asset group whose information you want to retrieve from Rapid7 InsightVM. |
| Group Name |
Search pattern for the name of the asset group whose information you want to retrieve from Rapid7 InsightVM.
Note: Searches in Rapid7 InsightVM are "case-insensitive contains". |
| Page Number |
Page number from which you want to retrieve records. |
| Records Per Page |
Maximum number of results that this operation should return.
By default, this is set to 10. |
Output
The output contains the following populated JSON schema:
{
"links": [
{
"rel": "",
"href": ""
}
],
"page": {
"totalPages": "",
"number": "",
"size": "",
"totalResources": ""
},
"resources": [
{
"vulnerabilities": {
"critical": "",
"severe": "",
"total": "",
"moderate": ""
},
"description": "",
"searchCriteria": {
"filters": [
{
"field": "",
"operator": "",
"value": ""
}
],
"match": ""
},
"type": "",
"links": [
{
"rel": "",
"href": ""
}
],
"name": "",
"id": "",
"assets": "",
"riskScore": ""
}
]
}
operation: Launch Site Scan
Input parameters
| Parameter |
Description |
| Site ID |
Identifier of the site for which you want to start the scan. |
| Engine ID |
Identifier of the scan engine to be used for scanning. |
| Template ID |
Identifier of the scan template to be used for scanning. |
| Asset Group IDs |
(Optional) Identifiers of asset groups to be included as a part of the scan. Only asset groups that assigned to the site can be specified for a scan. This value should be an array of integers representing the unique identifiers of the asset groups. |
| Hosts |
(Optional) Hosts to be included as a part of the scan. You can specify hosts as a mixture of IP addresses and hostnames as a String array. |
| Scan Name |
(Optional) User-specified scan name for the scan that you want to start on the specified site. |
Output
The output contains the following populated JSON schema:
{
"links": [
{
"rel": "",
"href": ""
}
],
"id": ""
}
operation: Get Site Scan Engines
Input parameters
| Parameter |
Description |
| Site ID |
Identifier of the site whose assigned scan engine's resources you want to retrieve from Rapid7 Insight VM. |
Output
The output contains the following populated JSON schema:
{
"port": "",
"address": "",
"lastUpdatedDate": "",
"links": [
{
"href": "",
"rel": ""
}
],
"contentVersion": "",
"id": "",
"sites": [],
"productVersion": "",
"name": "",
"lastRefreshedDate": "",
"enginePools": []
}
operation: Get Site Scan Templates
Input parameters
| Parameter |
Description |
| Site ID |
Identifier of the site whose assigned scan template's resources you want to retrieve from Rapid7 Insight VM. |
Output
The output contains the following populated JSON schema:
{
"checks": {
"categories": {
"enabled": [],
"links": [
{
"href": "",
"rel": ""
}
],
"disabled": []
},
"individual": {
"enabled": [],
"links": [
{
"href": "",
"rel": ""
}
],
"disabled": []
},
"links": [
{
"href": "",
"rel": ""
}
],
"unsafe": "",
"types": {
"enabled": [],
"links": [
{
"href": "",
"rel": ""
}
],
"disabled": []
},
"potential": "",
"correlate": ""
},
"enhancedLogging": "",
"vulnerabilityEnabled": "",
"discoveryOnly": "",
"policyEnabled": "",
"description": "",
"database": {
"postgres": "",
"oracle": "",
"db2": "",
"links": [
{
"href": "",
"rel": ""
}
]
},
"telnet": {
"characterSet": "",
"links": [
{
"href": "",
"rel": ""
}
],
"passwordPromptRegex": "",
"loginRegex": "",
"questionableLoginRegex": "",
"failedLoginRegex": ""
},
"webEnabled": "",
"maxScanProcesses": "",
"links": [
{
"href": "",
"rel": ""
}
],
"id": "",
"web": {
"testXssInSingleScan": "",
"dontScanMultiUseDevices": "",
"includeQueryStrings": "",
"userAgent": "",
"patterns": {
"sensitiveContent": "",
"sensitiveField": ""
},
"performance": {
"maximumTime": "",
"responseTimeout": "",
"maximumPages": "",
"maximumDirectoryLevels": "",
"maximumForeignHosts": "",
"httpDaemonsToSkip": [],
"threadsPerServer": "",
"maximumRetries": "",
"maximumLinkDepth": ""
},
"testCommonUsernamesAndPasswords": "",
"paths": {
"boostrap": "",
"excluded": "",
"honorRobotDirectives": ""
}
},
"enableWindowsServices": "",
"policy": {
"enabled": [],
"storeSCAP": "",
"links": [
{
"href": "",
"rel": ""
}
],
"recursiveWindowsFSSearch": ""
},
"name": "",
"maxParallelAssets": "",
"discovery": {
"asset": {
"fingerprintMinimumCertainty": "",
"fingerprintRetries": "",
"sendArpPings": "",
"collectWhoisInformation": "",
"udpPorts": [],
"ipFingerprintingEnabled": "",
"tcpPorts": [],
"treatTcpResetAsAsset": "",
"sendIcmpPings": ""
},
"performance": {
"parallelism": {
"maximum": "",
"minimum": ""
},
"retryLimit": "",
"packetRate": {
