Home Orlando Security Incident Management Security Operations Vulnerability Response Vulnerability Response integrations Understanding the Rapid7 Vulnerability Integration Install and configure the Rapid7 Integration for Security Operations application

Install and configure the Rapid7 Integration for Security Operations application

Before you run the integration on your instance, the installation and configuration steps must be completed so the Rapid7 Nexpose or Rapid7 InsightVM product properly integrates with Vulnerability Response. This application is available as a separate subscription.

Before you begin

Complete the following setup checklist prior to installation. These setup tasks are required for a smooth installation and configuration.

Note: This process applies only to applications downloaded to production instances. If you're downloading applications to sub-production or development instances, it's not necessary to get entitlements. Proceed to Activate a ServiceNow Store application.


Setup tasks	Description
Verify that the Vulnerability Response application is installed and activated.	To verify that this application is activated, navigate to Subscription Management > Subscriptions in your instance. The list displays the subscriptions your organization has purchased. If the application is not installed and activated see, Install and configure Vulnerability Response.
Verify that you have the required ServiceNow roles for your instance.	The following roles are required for installation, configuration, and verification of expected results: If not already assigned, the System Administrator [admin] installs the app and assigns the Vulnerability Admin [sn_vul.admin] role. The Vulnerability Admin [sn_vul.admin] oversees configuration and verifies expected results. The Rapid7 admin role is inherited when you are assigned an administrative role in the Vulnerability Response (VR) application.
Prepare for Rapid7 Vulnerability Integration installation.	Read Preparing for the Rapid7 Vulnerability Integration.
For the Rapid7 Nexpose data warehouse integration type, ensure that you have a MID Server with access to the Rapid7 Nexpose data warehouse.	Note the data warehouse name. The Rapid7 data warehouse integration type only supports standalone MID Servers. Clustered MID Servers are not supported.
For the Rapid7 Nexpose data warehouse integration type, download the latest PostgresSQL driver.	Go to https://jdbc.postgresql.org/download.html and download the latest driver.
For the Rapid7 Nexpose data warehouse integration type, have your Rapid7 Nexpose data warehouse server URL and authentication credentials ready.	The credentials must provide adequate permissions for retrieving knowledge, scan, and detection information for a Rapid7 Nexpose subscription.
For the Rapid7 InsightVM integration type, have your region and API key ready.	Contact Rapid7 to obtain the appropriate region and API key.

Note:

When migrating from the Data Warehouse integration type to the InsightVM type you can deduplicate your existing data warehouse records. See Deduplicate Rapid7 Vulnerability Integration data warehouse records for more information.

Procedure

Log in to the instance you want to install the Rapid7 Vulnerability Integration application on.
For the Rapid7 Nexpose data warehouse vulnerability integration, install the PostgreSQL JAR file.
1. In your ServiceNow instance, navigate to MID Server > JAR Files.
2. Click New.
3. Enter the name of the PostgresSQL driver that you downloaded earlier.
  Optionally, enter the Version, Source, and Description information. Leave the Active check box selected.
4. Attach the downloaded JAR file using the paper clip icon in the header.
5. Click Submit.
This process completes the Rapid7 Nexpose data warehouse-specific integration tasks.
Navigate to the ServiceNow Store.
In the ServiceNow Store, search for the Rapid7 Vulnerability Integration application.
Click the application tile.
Detailed information about the application you are installing is displayed.
Note: Consider reading the Other Requirements and Dependencies sections, as applicable.
Click Request App and enter your HI login credentials.
Click Get.
Enter the Instance Name and Reason for the Instance, and click Validate Instance.
Click Request.
You will receive an email with detailed installation instructions.
Navigate to System Applications > Applications.
Locate the application, select it, and click Install.
Your application is automatically installed on your instance.
Once the installation completes, navigate to Rapid7 > Configuration.
Select an Integration Type from the drop-down menu.

Figure 1. Integration type drop-down menu
Select an integration instance. The default Rapid7 InsightVM integration instance is selected by default. If that is the one you want, go to step 15.
For multiple deployments of the Rapid7 InsightVM integrations:
1. Open the Lookup list on Integration Instance field, select an existing integration instance and go to step 15, or click New in the pop-up menu.
2. For New, enter a Name for the integration instance and click Submit.
  The integration type appears in the Rapid7 configuration form.
  Note: You can delete any integration instance except the default. Deleting an instance deletes the following (excluding VIs):
  - Integrations
  - Instance Parameters
  - Integration Runs
  - Integration Processes
  - Instance column on the VI is marked empty
3. Continue to step 15.
Click the Integration Setup tab.

