Configuring the Rapid7 Scanner Connector

As an administrator, you can configure different types of scanners to scan security risks and vulnerabilities across your IT infrastructure. 

Rapid7 is a comprehensive vulnerability management solution that provides complete visibility of the security risks across your IT infrastructure. With this integration, you can retrieve the vulnerability scan results from multiple Rapid7 instances and process the vulnerabilities to map the remediation content. You can then create operations to remediate vulnerabilities. 

After you configure and run this connector, the scan files that contains the Rapid7 assets and vulnerabilities are automatically imported into Automation Console.

Before you begin

Make sure that the following prerequisites are met:

  • One or more configured Rapid7 instances are running in your environment.
  • Install and run the connector on Windows or Linux operating systems based on the following criteria:

    • AdoptOpenJDK Runtime Environment 17 is installed on the connector host.

    • Port requirements:


      Port

      Protocol

      From

      To

      Notes

      443

      HTTPS

      Connector

      HAC SaaS and Internet

      Outbound

      443 OR <Customer configured port>

      HTTPS

      Connector

      Rapid7 Server

      Outbound

      443

      HTTPS

      Rapid7 Server 

      Connector

      Inbound

      • Connector's Outbound port 443 should be opened for ifm url specified in creds.json available in <connectorDirectory>/config/ folder. For example, 

        "endpoints": {        "ifm": "https://<url>"
            }


To configure the Rapid7 scanner connector

  1. In BMC Helix Automation Console, click Configuration and then click Connectors.
  2. On the Manage Connectors page, click Add Connector.
  3. On the Add Connector page, from the list of available Connector types, select Scanner Connector.
  4. Click Add Configuration.
  5. On the Add configuration page, provide the following details:
    1. In the Vendor field, select Rapid7 from the list.
    2. In the Connector details section, provide the following information:
      1. In the Configuration Name field, specify a unique name which is assigned to the scan files imported into Automation Console.
      2. (Optional) In the Configuration Description field, provide a description of the connector.

      3. In the Admin Security Group field, specify one or more admin security groups (comma separated list) that can access the scan results.
        If you do not specify a security group, all the admin security groups can access the scan files that are imported from Rapid7.

        The [confluence_note] macro is a standalone macro and it cannot be used inline. Click on this message for details.

    3. In the Connector Configuration section, perform the following steps:
      1. In the Endpoint URL field, specify the URL to connect to Rapid7.

      2. In the Fetch Data From field, specify the number of days for which you want to fetch the scan results.

        Important

        Automation Console retrieves the vulnerability data for the specified days during the first import. If you do not specify any value, Automation Console retrieves all the reported vulnerabilities from the Rapid7 instances.

        For all the imports during the next schedule, Automation Console fetches only those vulnerabilities and assets that were scanned and available in Rapid7 after the last sync date.

    4. In the Authentication Details section, perform the following steps:
      1. Enter the User Name set for your account with Rapid7.
      2. Enter the Password set for your account with Rapid7.
    5. In the Filters section, provide values to fetch the specific scanned data:
      1. Select the required Severity levels.
      2. In the NetworkIPv4 field, enter either an IP range such as [192.168.10.100 - 192.168.10.200], or a single Network IP such as 192.168.1.100, to fetch more precise data. You cannot enter multiple Network IP addresses as comma separated values.

      3. In the Additional Filters field, specify the filters supported by Rapid7 to fetch further detailed scanned data.
        For the list of Rapid7 filters, refer the Search Criteria section in the INSIGHTVM API Documentation.

        Important

        • You can apply additional filters only to assets in Rapid7.

        • You must provide the additional filter in JSON format to ensure a successful scan.

          [

             {
                 "field": "vulnerability-title",
                 "operator": "is",
                 "value": "Weak LAN Manager hashing permitted"
              }
           ]

    6. In the Auto-close vulnerabilities section, you can select the Enable Auto-close check box to enable the system to automatically close vulnerabilities that were fixed in the previous scan and are no longer present in the subsequent scan.
  6. Click Save.
    The newly added configuration is listed in the Configurations table.
  7. Repeat steps 4to 6to have multiple configurations of the Rapid7 instance, with different filters specified for each configuration.
  8. On the Manage Connectors page, in the Configuration Schedule section, specify a frequency at which you want to run the connector, and save the schedule.
  9. Click Continue and download the connector zip file on a local host. 

  10. From the connector location on the server where the connector file is downloaded and extracted, run the following command to install and start the connector: 

    • Windows: run.bat
    • Linux: run.sh

    You can view the connector status on the Connectors page.

  11. (Optional) To configure the Scanner connector as a service, perform the following steps:
    1. Make sure the scanner-connector.xml file is available in a folder where the connector zip file is unzipped.
    2. Run the scanner-connector.exe install command. 
    3. A new service with the name BMC Scanner Connector is created on the host and can be used as any other available service.

Important

The minimum duration for data collection between the consecutive schedules is 10 minutes.

Vulnerability scan files are created with the specified configuration names. Automation Console processes each configuration sequentially.

To update the connector

  1. On the Manage Connectors page, click Action against the Scanner connector and then click Disable.
  2. Click Action against the Scanner connector and then click Edit.
  3. The available configurations are displayed. To quickly locate the required configuration, search or sort the configurations by the various columns, such as Status and Vendor.
  4. Edit the information according to your requirements and click Update

Important

As an administrator, you must perform the following steps after updating the connector:

  1. From the BMC Helix Automation Console UI, click Configuration and then click Connectors.
  2. Click Action against the Scanner connector and then click Download.
  3. Click Action against the Scanner connector and then click Enable.

To enable debug mode

Best practice
We recommend that you do not modify any other configuration files available in the /config directory. However, you can enable the debug mode on the connector to obtain detailed logging information.

  1. Press CTRL+C twice to stop the connector, if its already running.

  2. Navigate to <ConnectorLocation>/config, open the application.properties file, add the following parameter, and set it to debug:

    #
    #Logging related Properties
    logging.level.com.bmc.truesight.scannerconnector=debug
  3. Save the file.
  4. Restart the connector.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*