"defeatRateLimit": "",
"minimum": "",
"maximum": ""
},
"scanDelay": {
"maximum": "",
"minimum": ""
},
"timeout": {
"maximum": "",
"minimum": "",
"initial": ""
}
},
"service": {
"udp": {
"ports": "",
"additionalPorts": "",
"excludedPorts": "",
"links": [
{
"href": "",
"rel": ""
}
]
},
"serviceNameFile": "",
"tcp": {
"method": "",
"ports": "",
"additionalPorts": "",
"excludedPorts": "",
"links": [
{
"href": "",
"rel": ""
}
]
}
}
}
}
operation: Create Site Scan Schedules
Input parameters
| Parameter |
Description |
| Site ID |
Identifier of the site for which you want to create a scan schedule. |
| Assets |
(Optional) Define one or more assets to be defined within the specific site that requires to be scanned using this scan schedule.
This parameter is only supported for static sites. When this property is null, or not defined in schedule, then all assets defined in the static site will be scanned. You can specify the assets in following categories:
- excludedAssetGroups: Assets associated with these asset groups will be excluded from the site's scan.
- excludedTargets: Addresses to be excluded from the site's scan. Each address is a string that can represent either a hostname, ipv4 address, ipv4 address range, ipv6 address, or CIDR notation.
- includedAssetGroups: Assets associated with these asset groups will be included in the site's scan.
- includedTargets: Addresses to be included in the site's scan. At least one address must be specified in a static site. Each address is a string that can represent either a hostname, ipv4 address, ipv4 address range, ipv6 address, or CIDR notation.
|
| Enable Scan Schedule |
Check the Enable Scan Schedule checkbox to enable the scan schedule. |
| Scan Name |
(Optional) User-defined name for the scan launched by the schedule. If you do not set this parameter, then the scan name will be generated prior to launching the scan.
Note: Scan names must be unique. |
| Start Date |
Date and time when you want to start the scan schedule. In the case of repeating schedules, this start datetime will determine the scan schedule, i.e., date and time of the next scans. |
| Scan Engine ID |
(Optional) Identifier of the scan engine to be used for this scan schedule. If you do not set this parameter, then the site's assigned scan engine will be used. |
| Scan Template ID |
(Optional) Identifier of the scan template to be used for this scan schedule. If you do not set this parameter, then the site's assigned scan template will be used. |
| Duration |
(Optional) Maximum duration that you want the scheduled scan to run. If the scheduled scans do not complete within specified duration then they will be paused.
The scan duration is represented by the format: "P[n]DT[n]H[n]M". For example, "P5DT10H30M" represents a duration of "5 days, 10 hours, and 30 minutes". Each duration designator is optional; however, at least one must be specified and it must be preceded by the "P" designator. |
| Scan Schedule ID |
(Optional) Identifier of the scan schedule. |
| On Scan Repeat |
Specifies the desired behavior of a repeating scheduled scan when the previous scan was paused since it reached its maximum run time as specified in the Duration parameter. You can choose from the following options:
- Restart Scan: Stops the previously-paused scan and launches a new scan, if the previous scan did not complete within the specified duration. If the previously scheduled scan was not paused, then a new scan is launched.
- Resume Scan: Resumes the previously-paused scan if the previous scan did not complete within the specified duration. If the previously scheduled scan was not paused, then a new scan is launched.
|
| Repeat |
(Optional) Settings, in the JSON format, for repeating a scheduled task. Following are the valid options:
- "dayOfWeek": The day of the week the schedule should repeat.
- "every": The frequency the schedule should repeat. Valid values are: hour, day, week, date-of-month, and day-of-month.
"interval": The time after which the schedule should repeat.
"lastDayOfMonth": True/False parameter. If set to "True", then the schedule will repeat on the last day of the month.
"weekOfMonth": The week of the month the scheduled task should repeat.
|
Output
The output contains the following populated JSON schema:
{
"links": [
{
"href": "",
"rel": ""
}
],
"id": ""
}
operation: Get Scan Schedules
Input parameters
| Parameter |
Description |
| Site ID |
(Optional) Identifier of the site whose associated scan schedules you want to retrieve from Rapid7 InsightVM.
