Skip to main content

Rapid7 proof types and permissions

Hyperproof supports collecting proof from Rapid7.

Note

Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance meeting the requirements to integrate with Hyperproof and collect the proof you need.

When you create a Hypersync between Hyperproof and Rapid7, you can automatically collect the following proof types:

  • List of Assets

  • List of Asset Groups

  • List of Users

  • Vulnerabilities by Asset

  • Vulnerabilities by Site

Requirements

To connect to Rapid7 and collect proof your Rapid7 configuration must meet the following requirements.

InsightVM Security Console

The InsightVM Security Console is an on-premises tool that the Rapid7 Hypersync connects to directly to automate proof collection. The InsightVM is normally hosted inside your network infrastructure, but it can also be hosted directly by Rapid7.

Depending on where the InsightVM Security Console is hosted, the connection URL will vary. When configuring your Rapid7 Hypersync , you must connect to the InsightVM Security Console using HTTPS. If InsightVM is hosted on your network, the URL must include the specified port. Here are two examples of valid InsightVM Security Console URLs:

  • Hosted on your network- https://rapid7.myCompany.com:3780

  • Hosted by Rapid7- https://myCompany.managed.rapid7.com/home.jsp

To make sure that you are using the correct URL for your instance of the Insight VM Security Console, test the URL as follows:

  1. Log in to the InsightVM Security Console as an administrator.

  2. Using the same internet browser, open a new browser window.

  3. Construct a URL that is a combination of the URL displayed for the InsightVM Security Console with the following path appended to it: /api/3/assets

    Example: https://<InsightVMSecurityConsoleURL>/api/3/assets

  4. Navigate to that URL.

    If you see data returned in JSON format, then the InsightVM Security Console URL is correct and can be used with the Rapid7 Hypersync to connect to Rapid7

Private Network

If your instance is on a private network, add Hyperproof's static IP address (52.9.169.38) to your organization's allowlist.

Authentication

In Rapid7 set up a service account with a username and password to use with Hyperproof.

Note

If you plan to collect the List of Users proof, the service account must be configured as a Global Administrator.

Permissions

To generate the proof types listed above, add a new custom role to your InsightVM instance and apply the following minimum permissions.

  • View site asset data

  • View group asset data

  • View vulnerability investigations

Configure a new user account in User Management:

  1. Make sure that the Require password reset upon login option is not selected.

  2. Assign the new role as an Existing Custom Role.

  3. For Site Permissions, select all Sites whose data you want to include when populating Hypersync proof

    Note

    If a site is not selected, data for its assets will not populate in the proof

Additional documentation

Note

You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need. Additionally, you can create multiple Hypersyncss for a single control or label.

In this section: