Rapid7 InsightVM Integration Setup
This guide walks you through integrating Rapid7 InsightVM with RAD Security for live vulnerability management and risk assessment, allowing you to correlate vulnerability data with runtime security events. Rapid7 InsightVM provides continuous vulnerability monitoring with live dashboards, risk-based prioritization, and automated remediation tracking.Prerequisites
Before you begin, ensure you have:- Admin access to Rapid7 InsightVM
- Ability to create users in your Rapid7 organization
- Access to the email account you’ll use for the service user
- Access to RAD Security workspace with integration permissions
Service Account Recommended: Create a dedicated service user for this integration rather than using a personal account. This ensures continuity when team members change roles.
Step 1: Log in to Rapid7 InsightVM
1
Access Rapid7 Console
Log in to Rapid7 InsightVM with an administrator account
2
Navigate to User Management
Click the settings gear icon in the top right corner and select Users
Step 2: Create Service User with Minimum Permissions
API Keys inherit the same permissions as the user they’re associated with. While you can use an existing user, it’s recommended to create a dedicated service user with only the necessary permissions.
1
Create New User
Click the Create User button in the Users interface
2
Enter User Details
Fill in the user information:
- First Name (e.g., “RAD Security”)
- Last Name (e.g., “Integration”)
- Email Address (use a service email account)
You’ll need access to this email to activate the account. In production, use a service account email (e.g.,
security-integrations@company.com) to ensure the integration remains active when employees change roles.3
Assign Product Access
Under Manage Individual Permissions > Products tab:
- Assign the user to the InsightVM product
- Select Your Organization name
4
Assign Roles
Under Manage Individual Permissions > Roles tab:Assign the following role:
- Administrator (shared)
This is the minimum role required for vulnerability data access. You can assign higher roles if additional permissions are needed for your use case.
5
Create User
Click Add User to confirm creation
6
Log Out
Log out of your administrator account
7
Activate Service Account
- Open the email account associated with the new user
- Find the activation link from Rapid7
- Click the link to activate the account
- Complete the activation process and set a password
Save the activation link! Make sure to activate the account promptly. If you lose the activation email, you may need to request a new one from your administrator.
Step 3: Create Platform API Key
1
Log in as Service User
Log in to Rapid7 InsightVM using the service user credentials you just created
2
Navigate to API Keys
Click the settings gear icon in the top right corner and select API Keys
3
Access Organization Keys
In the left navigation, go to:API KEY MANAGEMENT > Organization Keys
4
Create Platform API Key
Follow the Rapid7 documentation for creating an Organization Platform API key
- Click New Organization Key
- Enter a descriptive name (e.g., “RAD Security Integration”)
- Click Generate
5
Copy and Save API Key
Immediately copy the API key to a secure location
This is your only chance to view the key! If you lose it, you cannot retrieve it and will need to generate a new one.
Step 4: Configure in RAD Security
Navigate to your RAD Security workspace and configure the Rapid7 InsightVM integration with the following parameters:Required Parameters
| Parameter | Description | Example |
|---|---|---|
| Base URL | Regional base URL for Rapid7 InsightVM API (no path components) | https://us.api.insight.rapid7.com |
| Secret | Platform API key from Step 3 | your-api-key-here |
Regional URLs
Select the appropriate regional URL for your Rapid7 instance:Make sure to use the base URL without any path components. For example, use
https://us.api.insight.rapid7.com not https://us.api.insight.rapid7.com/vm/v4.Verify Integration
After completing the setup, verify your integration is working:- Navigate to Data Sources > Integrations > Vulnerabilities in RAD Security
- Locate your Rapid7 InsightVM integration
- Check the connection status shows as Connected
- Verify vulnerability data is being synced
Your Rapid7 InsightVM integration is now configured! RAD Security can now import live vulnerability data and correlate it with runtime security events.
What Data is Synced
Once configured, RAD Security will sync the following data from Rapid7 InsightVM:Vulnerability Findings
Vulnerability Findings
- CVE identifiers and details
- Vulnerability severity and CVSS scores
- CVSS v2 and v3 vectors
- Affected assets and services
- Vulnerability age and trends
- Exploit availability and maturity
- Malware kit associations
Asset Information
Asset Information
- Asset inventory and details
- Operating systems and versions
- Installed software and services
- Network information (IPs, MACs, hostnames)
- Asset tags and classifications
- Last assessment dates
Risk Context
Risk Context
- Real-time risk scores
- Asset criticality ratings
- Vulnerability remediation projects
- Risk trends over time
- Policy compliance status
Remediation Data
Remediation Data
- Available patches and updates
- Remediation procedures
- Estimated remediation time
- Remediation project tracking
- Exception and acceptance records
Use Cases
Live Vulnerability Monitoring
Monitor vulnerabilities in real-time as they’re discovered, with continuous updates from InsightVM.
Risk-Based Prioritization
Prioritize vulnerabilities using InsightVM’s real risk scores combined with RAD’s runtime context.
Remediation Tracking
Track remediation efforts across your environment with automated validation.
Exploit Correlation
Identify when vulnerabilities are actively exploited by correlating with runtime security events.
Troubleshooting
Authentication Failed
Authentication Failed
Possible causes:
- API key is incorrect or expired
- Service user account was deactivated
- Wrong regional API URL
- Verify the API key is copied correctly (no extra spaces)
- Check that the service user account is still active
- Confirm you’re using the correct regional URL for your instance
- Generate a new API key if the current one is lost or compromised
Insufficient Permissions
Insufficient Permissions
Possible causes:
- Service user doesn’t have Administrator (shared) role
- User not assigned to InsightVM product
- Organization-level permissions not set
- Log in as admin and verify user roles
- Ensure user is assigned to InsightVM product
- Verify user has Administrator (shared) role at minimum
- Check organization-level permissions are properly configured
No Data Syncing
No Data Syncing
Possible causes:
- No vulnerability scans completed yet
- Assets not reporting to InsightVM
- Initial sync still in progress
- Verify vulnerability scans have been run in InsightVM
- Check that assets are actively reporting
- Allow up to 15 minutes for initial data sync
- Review integration logs in RAD Security for specific errors
Wrong Regional URL
Wrong Regional URL
Possible causes:
- Using incorrect regional endpoint
- Including path components in URL
- Using old API endpoint format
- Verify you’re using the correct region (US, US2, US3, EU, CA, AU, AP)
- Ensure URL is base only (e.g.,
https://us.api.insight.rapid7.com) - Remove any path components like
/vm/v4 - Check your Rapid7 console URL to determine your region
API Key Expired or Revoked
API Key Expired or Revoked
Possible causes:
- API key was manually revoked
- Key expired due to organization policy
- Service user password was changed
- Log in as the service user
- Navigate to API Keys management
- Check if the key still exists and is active
- Generate a new API key if needed
- Update the key in RAD Security integration settings
Security Best Practices
Use Service Accounts
Create a dedicated service account with a service email address to ensure continuity.
Least Privilege Access
Only assign Administrator (shared) role unless higher permissions are specifically required.
Secure Key Storage
Store API keys securely in a password manager. Never commit them to version control.
Regular Key Rotation
Periodically rotate API keys as part of your security hygiene practices.
Monitor API Usage
Review API key usage in Rapid7 to detect any anomalous activity.
Audit User Access
Regularly review service user permissions and ensure they remain appropriate.