Skip to main content

Rapid7 Configuration Guide

1. Introduction

  • A valid Username and Password is required in order to access Rapid7

2. Prerequisites

  • Administrator access to the Rapid7 console.

3. Rapid7 Setup Guide

  • Log in to Rapid7 InsightVM product as an administrator

3.1. Creating User with required permission

  • Create a new user with at least Site Owner role or above
  • Click on Administration in the left panel → User Management
  • Complete user details under User Information tab and assign a suitable role under User Role tab.
  • Give the user permission to the desired sites or asset groups and finalize user creation.
  • Access the platform using the the created user.
  • Store your Rapid7 InsightVM username and password.

NOTE! Rapid7 InsightVM's API primarily uses Basic Auth. You will use in ASCERA directly username and password.

3.2. Additional configuration for RA0002

In order to be able to run the ASC.RA-0002 automation, you must have configured a sql report template inside Rapid7 InsightVM platform:

  1. From Rapid7 InsightVM platform’s lateral menu, select “Report“ → “Console Generated“
  2. Select the “Create a Report“ tab, use this name for the report: RA0002 (mandatory) and select “SQL Query Export” report template
  3. In the SQL Export Configuration section insert this query
  4. Select the site/s and any vulnerability filters you wish
  5. Make sure you click on “Save the report“
  6. Now you should be able to run ASC.RA-0002 navigating to Security Controls page in ASCERA.

NOTE! Only the report owner will be able to generate reports, therefore will be able to run this automation. If you wish to have someone else as report owner, when configuring the report click on Configure advanced settings → Access → select report owner