Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Install and configure the Rapid7 Integration for Security Operations application

Log in to subscribe to topics and get notified when content changes.

Install and configure the Rapid7 Integration for Security Operations application

Before you run the integration on your instance, the installation and configuration steps must be completed so the Rapid7 Nexpose or Rapid7 InsightVM product properly integrates with Vulnerability Response. This application is available as a separate subscription.

Before you begin

Complete the following setup checklist prior to installation. These setup tasks are required for a smooth installation and configuration.
Note: This process applies only to applications downloaded to production instances. If you are downloading applications to sub-production or development instances, it is not necessary to get entitlements. Proceed to Activate a ServiceNow Store application.
Setup tasks Description
Verify that the Vulnerability Response application is installed and activated.

To verify that this application is activated, navigate to Subscription Management > Subscriptions in your instance. The list displays the subscriptions your organization has purchased.

If the application is not installed and activated see, Install and configure Vulnerability Response.

Verify that you have the required ServiceNow roles for your instance. The following roles are required for installation, configuration, and verification of expected results:
  • If not already assigned, the System Administrator [admin] installs the app and assigns the Vulnerability Admin [sn_vul.admin] role.
  • The Vulnerability Admin [sn_vul.admin] oversees configuration and verifies expected results.

The Rapid7 admin role is inherited when you are assigned an administrative role in the Vulnerability Response (VR) application.

Prepare for Rapid7 Vulnerability Integration installation. Read Preparing for the Rapid7 Vulnerability Integration.
For the Rapid7 Nexpose data warehouse integration type, ensure that you have a MID Server with access to the Rapid7 Nexpose data warehouse. Note the data warehouse name. The Rapid7 data warehouse integration type only supports standalone MID Servers. Clustered MID Servers are not supported.
For the Rapid7 Nexpose data warehouse integration type, download the latest PostgresSQL driver. Go to https://jdbc.postgresql.org/download.html and download the latest driver.
For the Rapid7 Nexpose data warehouse integration type, have your Rapid7 Nexpose data warehouse server URL and authentication credentials ready. The credentials must provide adequate permissions for retrieving knowledge, scan, and detection information for a Rapid7 Nexpose subscription.

Version 8.0 For the Rapid7 InsightVM integration type, have your server URL and Rapid7 InsightVM API key ready.

Version 9.0: For the Rapid7 InsightVM integration type, have your region and API key ready.

Version 8.0 Contact Rapid7 to obtain the appropriate URL and API key.

Version 9.0: Contact Rapid7 to obtain the appropriate region and API key.

Note:

When migrating from the Data Warehouse integration type to the InsightVM type you can deduplicate your existing data warehouse records. See Deduplicate Rapid7 Vulnerability Integration data warehouse records for more information.

