Rapid 7 support

IVR integration with Rapid7 allows BigFix to retrieve vulnerability data, correlate it with devices, and recommend remediation actions based on CVEs. It also provides detailed reports on vulnerability severity and exposure dates, enhancing overall vulnerability management.

Note: Rapid 7 support is configured and managed directly through the WebUI.
Note: For a new asset added to Insights, we currently cannot retrieve findings data that was discovered prior to the last Rapid 7 scan date known by Insights.

To add Rapid 7 data source:

  1. Click the gear icon located in the navigation bar within the WebUI app and select Insights. This action will direct you to the Setup BigFix Insights page.
  2. Navigate to the Data Source tab and click on Add Data Source.
  3. Select the Rapid 7 data source type and provide the following essential details:
    • Data Source Alias
    • API key
      Note: The API key must have access to the following Rapid7 API resources:
      • https://{region}.api.insight.rapid7.com/vm/v4/integration/vulnerabilities
      • https://{region}.api.insight.rapid7.com/vm/v4/integration/assets
    • Region - region code of API endpoint. For more information on the region code, please refer to the Rapid 7 official documentation.
    • Data start date: the date from which you want to start pulling the data for scans
    • Associated Datasources: pick the specific datasource from which you intend to extract data
    • Filter string: Use this field to apply filters to vulnerabilities as required. For instance: {"vulnerability":"severity IN ['CRITICAL']"} - this filter will only capture vulnerabilities by severity level CRITICAL.

      The accepted format for filters is JSON. To view available filters in the Rapid7 query builder, please refer to the Rapid 7 official documentation.

    • Proxy Attributes
  4. A new data source is now ready to pull Rapid 7 data into the Insights database. To arrange your ETL process, click Set up ETL. For more instructions on configuring ETL, refer to Scheduling an ETL.
    Note: It is important to initiate the Rapid 7 ETL after the BFE ETL is finished. New devices added to your BigFix environment will be integrated into Insights once you execute another data synchronization.
  5. Go to IVR Access tab and grant access. For more information on how to grant access see IVR Access.
  6. Navigate to Apps and select IVR from the dropdown menu. Your Rapid 7 data is now accessible. To activate the action bar, select one or more vulnerabilities from the data grid.