### Install .DEB Package using dpkg Source: https://docs.rapid7.com/insightvm/scan-assistant-combined This command installs a Debian (.DEB) package for the Scan Assistant. Ensure you are in the directory containing the downloaded .deb file. The output should indicate successful installation and service start. ```bash sudo dpkg -i R7ScanAssistant_amd64.deb ``` -------------------------------- ### Scan Assistant Configuration File Source: https://docs.rapid7.com/insightvm/scan-assistant-combined Provides an example of the `config.json` file used to configure the Scan Assistant. Key fields include `ClientCertificate`, `ResponseTimeout`, `Debug`, and `PackageManager`. This file is essential for setting up communication and operational parameters. ```json { "ClientCertificate": "", "ResponseTimeout": 300, "Debug": false, "PackageManager": "rpm" } ``` -------------------------------- ### Verify Scan Assistant Installation Source: https://docs.rapid7.com/insightvm/scan-assistant-combined Commands to verify the successful installation of the Scan Assistant package. It includes listing installed packages with detailed information and checking for the Scan Assistant process in memory. ```bash rpm -q R7scanassistant_amd64 -i ps -ef | grep ScanAssistant ``` -------------------------------- ### Run Windows Collector Installer Source: https://docs.rapid7.com/insightvm/collector-installation-and-deployment This command initiates the InsightVM Collector installation on a Windows host by running the executable installer. A wizard will guide the user through the setup. ```batch InsightSetup-Windows64.exe ``` -------------------------------- ### Install RPM Package and Verify Service Source: https://docs.rapid7.com/insightvm/scan-assistant-combined Installs the RPM package for the Scan Assistant and verifies that the service is installed and running correctly. This process involves using the `rpm` command for installation and `ps` command for checking the running process. ```bash sudo rpm -ivh R7ScanAssistant_amd64.rpm ps -ef | grep ScanAssistant ``` -------------------------------- ### RPM Package Installation Commands Source: https://docs.rapid7.com/insightvm/scan-assistant-combined Demonstrates commands for managing GPG keys and verifying RPM packages on Red Hat-based systems. This includes listing, importing, and querying GPG keys, as well as verifying the integrity of the RPM file before installation. ```bash rpm -qa gpg-* rpm --import {public-GPG-key-here} rpm -qi gpg-pubkey rpm -K R7ScanAssistant_amd64.rpm ``` -------------------------------- ### Verify .DEB Package Installation Source: https://docs.rapid7.com/insightvm/scan-assistant-combined These commands help verify if the Scan Assistant has been successfully installed and is running on a Debian-based system. The first command lists installed packages matching 'r7scanassistant', and the second checks for the 'ScanAssistant' process in memory. ```bash sudo dpkg-query -l | grep r7scanassistant ``` ```bash ps -ef | grep ScanAssistant ``` -------------------------------- ### Install dpkg-sig Utility Source: https://docs.rapid7.com/insightvm/scan-assistant-combined This command installs the `dpkg-sig` utility, which is required for verifying the GPG signature of Debian (.DEB) package files. It uses the `apt-get` package manager, common on Debian-based systems. ```bash sudo apt-get install dpkg-sig ``` -------------------------------- ### Install and Use Screen on Ubuntu Source: https://docs.rapid7.com/insightvm/post-installation-engine-to-console-pairing Instructions for installing and using the 'screen' utility on Ubuntu for managing Scan Engine sessions. Includes commands to check installation, install, restart the service, and initiate a session. ```bash screen -ls ``` ```bash sudo apt-get install screen ``` ```bash systemctl restart nexposeengine.service ``` ```bash screen -r nexpose ``` -------------------------------- ### Scan Assistant Configuration for Linux (.DEB) Source: https://docs.rapid7.com/insightvm/scan-assistant Example of the config.json file used for Scan Assistant configuration on Debian-based systems. This file specifies parameters like ClientCertificate, ResponseTimeout, Debug, and PackageManager. ```json { "ClientCertificate": "", "ResponseTimeout": 300, "Debug": false, "PackageManager": "deb" } ``` -------------------------------- ### Run Windows InsightVM Installer Source: