The Rapid7 connector ingests assets and vulnerabilities from Rapid7 InsightVM to Qualys ETM for unified risk analysis and prioritization.
What is the Rapid7 API Connector?
The connector securely synchronizes assets and findings from Rapid7 using scheduled API calls, normalizes them, and applies TruRisk scoring within ETM.
| Category | Supported Asset Type | Supported Finding Type |
|---|---|---|
| API Connector | Host Asset | Vulnerability and Assets |
Prerequisites
User Role and Permissions
To get started with creating a Rapid7 Connector, you must create a user and generate an API key in your Rapid7 account.
Authentication Details
| Name | Key | Type | Description |
|---|---|---|---|
| Region | region |
String |
Provide the region as per your instance. Regions: |
| API Key | apiKey |
Encrypted String | Rapid7 API key. |
Steps to create Users
- Login to Rapid7 instance .
- Navigate to Settings > Users > Create New Users.
- Fill up all the required details user.
- Email Address: Enter the email address of user.
- First Name: Add First Name of the user.
- Last Name: Add Last Name of the user.
- Timezone: Select Time zone of the user.
- Click Save User Details.
- Privileges :Select the role that best defines the permissions required by the token.
- Click on save individual Privileges.
Steps to generate API Key.
- Login to Rapid7 instance.
- Navigate to Settings > API Keys.
- Now Click Generate New User Key.
- Now select the Organization and Add Name.
- Click Submit.
- Copy your generated API key.
Connector Configuration
Basic Details
- Provide Name and Description.
- Select findings type (supported: Assets and Vulnerability / Host Asset).
- Enter Region and API Key.
Data Models
The Rapid7 API Connector offers an out-of-box data model mapping for you to map with Qualys ETM schema. You can view the schema to understand the attributes in the data model.
Transform Maps
Default transform maps are provided. You can create or clone maps and set Transform Map Name, Source Data Model, and Target Data Model.
Profile
Create a profile with Name, Description, Transform Map, Status, and Schedule.
When editing a connector, you can find the Retain Delta checkbox. Select this checkbox to retain delta that has already been set for this connection. Deselecting this resets delta and begins fresh ingestion.
Scoring
Map Rapid7 non-CVE severities/labels to QDS 0–100; set Default Severity for unmatched values.
Select Identification Rules
The Identification Rules are a set of out-of-the-box precedence rules set by Qualys CSAM. The connector discovers findings based on the order set by the selected Identification Rules.
You can proceed to the next step without making any changes to this screen.
If you don't want to choose a specific rule, turn off the toggle next to it. But, ensure that at least one rule is selected.
To learn more about the different rules and options present in this screen, refer to the CSAM Online Help.
How Does a Connection Work?
The connector executes on schedule (or on-demand), pulling asset and vulnerability data into ETM for analysis.
In the Connector screen, you can find your newly configured connector listed and marked in the Processed state.
Connector States
A successfully configured connector goes through 4 states.
- Registered - The connector is successfully created and registered to fetch data from the vendor.
- Scheduled - The connector is scheduled to execute a connection with the vendor.
- Processing - A connection is executed and the connector is fetching the asset and findings data.
- Processed - The connector has successfully fetched the assets, it may still be under process of fetching the findings. Wait for some more time for the connector to fetch the findings completely.
The Processed state indicates that the Connector is successfully configured but it is under the process of importing all your assets and findings. This process (specifically for findings) may take some time.
This entire process may take up to 2 hours for completion. Once it is done, you can find the imported data in Enterprise TruRisk Management (ETM).
View Assets and Findings in ETM
- Assets: Inventory > Assets > Host. Use the filer
tags.name:"Rapid7"
- Findings: Risk Management > Findings > Vulnerability. Use the filter
finding.vendorProductName:"Rapid7"
Additional Resources
API References
| Name | Endpoint | Supported Regions |
|---|---|---|
| Fetch Asset | https://{region}.api.insight.rapid7.com/vm/v4/ |
us, us2, us3, eu, ca, au, ap |
| Fetch Vulnerabilities | https://{region}.api.insight.rapid7.com/vm/v4/ |
us, us2, us3, eu, ca, au, ap |
Rapid7 Vulnerability Data Model Map
The Rapid7 to Qualys Vulnerability data model mapping.
| Source Field | Target Field |
|---|---|
| Id | externalAssetId |
| Host Name | assetName |
| Ip | ipAddress |
| Mac | macAddress |
| Os Name | operatingSystemName |
| Os Version | operatingSystemVersion |
| Vulnerability First Found Date Format: yyyy-MM-dd'T'HH:mm:ss'Z' |
findingFirstFoundOn |
|
Vulnerability Last Found Date Format: |
findingLastFoundOn |
| Vulnerability Id | externalFindingId |
| Vulnerability Solution Type | remediationStrategy |
| Vulnerability Port | findingPort |
| Vulnerability Protocol | findingProtocol |
| Vulnerability Title | findingName |
| Vulnerability Risk Score | detectionScore |
| Vulnerability CVE Id | cveId |
| Vulnerability Description | findingDescription |
| Vulnerability Cvss V2 Score | cvssV2Base |
| Vulnerability Cvss V3 Score | cvss3Base |
| Host Name | findingSeverity |
| Vulnerability Solution Fix | recommendation |
| Vulnerability Status | findingStatus |
| Vulnerability links href | references |
| Vulnerability Categories | findingSubType |
Rapid7 Asset Data Model Map
The Rapid7 to Qualys Asset data model mapping.
|
Source Field |
Target Field |
|---|---|
|
id |
externalAssetId |
|
host_name |
assetName |
|
ip |
ipAddress |
|
mac |
macAddress |
|
os_name |
operatingSystemName |
|
os_vendor |
operatingSystemPublisher |
|
os_architecture |
operatingSystemArchitecture |
|
os_version |
operatingSystemVersion |