VulnerabilityManagement_5.1.0 Hack - Rapid7 - InsightVM Site Scans

  • 22 July 2021
  • 1 reply
  • 143 views

Userlevel 1
Badge

 → I’m not responsible if anyone Brick the System! ←


For everyone who is using Rapid7 InsightVM:

We upgraded the provided LogPoint Script with the ability to import SITE Scans instead of normal Scan Reports.

The Reason is that SITE Scans are scheduled on the IVM so the complete Vulnerability Scan and Import into LogPoint is without any manual interaction - there is no need to run the Report manually.


What to do on LogPoint: Just replace the script attached here with the Script installed on your DataNode and configure the Rapid7 integration.


What to do on Rapid7 Machine:

1. Create user with following permissions:

- Appear on Ticket and Report Lists: Appear on user lists in order to be assigned remediation tickets and view reports.

- View Site Asset Data: View discovered information about all assets in accessible sites, including IP addresses, installed software, and vulnerabilities.

- Create Reports: Create and own reports for accessible assets. Configure all attributes of owned reports, except for user access.

- Use Restricted Report Sections: Create report templates with restricted sections. Configure reports to use templates with restricted sections.

- Manage Report Access: Grant and remove user access to owned reports.


2. Create Report for Sites/AssetGroup/Assets/Tags/Scan

- Set Name: LogPoint_XML_Site_Report

- Set ReportTemplate: XML Export 2.0

- Select Scope: Site_ABC

- (Optional) Use only assets found in the last scan

- Frequency: Run a recurring report after every scan

- Save & Run the Report


1 reply

Thank you for sharing this Kai!

Reply