These inputs allow you to further filter the data that Splunk retrieves and ingests. The add-on uses inputs to configure the import of asset and vulnerability data from InsightVM. Additional region information is available in the Supported Regions section of the Product APIs page.Enter your region, which is a two-character string based on your location (such as us).Navigate to the Rapid7 InsightVM Technology Add-On available under the Apps menu in Splunk.Copy and store the generated key in a secure location.Īfter you have an API key, follow these steps to configure the InsightVM connection in Splunk.Enter a name for the key and click Generate.Select the gear icon in the top menu and click API Keys.If you need to generate a new API key for a connection, follow these steps: The add-on allows you to create multiple connections if you want to use different connections across different inputs. The connection requires an API key for connecting to and retrieving data from InsightVM. You must configure two components in the add-on before you can use it: When prompted, restart Splunk to finish.Search for the "Rapid7 InsightVM Technology Add-On".
Album or cover guano apes proud like a god install#
You can install the add-on as an app using the Splunk UI: All new vulnerability findings are defined with finding_status = new. Yes, the InsightVM add-on imports vulnerabilitiy findings with a finding_status = remediated value as remediation takes place. Vulnerability finding imports include remediation status on a device All subsequent imports only include data from assets and vulnerabilities that have been scanned since. Imports historical data when run for the first time It is possible to filter by site IDs with the Nexpose add-on, but no other filtering is supported. Yes, the InsightVM add-on features the same asset and vulnerability filters available with the Query Builder and can define them with input configurations to reduce the scope of the data being imported. Provides the ability to filter assets and vulnerabilities within scope
Since all vulnerabilities are imported for the assets identified in new sites, there is no way to distinguish between a new, existing, or remediated vulnerability. The Nexpose add-on imports data based on any new scans identified for the sites in scope. This reduces the amount of data stored in Splunk and makes that data more actionable. Yes, the InsightVM add-on only imports the assets and vulnerabilities of recently scanned devices each time the input is run. No, the Nexpose add-on only includes a list of tag names for imported assets. Any sites included with an asset will show up under the tags key. Yes, the asset import will include Sites and Tags however, Asset Groups are not currently included. Includes Site, Tag, and Asset Group details for imported Assets No, the Nexpose add-on pulls all data from the Security Console using SQL reports. Yes, the InsightVM add-on pulls data from the Insight Cloud and does not impact the on-premises Security Console. Leverages the Rapid7 Insight Cloud to pull asset and vulnerability data The new InsightVM edition of this add-on differs from its predecessor in the following ways: For InsightVM customers, these new Splunk import and visualization tools functionally replace the older Nexpose Technology Add-On and Nexpose Dashboard. The InsightVM Technology Add-On for Splunk allows you to import InsightVM asset and vulnerability data into your Splunk environment and view that data with the companion InsightVM Dashboard.
0 kommentar(er)