https://docs.rapid7.com/insightvm/insightvm-quick-start-guide This describes the process of running the InsightVM installer on Windows. It involves double-clicking the installer icon and following the on-screen wizard. A command line window may appear during preparation, but no interaction is needed. ```powershell Double-click the installer icon. Follow the wizard instructions. ``` -------------------------------- ### Install and Use Tmux on RHEL Source: https://docs.rapid7.com/insightvm/post-installation-engine-to-console-pairing Instructions for installing and using the 'tmux' utility on Red Hat Enterprise Linux (RHEL) for managing Scan Engine sessions. Includes commands to check installation, install, restart the service, and initiate a session. ```bash tmux ls ``` ```bash sudo yum install tmux ``` ```bash systemctl restart nexposeengine.service ``` ```bash tmux a -t nexposeengine ``` -------------------------------- ### Start Scan Engine Service on Linux Source: https://docs.rapid7.com/insightvm/install This snippet shows the command to start the Scan Engine service on a Linux system. Ensure the service name 'nxposeengine.service' is correct for your installation. This command requires appropriate user permissions. ```shell systemctl start nexposeengine.service ``` -------------------------------- ### Example InsightVM Log Entry Source: https://docs.rapid7.com/insightvm/troubleshooting Provides a concrete example of a log entry following the defined structure, illustrating how a Security Console startup event is recorded. This helps users understand what typical log output looks like. ```log 2011-12-20T16:54:48 [INFO] [Thread: Security Console] Security Console started in 12 minutes 54 seconds ``` -------------------------------- ### InsightVM API: Error Handling Example Source: https://context7.com/context7/rapid7_insightvm/llms.txt Demonstrates how to handle errors when interacting with the InsightVM API, showing an example of a 'Not Found' error response for a non-existent site. ```bash # Error handling example - requesting a non-existent site curl https://:3780/api/3/sites/999 \ -u "username:password" ``` -------------------------------- ### Run Linux Collector Installer Source: https://docs.rapid7.com/insightvm/collector-installation-and-deployment This command executes the InsightVM Collector installer script on a Linux system. A terminal wizard will guide the user through the installation process. ```shell ./InsightSetup-Linux64.sh ``` -------------------------------- ### Verify DEB File Signature Source: https://docs.rapid7.com/insightvm/scan-assistant-combined This command uses the `dpkg-sig` utility to verify the integrity and authenticity of a downloaded Debian (.DEB) package file. Replace `R7ScanAssistant_amd64.deb` with the actual filename. ```bash dpkg-sig -c R7ScanAssistant_amd64.deb ``` -------------------------------- ### Manage Rapid7 InsightVM Engine Service (systemctl) Source: https://docs.rapid7.com/insightvm/virtual-appliance-guide Commands to check the status, start, and stop the nexposeengine service. These are crucial for the functioning of the InsightVM scanning engines. ```bash sudo systemctl status nexposeengine.service ``` ```bash sudo systemctl start nexposeengine.service ``` ```bash sudo systemctl stop nexposeengine.service ``` -------------------------------- ### Install Kernel Updates for Hardware Appliances Source: https://docs.rapid7.com/insightvm/patching-appliances-for-meltdownspectre Installs the latest generic kernel update for hardware appliances using apt-get. This command sequence updates package lists and installs the necessary kernel package to address vulnerabilities. ```bash apt-get update apt-get install linux-generic ``` -------------------------------- ### Install Linux Scan Engine for InsightVM Source: https://context7.com/context7/rapid7_insightvm/llms.txt This snippet outlines the command to start the installation of a Linux scan engine in engine-only mode. The installation requires selecting 'Scan Engine only' and 'Engine-to-Console' communication during the wizard, along with the Security Console IP and port. ```bash ./InsightVM-Linux-x64.bin -c ``` -------------------------------- ### Start and Enable InsightVM Scan Engine Service Source: https://context7.com/context7/rapid7_insightvm/llms.txt These commands are used to start the InsightVM scan engine service and configure it to start automatically