Skip to content

Rapid7 Insight

Rapid7 Insight

About

Partnering with Rapid7 gives you solutions you can count on, seamless controls, and the strategic guidance you need to stay ahead of attacks. The Insight Platform also helps unite your teams so you can stop putting out fires and focus on the threats that matter. Security, IT, and DevOps now have easy access to vulnerability management, application security, detection and response, external threat intelligence, orchestration and automation, and more.

Product Details

Vendor URL: Rapid7 Insight

Product Type: Vulnerability Management

Product Tier: Tier II

Integration Method: Syslog

Integration URL: Rapid7 Insight

Log Guide: N/A

Parser Details

Log Format: JSON

Expected Normalization Rate: Near 100%

Data Label: RAPID7_INSIGHT

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
critical_vulnerabilities additional.fields
exploits additional.fields
host_name principal.hostname
id principal.asset.asset_id
ip principal.ip
mac principal.mac
os_architecture principal.labels (deprecation Nov 29 2024)
os_architecture additional.fields
os_description principal.platform_version
risk_score additional.fields
unique_identifiers principal.labels (deprecation Nov 29 2024)
unique_identifiers additional.fields
same.solution_fix extensions.vulns.vulnerabilities.about.labels
same.solution_id extensions.vulns.vulnerabilities.about.labels
same.solution_summary extensions.vulns.vulnerabilities.about.labels
same.solution_type extensions.vulns.vulnerabilities.about.labels
same.proof extensions.vulns.vulnerabilities.description
same.vulnerability_id extensions.vulns.vulnerabilities.vendor_vulnerability_id
same.status extensions.vulns.vulnerabilities.severity_details
last_found metadata.event_timestamp
last_found extensions.vulns.vulnerabilities[0].last_found
first_found extensions.vulns.vulnerabilities[0].first_found
solution_summary,solution_type extensions.vulns.vulnerabilities[0].description
proof extensions.vulns.vulnerabilities[0].name
solution_fix extensions.vulns.vulnerabilities[0].vendor_knowledge_base_article_id
vulnerability_id extensions.vulns.vulnerabilities[0].vendor_vulnerability_id

Product Event Types

type,subtype UDM Event Classification
blank GENERIC_EVENT

Log Sample

{"check_id":null,"first_found":"2023-07-25T23:18:08Z","key":"C:\\Program Files\\Java\\jre1.8.0_311\\bin\\java.dll","last_found":"2023-08-25T12:15:08.394Z","port":null,"proof":"\u003cp\u003e\u003cp\u003eVulnerable OS: Microsoft Windows 10 20H2\u003cp\u003e\u003c/p\u003e\u003c/p\u003e\u003cp\u003eVulnerable software installed: Oracle JRE 1.8.0.311 (C:\\Program Files\\Java\\jre1.8.0_311\\bin\\java.dll)\u003c/p\u003e\u003c/p\u003e","protocol":null,"solution_fix":"\u003cp\u003eDownload and apply the upgrade from: \u003ca href=\"https://www.java.com/en/download/manual.jsp\"\u003ehttps://www.java.com/en/download/manual.jsp\u003c/a\u003e\u003c/p\u003e","solution_id":"jre-upgrade-latest","solution_summary":"Upgrade to the latest version of Oracle Java","solution_type":"rollup","status":"VULNERABLE_VERS","vulnerability_id":"jre-vuln-cve-2023-21937"}

Sample Parsing

metadata.event_timestamp = "2023-08-25T13:38:44.765196Z"
metadata.event_type = "GENERIC_EVENT"
metadata.log_type"RAPID7_INSIGHT"
metadata.product_name"Insight"
metadata.vendor_name"Rapid7"
extensions.vulns.vulnerabilities[0].description = "rollup -- Upgrade to the latest version of Oracle Java"
extensions.vulns.vulnerabilities[0].first_found = "2023-07-25T23:18:08Z"
extensions.vulns.vulnerabilities[0].last_found = "2023-08-25T12:15:08.394Z"
extensions.vulns.vulnerabilities[0].name = "Vulnerable OS: Microsoft Windows 10 20H2 Vulnerable software installed: Oracle JRE 1.8.0.311 (C:\Program Files\Java\jre1.8.0_311\bin\java.dll)"
extensions.vulns.vulnerabilities[0].vendor_knowledge_base_article_id = "Download and apply the upgrade from: https://www.java.com/en/download/manual.jsp"
extensions.vulns.vulnerabilities[0].vendor_vulnerability_id = "jre-vuln-cve-2023-21937"

Parser Alerting

This product currently does not have any Parser-based Alerting

Rules

Coming Soon