If you’re reading this, you’re probably looking to integrate InsightConnect with InsightVM. I’m going to walk you through the basics and get your first workflow up and running:
- How to setup and use an InsightConnect workflow that integrates with InsightVM
- What you can do with InsightVM from InsightConnect
We’re going to setup a ‘Lookup Vulnerable Hosts’ workflow that takes a vulnerability as input and returns details of the vulnerability and the hosts vulnerable in your environment. There are two versions, one leveraging MS Teams and one leveraging Slack.
This workflow is tied to the InsightVM plugin and your chat tool - either Slack or Teams. In addition to providing information from InsightVM in your chat tool, it also provides an enhanced lookup ability leveraging the Rapid7 Vulnerability Database to find vulnerabilities based on more than just their common identifiers. For example, looking up ‘bluekeep’ will expand to all the vulnerabilities mentioning ‘bluekeep’ in the database. This type of cross-system correlation is one of the things that makes InsightConnect so powerful.
This workflow is triggered from your chat tool. This means it listens for a message that matches a specific pattern and, when it sees it, it proceeds to execute the steps in the workflow with each step leveraging data from the triggering message and the results of previous steps. Some steps are gathering data and making decisions, some are transforming data, and some are interacting with other systems in your environment.
With that being said, let’s get this workflow setup in your environment.
-
Login to the InsightPlatform
-
Navigate to the either the Slack or MS Teams workflow in our Extension Library
-
Review the ‘Documentation’ tab for an overview of the workflow setup procedure
-
Click Import (this will take you to InsightConnect)
-
Follow the prompts to import and activate the workflow
-
You’ll need to configure your InsightVM connection and your chat connection
-
After the import, you’ll need to configure the workflow by setting the parameters
-
Don’t forget to add the InsightConnect bot to the channel!
-
Configure the “workflow parameters” with the appropriate data for your environment
-
Activate the workflow
-
In your chat tool, trigger the workflow!
When triggered, the workflow will respond to your triggering message letting you know it’s running. It’ll reply with additional information as it is available until it’s completed.
There’s a lot of information it returns, but what did it actually do?
-
It convertes the vulnerability you input into ‘Nexpose Vulnerability IDs’
-
If the input is a ‘Nexpose Vulnerability ID’, it uses it as is
-
It checks with InsightVM to see if the input is an ‘alternate identifier’ - if it is, it uses the ‘Nexpose Vulnerability IDs’ linked to the alternate identifier in InsightVM
-
If it doesn’t fine the input in the alternate identifier field, it searches the Rapid7 Vulnerability Database with the input and uses the vulnerabilities returned in the search - unless it gets more results than the limit set
-
It gets the details of the vulnerabilities from InsightVM
-
It gets the hosts vulnerable to each vulnerability
If you’re looking to learn more about what you can do with InsightVM and InsightConnect automation, check out our InsightVM Automation Toolkit where we detail a variety of use cases and highlight some of our pre-built workflows. And if you have any questions or ideas of your own, feel free to share here!