on system boot. Verifying the service status is also included. ```bash systemctl start nexposeengine.service systemctl enable nexposeengine.service systemctl status nexposeengine.service ``` -------------------------------- ### Backup Directory Creation for Linux and Windows Source: https://docs.rapid7.com/insightvm/migrate-backup-to-new-security-console-host Details the required directory structure for restoring backups on a new Security Console installation for both Linux and Windows. ```shell Linux - /opt/rapid7/nexpose/nsc Windows - C:\Program Files\Rapid7\nexpose\nsc ``` -------------------------------- ### Report Storage Directory Path Example Source: https://docs.rapid7.com/insightvm/distributing-sharing-and-exporting-reports This example shows the default directory structure for storing reports on the Security Console host. It indicates a hierarchical path including installation directory, report directory, and user name. ```shell /[installation_directory]/nsc/reports/[user_name]/ ``` -------------------------------- ### Manage Rapid7 InsightVM Console Service (systemctl) Source: https://docs.rapid7.com/insightvm/virtual-appliance-guide Commands to check the status, start, and stop the nexposeconsole service. These are essential for maintaining the InsightVM console's operational state. ```bash sudo systemctl status nexposeconsole.service ``` ```bash sudo systemctl start nexposeconsole.service ``` ```bash sudo systemctl stop nexposeconsole.service ``` -------------------------------- ### RPM Package Installation and Verification Commands Source: https://docs.rapid7.com/insightvm/scan-assistant These commands are used to install the Scan Assistant RPM package, verify its GPG signature, and check the service status after installation on Red Hat-based systems. ```bash rpm -qa gpg-* ``` ```bash rpm --import {public-GPG-key-here} ``` ```bash rpm -qi gpg-pubkey ``` ```bash rpm -K R7ScanAssistant_amd64.rpm ``` ```bash sudo rpm -ivh R7ScanAssistant_amd64.rpm ``` ```bash rpm -q R7scanassistant_amd64 -i ``` ```bash ps -ef | grep ScanAssistant ``` -------------------------------- ### Wrap Scan Assistant Keys into PKCS#12 Source: https://docs.rapid7.com/insightvm/scan-assistant-combined Combines the private key (scan-assistant.key) and public certificate (scan-assistant.pem) into a PKCS#12 file (scan-assistant.p12). This file is used to import credentials into the Vulnerability Management console. ```bash openssl pkcs12 -export -inkey scan-assistant.key -in scan-assistant.pem -out scan-assistant.p12 ``` -------------------------------- ### Make Linux Installer Executable and Run Source: https://docs.rapid7.com/insightvm/install Commands to change the permissions of the downloaded Linux installer to make it executable and then run the installer. The `-c` flag is used for command-line installation. ```shell chmod +x .bin ./ -c ``` -------------------------------- ### Install .DEB package on Debian-based Linux Source: https://docs.rapid7.com/insightvm/scan-assistant Installs the Scan Assistant package using the dpkg command on Debian-based Linux distributions. It also includes steps for verifying the installation and checking service status. Requires sudo privileges. ```bash sudo apt-get install dpkg-sig dpkg-sig -c R7ScanAssistant_amd64.deb sudo dpkg -i R7ScanAssistant_amd64.deb sudo dpkg-query -l | grep r7scanassistant ps -ef | grep ScanAssistant ``` -------------------------------- ### Install InsightVM Security Console on Linux Source: https://context7.com/context7/rapid7_insightvm/llms.txt Installs the InsightVM Security Console on a Linux system. This involves downloading the installer, verifying its integrity, making it executable, and running it in console mode. Post-installation, the console is accessible via a web browser. ```bash # Linux installation # 1. Download installer and checksum wget https://download.rapid7.com/download/InsightVM/InsightVM-Linux-x64.bin wget https://download.rapid7.com/download/InsightVM/InsightVM-Linux-x64.sha512sum # 2. Verify installer integrity sha512sum -c InsightVM-Linux-x64.sha512sum # 3. Make installer executable chmod +x InsightVM-Linux-x64.bin # 4. Run installer (console mode) ./InsightVM-Linux-x64.bin -c # 5. Access Security Console # Navigate to: https://:3780 # Login with credentials created during installation # Enter activation key when prompted # Expected outcome: # - Security Console running