Lookup Host workflows

InsightConnect Plugins
1

I am working on two new workflows.

Lookup Host in InsightVM from Teams
Requirement: InsightVM Console URL and account credentials.
Plugin: Rapid7 InsightVM Console v7.0.2

Lookup Vulnerable Hosts from Teams
Requirement: InsightVM Console URL and account credentials.
Plugin: Rapid7 InsightVM v4.8.1

I have imported the workflows and plugins. I am not sure about my connections.

It is my understanding that our InsightVM Security Console is in the cloud and paired with the Insight Platform.

Therefore, when it asks for the “URL to your InsightVM console, without trailing slashes”. . is this the url to InsightVM or the URL listed in InsightVM under Management, Under OrgSettings “Security Console URL”?

Building on that question, one of the connections wants you to indicate port following the url. Onprem documentation suggests it should be port 3780. Is the port the same when the InsightVM Console is in the cloud?

As far as credentials go, inside of InsightVM, under Administration, under User Management, do I create a new “InsightVM users” and what sort of User Role does this need?

Or is this all down the complete wrong path and I can’t even use these workflows due to InsightVM Security Console is in the cloud and I need to be using the Rapid7 InsightVM Cloud plugin?

2

Hello

We have the IVM Console and have implemented both of those workflows (after some manual updates of the plugins), however since you don’t have the console and are using the cloud version of IVM, you could attempt to import the workflows and then modify the plugin step to use the IVM Cloud actions. It won’t be a 1:1 match and will require changes but without having something to test with, it looks like it should work with some effort and research.

image
image1576×801 123 KB

Good luck
Marco

3

Is your security console hosted by Rapid7?

The workflow is looking for the URL to your security console. We also have a cloud plugin, but that only requires an API key.

The permissions you would need, are relevant to the actions you want the plugin to perform, and the access within your IVM console that it should be able to touch. If it requires Global Admin to read all scans and asset data, then you would want to give it Global Admin. The ability you have in the UI with the role, is the same ability the user will have via API.