Hello everyone,
I’m looking to integrate Rapid7 InsightVM (Vulnerability Scanner) with a SIEM to monitor and receive logs, including logs about scan results and other relevant events.
How can I configure Rapid7 to send syslog messages to my SIEM server?
Thank you!
does it need to be Syslog? We pull out logs into our SIEM using IVM’s API on an interval and use that to report on.
Hello Brandon,
No, it doesn’t have to be Syslog; I’m just looking for a way to get the logs into my SIEM server.
If using the InsightVM API is more effective, I’d be interested in learning how you’ve set it up or if there’s any documentation you could share to help me configure it.
Any other methods that work well would also be appreciated!
The SIEM I use already had a connector built in for IVM. I just had to create an API user for it to use. It pulls three metrics: Asset Updates, Vulnerability Updates, and Asset to Vulnerability Updates. I run these every few hours but that depends on your scanning frequency and if you use Agents.
Oh, I see—thank you for explaining! The SIEM I’m using doesn’t have a built-in connector for InsightVM.
However, could you guide me on how to set up the API to pull these metrics? I might be able to use it in another way to get the logs. Any tips or resources would be really helpful
Great, thank you for your help