On the appropriate form, fill in the fields:

Table 1. Integration Setup tab for InsightVM integration type
Field	Description
InsightVM Region	The server URL you acquired from the Rapid7 site.
API Key	The API key you acquired from your Rapid7 Insight account.
Validation Status	Read only: Status of credential validation process.

Table 2. Integration Setup tab for Data Warehouse Integration type
Field	Description
JDBC credential name	Name of your data warehouse credentials.
User name	Rapid7 data warehouse user name.
Password	Rapid7 data warehouse password.
Validation Status	Read only: Status of credential validation process.
Database server DNS/IP	DNS or IP address for your data warehouse.
Database port	Port to use for your data warehouse integration.
Database name	Name of your data warehouse.
Data delay offset (Days)	The data delay offset factors in the delay between the real-time data in Rapid7 Nexpose and the data in the data warehouse.
MID Server	MID Server to use. Only standalone MID servers are supported. Clustered MID servers are not supported.
MID Server timeout (min)	Number of minutes to wait for the MID Server to respond before timing out the integration run.

Verify successful configuration by clicking Test credentials.
Configuration is successfully completed unless an error message is displayed. If an error message is displayed during the configuration, reenter your data.
Click Save.
Click the Import Configuration tab.

On the appropriate form, fill in the fields.

Table 3. Import Configuration tab for InsightVM
Field	Description
Min CVSS score	Minimum vulnerable item CVSS score used to filter vulnerable items during import.
Max CVSS score	Maximum vulnerable item CVSS score used to filter vulnerable items during import.
Site filter	Limits the data to the Rapid7 InsightVM sites chosen from the Sites listFiltering by Rapid7 sites. You can choose more than one. The default (empty) is all sites. Note: Sites for Rapid7 InsightVM must be created manually in order to use this feature. See Create sites for Rapid7 InsightVM for more information. For information on using site filtering, see Filtering by Rapid7 sites.
Create CVE entry	When checked, placeholders for CVEs, not already present, are created as NVD records and referenced in the third-party entry for Rapid7. When unchecked, these CVEs are ignored. Note: In version 9.0, CVE records, not already present, are created as NVD records and referenced in the third-party entry for Rapid7, by default.
Close by age	Date after which to close the record. When selected, the choices are 30, 60, or 90 days.

Table 4. Import Configuration tab for Data Warehouse
Field	Description
Create CVE entry check box	When checked, placeholders for CVEs, not already present, are created as NVD records and referenced in the third-party entry for Rapid7. When unchecked, these CVEs are ignored. Note: In version 9.0, CVE records, not already present, are created as NVD records and referenced in the third-party entry for Rapid7, by default.
Min CVSS score	Minimum vulnerable item CVSS score used to filter vulnerable items during import.
Max CVSS score	Maximum vulnerable item CVSS score used to filter vulnerable items during import.
Site filter	Limits the imported Sites Integration data to the sites chosen. You can choose more than one. Note: Since the default setting is to import data from all sites, you do not need to use the filter if you want all sites. Doing so slows down the request.
Close by age check box	Date after which to close the record. When selected, the choices are 30, 60, or 90 days.

Click Save.

The Import since date field in the Rapid7 integrations is blank, by default, except for the Rapid7 Vulnerability Integration - API. It is set to 1999-01-01.

To retrieve historical data during your initial import from the Rapid7 scan, set a start date in the appropriate integration records.
Note: This process works for any Rapid7 integration with the following exceptions. The Rapid7 Exploit and Malware Kit integrations do not show the Import since field because they do not do delta updates and therefore do not use that field. The Rapid7 Asset List integration also ignores the field since its intent is to retrieve all data.
1. Navigate to Rapid 7 > Administration > Integrations
2. Select, for example, Rapid7 Vulnerable Item Integration - API.
3. Set the Import since field to the earliest date you want to retrieve. Each successful import resets this date to that day's date and time.
Your Rapid7 Vulnerability Integration configuration is complete.