Note: If you do not specify any site ID, then this operation retrieves all the scan schedules. |
Output
The output contains the following populated JSON schema:
{
"resources": [
{
"duration": "",
"onScanRepeat": "",
"scanName": "",
"nextRuntimes": [],
"repeat": {
"lastDayOfMonth": "",
"dayOfWeek": "",
"interval": "",
"every": "",
"weekOfMonth": ""
},
"assets": {
"includedTargets": {
"addresses": [],
"links": [
{
"href": "",
"rel": ""
}
]
},
"excludedAssetGroups": {
"assetGroupIDs": [],
"links": [
{
"href": "",
"rel": ""
}
]
},
"excludedTargets": {
"addresses": [],
"links": [
{
"href": "",
"rel": ""
}
]
},
"includedAssetGroups": {
"assetGroupIDs": [],
"links": [
{
"href": "",
"rel": ""
}
]
}
},
"start": "",
"links": [
{
"href": "",
"rel": ""
}
],
"id": "",
"enabled": "",
"scanTemplateId": "",
"scanEngineId": ""
}
],
"links": [
{
"href": "",
"rel": ""
}
]
}
operation: Get Specified Scan Schedule
Input parameters
| Parameter |
Description |
| Site ID |
Identifier of the site whose associated scan schedules you want to retrieve from Rapid7 InsightVM. |
| Schedule Scan ID |
Identifier of the scan schedule whose details you want to retrieve from Rapid7 InsightVM. |
Output
The output contains the following populated JSON schema:
{
"duration": "",
"onScanRepeat": "",
"scanName": "",
"nextRuntimes": [],
"repeat": {
"lastDayOfMonth": "",
"dayOfWeek": "",
"interval": "",
"every": "",
"weekOfMonth": ""
},
"assets": {
"includedTargets": {
"addresses": [],
"links": [
{
"href": "",
"rel": ""
}
]
},
"excludedAssetGroups": {
"assetGroupIDs": [],
"links": [
{
"href": "",
"rel": ""
}
]
},
"excludedTargets": {
"addresses": [],
"links": [
{
&nbnbsp; "href": "",
"rel": ""
}
]
},
"includedAssetGroups": {
"assetGroupIDs": [],
"links": [
{
"href": "",
"rel": ""
}
]
}
},
"start": "",
"links": [
{
"href": "",
"rel": ""
}
],
"id": "",
"enabled": "",
"scanTemplateId": "",
"scanEngineId": ""
}
operation: Delete Site Scan Schedule
Input parameters
| Parameter |
Description |
| Site ID |
Identifier of the site whose associated scan schedules you want to delete from Rapid7 InsightVM. |
| Scheduled Scan ID |
Identifier of the scan schedule that you want to delete from Rapid7 InsightVM. |
Output
The output contains the following populated JSON schema:
{
"duration": "",
"onScanRepeat": "",
"scanName": "",
"nextRuntimes": [],
"repeat": {
"lastDayOfMonth": "",
"dayOfWeek": "",
"interval": "",
"every": "",
"weekOfMonth": ""
},
"assets": {
"includedTargets": {
"addresses": [],
"links": [
{
"href": "",
"rel": ""
}
]
},
"excludedAssetGroups": {
"assetGroupIDs": [],
"links": [
{
"href": "",
"rel": ""
}
]
},
"excludedTargets": {
"addresses": [],
"links": [
{
"href": "",
"rel": ""
}
]
},
"includedAssetGroups": {
"assetGroupIDs": [],
"links": [
{
"href": "",
"rel": ""
}
]
}
},
"start": "",
"links": [
{
"href": "",
"rel": ""
}
],
"id": "",
"enabled": "",
"scanTemplateId": "",
"scanEngineId": ""
}
Included playbooks
The Sample - Rapid7-InsightVM - 1.2.0 playbook collection comes bundled with the Rapid7 InsightVM connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Rapid7 InsightVM connector.
- Create Site Scan Schedules
- Delete Site Scan Schedule
- Get Asset
- Get Asset Groups
- Get Asset Vulnerability
- Get Exploitable Vulnerabilities
- Get Exploit Details
- Get Exploits
- Get Scan
- Get Scan Engines
- Get Scan Schedules
- Get Scan Templates
- Get Site Scan Engines
- Get Site Scan Templates
- Get Site
- Get Softwares on Asset
- Get Specific Scan Schedule
- Get Vulnerability
- Launch Site Scan
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
