The Rapid7 InsightVM Technology Add-On is used for retrieving asset and vulnerability data from InsightVM and ingesting into Splunk following the Common Information Model (CIM). The add-on is designed to be compatible with Splunk Enterprise and Splunk Cloud with the use of a Universal Forwarder. This Technology Add-On is intended to import asset and vulnerability findings from the InsightVM Platform without the use of the InsightVM console. The default configuration will import assets and vulnerabilities for devices that have been scanned since the last import run. Key functionality includes: - Import all asset and vulnerability data when it runs for the first time - Track previous import times to only import assets and their associated vulnerabilities that have been scanned in the time since the last import - Vulnerabilities that are newly found or have been remediated will be imported as new events in Splunk and respectively assigned a status of "new" or "remediated" - Previously imported vulnerabilities that have not changed in status will not be imported as new events and will retain their `found` status - An optional configuration that allows importing all data every run, or every X period of days. The Rapid7 InsightVM Dashboard and Technology Add-On are recommended in place of the Nexpose Dashboard and Technology Add-On listed on Splunkbase for all InsightVM customers. Support for the application is provided by Rapid7 Support via our Customer Support Portal at https://www.rapid7.com/for-customers/
(0)
Categories
Created By
Type
Downloads
Licensing
Splunk Answers
Resources