What to do next

If your environment requires domain-separated imports, see Create domain-separated imports for the Rapid7 vulnerability integration .

To create or refine your lookup rules prior to import, see Create a CI lookup rule.

Previous topic

Next topic

Send feedback

Release version

Install and configure the Rapid7 Integration for Security Operations application

Before you begin

Complete the following setup checklist prior to installation. These setup tasks are required for a smooth installation and configuration.


Setup tasks	Description
Verify that the Vulnerability Response application is installed and activated.	To verify that this application is activated, navigate to Subscription Management > Subscriptions in your instance. The list displays the subscriptions your organization has purchased. If the application is not installed and activated see, Install and configure Vulnerability Response.
Verify that you have the required ServiceNow roles for your instance.	The following roles are required for installation, configuration, and verification of expected results: If not already assigned, the System Administrator [admin] installs the app and assigns the Vulnerability Admin [sn_vul.admin] role. The Vulnerability Admin [sn_vul.admin] oversees configuration and verifies expected results. The Rapid7 admin role is inherited when you are assigned an administrative role in the Vulnerability Response (VR) application.
Prepare for Rapid7 Vulnerability Integration installation.	Read Preparing for the Rapid7 Vulnerability Integration.
For the Rapid7 Nexpose data warehouse integration type, ensure that you have a MID Server with access to the Rapid7 Nexpose data warehouse.	Note the data warehouse name. The Rapid7 data warehouse integration type only supports standalone MID Servers. Clustered MID Servers are not supported.
For the Rapid7 Nexpose data warehouse integration type, download the latest PostgresSQL driver.	Go to https://jdbc.postgresql.org/download.html and download the latest driver.
For the Rapid7 Nexpose data warehouse integration type, have your Rapid7 Nexpose data warehouse server URL and authentication credentials ready.	The credentials must provide adequate permissions for retrieving knowledge, scan, and detection information for a Rapid7 Nexpose subscription.
For the Rapid7 InsightVM integration type, have your region and API key ready.	Contact Rapid7 to obtain the appropriate region and API key.

Note:

Procedure

Log in to the instance you want to install the Rapid7 Vulnerability Integration application on.
For the Rapid7 Nexpose data warehouse vulnerability integration, install the PostgreSQL JAR file.
1. In your ServiceNow instance, navigate to MID Server > JAR Files.
2. Click New.
3. Enter the name of the PostgresSQL driver that you downloaded earlier.
  Optionally, enter the Version, Source, and Description information. Leave the Active check box selected.
4. Attach the downloaded JAR file using the paper clip icon in the header.
5. Click Submit.
This process completes the Rapid7 Nexpose data warehouse-specific integration tasks.
Navigate to the ServiceNow Store.
In the ServiceNow Store, search for the Rapid7 Vulnerability Integration application.
Click the application tile.
Detailed information about the application you are installing is displayed.
Note: Consider reading the Other Requirements and Dependencies sections, as applicable.
Click Request App and enter your HI login credentials.
Click Get.
Enter the Instance Name and Reason for the Instance, and click Validate Instance.
Click Request.
You will receive an email with detailed installation instructions.
Navigate to System Applications > Applications.
Locate the application, select it, and click Install.
Your application is automatically installed on your instance.
Once the installation completes, navigate to Rapid7 > Configuration.
Select an Integration Type from the drop-down menu.

Figure 1. Integration type drop-down menu
Select an integration instance. The default Rapid7 InsightVM integration instance is selected by default. If that is the one you want, go to step 15.
For multiple deployments of the Rapid7 InsightVM integrations:
1. Open the Lookup list on Integration Instance field, select an existing integration instance and go to step 15, or click New in the pop-up menu.
2. For New, enter a Name for the integration instance and click Submit.
  The integration type appears in the Rapid7 configuration form.
  Note: You can delete any integration instance except the default. Deleting an instance deletes the following (excluding VIs):
  - Integrations
  - Instance Parameters
  - Integration Runs
  - Integration Processes
  - Instance column on the VI is marked empty
3. Continue to step 15.
Click the Integration Setup tab.

On the appropriate form, fill in the fields:

Table 1. Integration Setup tab for InsightVM integration type
Field	Description
InsightVM Region	The server URL you acquired from the Rapid7 site.
API Key	The API key you acquired from your Rapid7 Insight account.
Validation Status	Read only: Status of credential validation process.