on port 3780 # - PostgreSQL database initialized # - Local scan engine installed and paired # - Vulnerability content database updated ``` -------------------------------- ### List Installed Kernel Packages Source: https://docs.rapid7.com/insightvm/patching-appliances-for-meltdownspectre Lists all installed kernel image packages. This helps in identifying if multiple kernel versions are present and if a patched version is already installed, potentially only requiring a reboot. ```bash dpkg -l | grep linux-image ``` -------------------------------- ### Install Kernel Updates for Virtual/Cloud Appliances Source: https://docs.rapid7.com/insightvm/patching-appliances-for-meltdownspectre Installs the latest virtual kernel update for virtual or cloud appliances using apt-get. This is specifically for virtualized environments where a different kernel package might be required. ```bash apt-get update apt-get install linux-virtual ``` -------------------------------- ### Create Scan Assistant Private Key (RSA) Source: https://docs.rapid7.com/insightvm/scan-assistant-combined Generates a private key for the Scan Assistant using the RSA algorithm with a key length of 3072 bits. This key is essential for securing communications. ```bash openssl genrsa -out scan-assistant.key 3072 ``` -------------------------------- ### InsightVM API: Querying and Filtering Assets Source: https://context7.com/context7/rapid7_insightvm/llms.txt Illustrates how to retrieve asset information from InsightVM, including examples of paginated results and filtering assets by hostname and operating system fingerprint. ```bash # Paginated results for vulnerabilities curl "https://:3780/api/3/vulnerabilities?page=0&size=100&sort=riskScore,DESC" \ -u "username:password" ``` ```bash # Filter and search assets by hostname and OS fingerprint curl "https://:3780/api/3/assets?hostname=prod-*&osFingerprint=Linux" \ -u "username:password" ``` -------------------------------- ### Create Scan Assistant Public Key Source: https://docs.rapid7.com/insightvm/scan-assistant-combined Creates a self-signed public key certificate (scan-assistant.pem) for the Scan Assistant using an existing private key. The certificate is valid for 3650 days and includes subject information. ```bash openssl req -new -nodes -x509 -out scan-assistant.pem -key scan-assistant.key -days 3650 -subj "/O=/OU=/CN=scan.assistant.rapid7.com/emailAddress="" ``` -------------------------------- ### Run Linux Uninstaller Script Source: https://docs.rapid7.com/insightvm/running-the-linux-uninstaller This snippet shows the commands to navigate to the installation directory and execute the uninstaller script for Rapid7 InsightVM on a Linux system. Ensure you back up data before running. ```bash cd [installation directory]/.install4j ./uninstall ``` -------------------------------- ### Check for ActiveX Control Installation (XML) Source: https://docs.rapid7.com/insightvm/common-vulnerability-check-examples This check verifies the presence of a specific ActiveX control on a Windows system using its GUID. It can optionally ignore the kill-bit status of the control. ```xml ``` -------------------------------- ### Private Key File Location Example Source: https://docs.rapid7.com/insightvm/using-ssh-public-key-authentication Indicates the typical file path where the private key is stored on the target asset after generation, often used when copying its contents into the InsightVM interface. ```bash `/tmp/id_rsa` ``` -------------------------------- ### Scan Engine Deployment Source: https://context7.com/context7/rapid7_insightvm/llms.txt Endpoints and procedures for installing, pairing, and managing distributed scan engines. ```APIDOC ## POST /api/3/scan_engines/shared_secret ### Description Generates a shared secret on the Security Console for pairing a distributed scan engine. ### Method POST ### Endpoint https://:3780/api/3/scan_engines/shared_secret ### Parameters #### Authentication - **username** (string) - Required - Console username. - **password** (string) - Required - Console password. ### Response #### Success Response (200) - **secret** (string) - The generated shared secret. - **expiresAt** (string) - The expiration date and time of the secret (ISO 8601 format). ```json { "secret": "a3f7c9e2-4b8d-11ec-9f4e-0242ac120002", "expiresAt": "2025-10-07T15:30:00Z" } ``` ## POST /api/3/scan_engines/{engine_id}/refresh ### Description