Procedure

  1. Log in to the instance you want to install the Rapid7 Vulnerability Integration application on.
  2. For the Rapid7 Nexpose data warehouse vulnerability integration, install the PostgreSQL JAR file.
    1. In your ServiceNow instance, navigate to MID Server > JAR Files.
    2. Click New.
    3. Enter the name of the PostgresSQL driver that you downloaded earlier.
      Optionally, enter the Version, Source, and Description information. Leave the Active check box selected.
    4. Attach the downloaded JAR file using the paper clip icon paper clip icon in the header.
    5. Click Submit.
    This process completes the Rapid7 Nexpose data warehouse-specific integration tasks.
  3. Navigate to the ServiceNow Store.
  4. In the ServiceNow Store, search for the Rapid7 Vulnerability Integration application.
  5. Click the application tile.
    Detailed information about the application you are installing is displayed.
    Note: Consider reading the Other Requirements and Dependencies sections, as applicable.
  6. Click Request App and enter your HI login credentials.
  7. Click Get.
  8. Enter the Instance Name and Reason for the Instance, and click Validate Instance.
  9. Click Request.
    You will receive an email with detailed installation instructions.
  10. Navigate to System Applications > Applications.
  11. Locate the application, select it, and click Install.
    Your application is automatically installed on your instance.
  12. Once the installation completes, navigate to Rapid7 > Configuration.
  13. Select an Integration Type from the drop-down menu.
    Figure 1. Version 9.0: Integration type drop-down menu
    Integration type drop-down menu
    Figure 2. Version 8.0: Integration type drop-down menu
    Integration source drop-down
  14. Version 9.0: Select an integration instance. The default Rapid7 InsightVM integration instance is selected by default. If that is the one you want, go to step 15.
    For multiple deployments of the Rapid7 InsightVM integrations:
    1. Open the Lookup list Search icon on Integration Instance field, select an existing integration instance and go to step 15, or click New in the pop-up menu.
    2. For New, enter a Name for the integration instance and click Submit.
      The integration type appears in the Rapid7 configuration form.
      Note: You can delete any integration instance except the default. Deleting an instance deletes the following (excluding VIs):
      • Integrations
      • Instance Parameters
      • Integration Runs
      • Integration Processes
      • Instance column on the VI is marked empty
    3. Continue to step 15.
  15. Click the Integration Setup tab.
  16. On the appropriate form, fill in the fields:
    Table 1. Integration Setup tab for InsightVM integration type
    Field Description
    InsightVM Region The server URL you acquired from the Rapid7 site.
    API Key The API key you acquired from your Rapid7 Insight account.
    Validation Status Read only: Status of credential validation process.
    Table 2. Integration Setup tab for Data Warehouse Integration type
    Field Description
    JDBC credential name Name of your data warehouse credentials.
    User name Rapid7 data warehouse user name.
    Password Rapid7 data warehouse password.
    Validation Status Read only: Status of credential validation process.
    Database server DNS/IP DNS or IP address for your data warehouse.
    Database port Port to use for your data warehouse integration.
    Database name Name of your data warehouse.
    Data delay offset (Days) The data delay offset factors in the delay between the real-time data in Rapid7 Nexpose and the data in the data warehouse.
    MID Server MID Server to use. Only standalone MID servers are supported. Clustered MID servers are not supported.
    MID Server timeout (min) Number of minutes to wait for the MID Server to respond before timing out the integration run.
  17. Verify successful configuration by clicking Test credentials.
    Configuration is successfully completed unless an error message is displayed. If an error message is displayed during the configuration, reenter your data.
  18. Click Save.
  19. Click the Import Configuration tab.
  20. On the appropriate form, fill in the fields.
    Table 3. Import Configuration tab for InsightVM
    Field Description
    Version 9.0: Min CVSS score Minimum vulnerable item CVSS score used to filter vulnerable items during import.
    Version 9.0: Max CVSS score Maximum vulnerable item CVSS score used to filter vulnerable items during import.
    Version 9.0: Site filter Limits the imported data to the sites chosen. You can choose more than one. The default is all sites.
    Create CVE entry When checked, placeholders for CVEs, not already present, are created as NVD records and referenced in the third-party entry for Rapid7. When unchecked, these CVEs are ignored.
    Note: In version 9.0, CVE records, not already present, are created as NVD records and referenced in the third-party entry for Rapid7, by default.
    Close by age Date after which to close the record. When selected, the choices are 30, 60, or 90 days.
    Table 4. Import Configuration tab for Data Warehouse
    Field Description
    Create CVE entry check box When checked, placeholders for CVEs, not already present, are created as NVD records and referenced in the third-party entry for Rapid7. When unchecked, these CVEs are ignored.
    Note: In version 9.0, CVE records, not already present, are created as NVD records and referenced in the third-party entry for Rapid7, by default.
    Min CVSS score Minimum vulnerable item CVSS score used to filter vulnerable items during import.
    Max CVSS score Maximum vulnerable item CVSS score used to filter vulnerable items during import.
    Site filter Limits the imported data to the sites chosen. You can choose more than one.
    Note: Since the default setting is to import data from all sites, you do not need to use the filter if you want all sites. Doing so slows down the request.
    Close by age check box Date after which to close the record. When selected, the choices are 30, 60, or 90 days.
  21. Click Save.
    Your Rapid7 Vulnerability Integration configuration is complete.

What to do next

If your environment requires domain-separated imports, see Create domain-separated imports for the Rapid7 Vulnerability Integration .

To create or refine your lookup rules prior to import, see Create a CI lookup rule.

Feedback