Table 2. Integration Setup tab for Data Warehouse Integration type
Field	Description
JDBC credential name	Name of your data warehouse credentials.
User name	Rapid7 data warehouse user name.
Password	Rapid7 data warehouse password.
Validation Status	Read only: Status of credential validation process.
Database server DNS/IP	DNS or IP address for your data warehouse.
Database port	Port to use for your data warehouse integration.
Database name	Name of your data warehouse.
Data delay offset (Days)	The data delay offset factors in the delay between the real-time data in Rapid7 Nexpose and the data in the data warehouse.
MID Server	MID Server to use. Only standalone MID servers are supported. Clustered MID servers are not supported.
MID Server timeout (min)	Number of minutes to wait for the MID Server to respond before timing out the integration run.

Verify successful configuration by clicking Test credentials.
Configuration is successfully completed unless an error message is displayed. If an error message is displayed during the configuration, reenter your data.
Click Save.
Click the Import Configuration tab.

On the appropriate form, fill in the fields.

Table 3. Import Configuration tab for InsightVM
Field	Description
Min CVSS score	Minimum vulnerable item CVSS score used to filter vulnerable items during import.
Max CVSS score	Maximum vulnerable item CVSS score used to filter vulnerable items during import.
Site filter	Limits the data to the Rapid7 InsightVM sites chosen from the Sites listFiltering by Rapid7 sites. You can choose more than one. The default (empty) is all sites. Note: Sites for Rapid7 InsightVM must be created manually in order to use this feature. See Create sites for Rapid7 InsightVM for more information. For information on using site filtering, see Filtering by Rapid7 sites.
Create CVE entry	When checked, placeholders for CVEs, not already present, are created as NVD records and referenced in the third-party entry for Rapid7. When unchecked, these CVEs are ignored. Note: In version 9.0, CVE records, not already present, are created as NVD records and referenced in the third-party entry for Rapid7, by default.
Close by age	Date after which to close the record. When selected, the choices are 30, 60, or 90 days.

Table 4. Import Configuration tab for Data Warehouse
Field	Description
Create CVE entry check box	When checked, placeholders for CVEs, not already present, are created as NVD records and referenced in the third-party entry for Rapid7. When unchecked, these CVEs are ignored. Note: In version 9.0, CVE records, not already present, are created as NVD records and referenced in the third-party entry for Rapid7, by default.
Min CVSS score	Minimum vulnerable item CVSS score used to filter vulnerable items during import.
Max CVSS score	Maximum vulnerable item CVSS score used to filter vulnerable items during import.
Site filter	Limits the imported Sites Integration data to the sites chosen. You can choose more than one. Note: Since the default setting is to import data from all sites, you do not need to use the filter if you want all sites. Doing so slows down the request.
Close by age check box	Date after which to close the record. When selected, the choices are 30, 60, or 90 days.

Click Save.

The Import since date field in the Rapid7 integrations is blank, by default, except for the Rapid7 Vulnerability Integration - API. It is set to 1999-01-01.

To retrieve historical data during your initial import from the Rapid7 scan, set a start date in the appropriate integration records.
Note: This process works for any Rapid7 integration with the following exceptions. The Rapid7 Exploit and Malware Kit integrations do not show the Import since field because they do not do delta updates and therefore do not use that field. The Rapid7 Asset List integration also ignores the field since its intent is to retrieve all data.
1. Navigate to Rapid 7 > Administration > Integrations
2. Select, for example, Rapid7 Vulnerable Item Integration - API.
3. Set the Import since field to the earliest date you want to retrieve. Each successful import resets this date to that day's date and time.
Your Rapid7 Vulnerability Integration configuration is complete.

What to do next

If your environment requires domain-separated imports, see Create domain-separated imports for the Rapid7 vulnerability integration .

To create or refine your lookup rules prior to import, see Create a CI lookup rule.

How search works:

Topics are ranked in search results by how closely they match your search terms

Install and configure the Rapid7 Integration for Security Operations application

Install and configure the Rapid7 Integration for Security Operations application

On this page

Install and configure the Rapid7 Integration for Security Operations application

Install and configure the Rapid7 Integration for Security Operations application

Log in to personalize your search results and subscribe to topics