Refreshes the status of a specific scan engine in the Security Console. ### Method POST ### Endpoint https://:3780/api/3/scan_engines/{engine_id}/refresh ### Parameters #### Path Parameters - **engine_id** (integer) - Required - The ID of the scan engine to refresh. #### Authentication - **username** (string) - Required - Console username. - **password** (string) - Required - Console password. ## GET /api/3/scan_engines/{engine_id} ### Description Retrieves the status and details of a specific scan engine. ### Method GET ### Endpoint https://:3780/api/3/scan_engines/{engine_id} ### Parameters #### Path Parameters - **engine_id** (integer) - Required - The ID of the scan engine to retrieve. #### Authentication - **username** (string) - Required - Console username. - **password** (string) - Required - Console password. ### Response #### Success Response (200) - **id** (integer) - The unique identifier for the scan engine. - **name** (string) - The name of the scan engine. - **address** (string) - The IP address of the scan engine. - **port** (integer) - The port the engine is listening on. - **status** (string) - The current status of the engine (e.g., "active"). - **version** (string) - The version of the scan engine software. - **contentVersion** (string) - The version of the scan content. - **enginePool** (string or null) - The name of the engine pool it belongs to, if any. - **sites** (array) - A list of site IDs associated with this engine. ```json { "id": 4, "name": "Engine-DMZ-01", "address": "10.50.1.25", "port": 0, "status": "active", "version": "6.6.250", "contentVersion": "2025-10-07-113020", "enginePool": null, "sites": [47, 48, 52] } ``` ``` -------------------------------- ### Example Asset Filters for InsightVM Import Source: https://docs.rapid7.com/insightvm/insightvm-technology-add-on-for-splunk Provides example queries for filtering assets imported from InsightVM. These filters can be used in the 'Asset Filter' field of the Asset Import input. ```Splunk Search sites IN [`site-name`] ``` ```Splunk Search tags IN [`tag-name`] ``` ```Splunk Search os_family = `Windows` ``` -------------------------------- ### Apply Netplan Configuration Source: https://docs.rapid7.com/insightvm/virtual-appliance-guide Applies the network configuration specified in the netplan file and restarts the networking service. This command ensures that the new network settings take effect. ```Shell sudo netplan apply ``` -------------------------------- ### Check Installed Software Version (VulnerabilityCheck XML) Source: https://docs.rapid7.com/insightvm/common-vulnerability-check-examples Checks for a specific version of installed software on a system. This example targets Microsoft Exchange 2000 Server with Service Pack 3. ```xml SP3 ``` -------------------------------- ### Create Single-Line PEM Certificate (Linux) Source: https://docs.rapid7.com/insightvm/scan-assistant This command takes the generated scan-assistant.pem file and formats it into a single line using xargs. This is useful for copying and pasting into configuration fields. ```bash cat scan-assistant.pem | xargs ``` -------------------------------- ### Garbage Collection Source: https://docs.rapid7.com/insightvm/using-the-command-console Starts the Java garbage collector to free up unused resources. ```bash garbage collect ``` -------------------------------- ### InsightVM API: Bulk Operations and Metadata Retrieval Source: https://context7.com/context7/rapid7_insightvm/llms.txt Provides examples for performing bulk operations, such as deleting multiple assets, and for retrieving API metadata to discover available endpoints. ```bash # Bulk operations - delete multiple assets curl -X DELETE https://:3780/api/3/assets \ -H "Content-Type: application/json" \ -u "username:password" \ -d '{ "assets": [201, 202, 203, 204] }' ``` ```bash # Get API metadata and available endpoints curl https://:3780/api/3 \ -u "username:password" ``` -------------------------------- ### Linux Collector Installation Dependency Source: https://docs.rapid7.com/insightvm/collector-troubleshooting Command to install the necessary 32-bit libraries (`ia32-libs`) to resolve `java.lang.NoClassDefFoundError: java.awt.Container` during Linux Collector installation. ```Shell sudo apt-get install ia32-libs ``` -------------------------------- ### Show InsightVM Licenses Source: https://docs.rapid7.com/insightvm/using-the-command-console Lists all licenses currently active within the InsightVM installation. The system supports the operation of multiple licenses concurrently. ```console show licenses ``` -------------------------------- ### Create Site from Discovery Connection using API Source: https://context7.com/context7/rapid7_insightvm/llms.txt This code example demonstrates creating a site in InsightVM linked to a discovery connection via the API. It requires the console IP, authentication, site name, discovery connection ID, and a scan template ID. This automates the creation of sites based on discovered assets. ```bash curl -X POST https://:3780/api/3/sites \ -H "Content-Type: application/json" \ -u "username:password" \ -d '{ "name": "AWS Production Instances", "discoveryConnection": { "id": 7, "autoImport": true }, "scanTemplateId": "full-audit-without-web-spider" }' ``` -------------------------------- ### Get Scan Engine Property Value Source: https://docs.rapid7.com/insightvm/using-the-command-console Retrieves the value of a specific parameter associated with the Scan Engine. If no parameter is specified, it lists all available properties. Example: 'get property os.version'. ```console get property [] ``` -------------------------------- ### Boolean Logic for Vulnerability Checks Source: https://docs.rapid7.com/insightvm/common-vulnerability-check-examples This example demonstrates using boolean logic ('or' in this case) to combine multiple conditions within an HTTP check. It looks for specific regex patterns in the response of a GET request to the root URI. ```xml VulnerabilityCheck id=”example-http-sensitive-data” scope=”endpoint”> / secret password SSN: [0-9]{3}-[0-9]{2}-[0-9]{4} ``` -------------------------------- ### Uninstall Scan Assistant (Windows MSI) Source: https://docs.rapid7.com/insightvm/scan-assistant-combined This command line instruction uninstalls the Scan Assistant from a Windows asset using the standard Microsoft Windows installer (msiexec.exe). Refer to Microsoft's documentation for a comprehensive list of command-line options. ```bash msiexec /x ScanAssistantInstaller.msi /qn ``` -------------------------------- ### List Security Consoles on Scan Engine Source: https://docs.rapid7.com/insightvm/post-installation-engine-to-console-pairing Command to display all configured Security Console entries on the Scan Engine, including newly added ones. ```bash show consoles ``` -------------------------------- ### RHEL Uninstall RPM Package Source: https://docs.rapid7.com/insightvm/collector-troubleshooting Command to install the `redhat-lsb.i686` RPM package to resolve GUI access issues during uninstallation on RHEL Linux. ```Shell sudo rpm -ivh redhat-lsb.i686 ``` -------------------------------- ### Pairing Scan Engines to the Insight Platform Source: https://docs.rapid7.com/insightvm/scan-engine-management-on-the-insight-platform Instructions on how to initiate and complete the pairing process for Scan Engines with the Insight Platform. ```APIDOC ## Pairing Scan Engines to the Insight Platform ### Description This section details the step-by-step process to pair your Scan Engines to the Command Platform (Insight Platform) using the Security Console. ### Steps 1. **Initiate Pairing:** On the **Scan Engines** tab of Data Collection Management, click **Pair**. A panel with activation instructions will appear. 2. **Access Security Console:** Open your Security Console in a separate browser tab and log in. 3. **Navigate to Command Console:** In the Security Console, go to **Administration > Console > Troubleshoot issues > Run commands**. 4. **Retrieve Pairing Command:** Return to the **Scan Engines** tab in Data Collection Management. Copy the complete `pair to platform` command, which includes your activation token. 5. **Execute Pairing Command:** Paste the copied command into the command console interface in your Security Console and click **Execute**. ### Verification After execution, return to the **Scan Engine** tab in **Data Collection Management** to view the status of your paired engines. The tab title will indicate the number of paired engines. ``` -------------------------------- ### Activate Product License Source: https://docs.rapid7.com/insightvm/using-the-command-console Activates the InsightVM license using a provided product key. ```bash activate ``` -------------------------------- ### Create Scan Assistant Private Key (ECDSA) Source: https://docs.rapid7.com/insightvm/scan-assistant-combined Generates a private key for the Scan Assistant using the ECDSA algorithm with the secp384r1 curve. This key is essential for securing communications. ```bash openssl ecparam -out scan-assistant.key -name secp384r1 -genkey ``` -------------------------------- ### Create Users in InsightVM with SAML Authorization Source: https://docs.rapid7.com/insightvm/google-saml-config Instructions for creating new users within the InsightVM Security Console and assigning SAML as the authorization method. ```bash 1. Log in to InsightVM Security Console. 2. Navigate to Administration > User Management > Add User. 3. Fill in user details (email must match IdP). 4. Select SAML from the Authorization Method drop-down. 5. Select User Role, Site, and Asset Group Permissions. 6. Click Add. ``` -------------------------------- ### Site Creation API Source: https://context7.com/context7/rapid7_insightvm/llms.txt This endpoint allows you to create a new site, which is a logical grouping of assets for vulnerability scanning and management. You can define the site's name, description, importance, associated scan engine and template, and target asset scope. ```APIDOC ## POST /api/3/sites ### Description Creates a new site for vulnerability scanning and management. ### Method POST ### Endpoint /api/3/sites ### Parameters #### Query Parameters None #### Request Body - **name** (string) - Required - The name of the site. - **description** (string) - Optional - A description for the site. - **importance** (string) - Optional - The importance level of the site (e.g., "high", "medium", "low"). - **scanEngineId** (integer) - Required - The ID of the scan engine to use. - **scanTemplateId** (string) - Required - The ID of the scan template to use. - **includedTargets** (object) - Required - Defines the assets to include in the site. - **addresses** (array of strings) - Required - List of IP addresses, CIDR ranges, or hostnames. - **excludedTargets** (object) - Optional - Defines the assets to exclude from the site. - **addresses** (array of strings) - Required - List of IP addresses, CIDR ranges, or hostnames. ### Request Example ```json { "name": "Corporate Network - Building A", "description": "Production servers in datacenter", "importance": "high", "scanEngineId": 3, "scanTemplateId": "full-audit-without-web-spider", "includedTargets": { "addresses": [ "10.0.1.0/24", "10.0.2.50-10.0.2.100", "prod-db-01.company.com" ] }, "excludedTargets": { "addresses": ["10.0.1.254"] } } ``` ### Response #### Success Response (201 Created) - **id** (integer) - The unique identifier of the created site. - **links** (array of objects) - Links to related resources. - **href** (string) - The URL of the resource. - **rel** (string) - The relationship of the link (e.g., "self"). #### Response Example ```json { "id": 47, "links": [ { "href": "https://console:3780/api/3/sites/47", "rel": "self" } ] } ``` ``` -------------------------------- ### F5 BIG-IP Version and Configuration Commands Source: https://docs.rapid7.com/insightvm/authentication-on-unix-and-related-targets-best-practices Commands to retrieve version information and system configurations from F5 BIG-IP devices. ```bash version show tmsh show sys version ``` -------------------------------- ### Example of Generating and Listing Vulnerability Check Files Source: https://docs.rapid7.com/insightvm/building-weak-credential-vulnerability-checks Illustrates how to execute the `weak_creds.pl` script for SSH and then lists the generated `.vck` and `.xml` files. These files are essential for deploying the custom vulnerability check. ```bash $ ./weak_creds.pl -s ssh -u usernames.txt -p passwords.txt $ ls ssh/* ssh/ssh-weak-creds-account-foo-password-bar.vck ssh/ssh-weak-creds-account-foo-password-bar.xml ``` -------------------------------- ### Run InsightVM Garbage Collector Source: https://docs.rapid7.com/insightvm/using-the-command-console Starts the Java garbage collector to free up unused drive space occupied by data objects. This command is useful for managing disk space within the InsightVM installation. ```console garbagecollect ``` -------------------------------- ### Create and Scan a Site using InsightVM API Source: https://context7.com/context7/rapid7_insightvm/llms.txt Automates the creation of a vulnerability scanning site, configuration of authenticated scan credentials, and initiation of a manual scan using the InsightVM RESTful API. This process allows for targeted scanning of specified network assets. ```bash # Navigate to Security Console UI: https://:3780 # 1. Create a new site via UI or API curl -X POST https://:3780/api/3/sites \ -H "Content-Type: application/json" \ -u "username:password" \ -d '{ "name": "Corporate Network - Building A", "description": "Production servers in datacenter", "importance": "high", "scanEngineId": 3, "scanTemplateId": "full-audit-without-web-spider", "includedTargets": { "addresses": [ "10.0.1.0/24", "10.0.2.50-10.0.2.100", "prod-db-01.company.com" ] }, "excludedTargets": { "addresses": ["10.0.1.254"] } }' # Response: # { # "id": 47, # "links": [ # { # "href": "https://console:3780/api/3/sites/47", # "rel": "self" # } # ] # } # 2. Add scan credentials for authenticated scanning curl -X POST https://:3780/api/3/sites/47/site_credentials \ -H "Content-Type: application/json" \ -u "username:password" \ -d '{ "name": "Domain Admin Credentials", "account": { "service": "cifs", "username": "DOMAIN\\scanuser", "password": "SecureP@ssw0rd!" }, "hostRestriction": "10.0.1.0/24", "portRestriction": 445 }' # 3. Start a manual scan curl -X POST https://:3780/api/3/sites/47/scans \ -H "Content-Type: application/json" \ -u "username:password" \ -d '{ "name": "Manual Full Scan - 2025-10-07", "engineId": 3, "templateId": "full-audit-without-web-spider" }' # Response includes scan ID: # { # "id": 1234, # "status": "running", # "links": [ # { # "href": "https://console:3780/api/3/scans/1234", # "rel": "self" # } # ] # } # 4. Check scan status curl https://:3780/api/3/scans/1234 \ -u "username:password" # Expected outcome: # - Site created with defined asset scope # - Authenticated scanning configured # - Scan engine discovers services and vulnerabilities # - Results available in console and via API ``` -------------------------------- ### Uninstall Scan Assistant (Linux RPM) Source: https://docs.rapid7.com/insightvm/scan-assistant-combined This command uninstalls the Scan Assistant from a Linux asset using the rpm package manager for .RPM packages. It stops the service, performs the uninstallation, and confirms completion. ```bash rpm -e r7ScanAssistant ``` -------------------------------- ### Connect Scan Engine to Security Console Source: https://docs.rapid7.com/insightvm/post-installation-engine-to-console-pairing Command to establish a connection between the Scan Engine and the Security Console using the console ID. Replace `` with the console ID. ```bash connect to console ``` -------------------------------- ### Uninstall Scan Assistant (Linux DEB) Source: https://docs.rapid7.com/insightvm/scan-assistant-combined This command uninstalls the Scan Assistant from a Linux asset using the dpkg package manager for .DEB packages. It stops the service, performs the uninstallation, and confirms completion. ```bash sudo dpkg -r r7ScanAssistant ``` -------------------------------- ### Deploying Custom Vulnerability Checks Source: https://docs.rapid7.com/insightvm/building-weak-credential-vulnerability-checks Provides instructions on how to deploy custom vulnerability check files (`.xml` and `.vck`) to the Security Console and Scan Engines. It involves copying the files to a specific directory and restarting the Security Console. ```bash cp -vf ssh/* /opt/rapid7/nexpose/plugins/java/1/CustomScanner/1/ NSC 3/13/10 11:10 AM: Imported 1 new and 0 modified vulnerabilities in 22 seconds ``` -------------------------------- ### Run Tune Assistant Commands for PostgreSQL Source: https://docs.rapid7.com/insightvm/security-console-best-practices Commands to execute the Tune Assistant for PostgreSQL database auto-tuning in Rapid7 InsightVM. These commands are used to view tuning recommendations and apply them. The tuning takes effect on the next system reboot. ```bash tune assistant tune assistant apply ``` -------------------------------- ### Download Offline Update Bundle using cURL Source: https://docs.rapid7.com/insightvm/managing-versions-updates-and-licenses/managing-versions-updates-and-licenses This command downloads the update bundle for offline installation. It requires specifying a start date and the license file path. The output is saved to a zip file. ```shell curl 'https://updates.rapid7.com/updates/update/bundle/fetch' -F 'fromDate=2025-01-01' -F `licenseFile=@` > updateBundle1.zip ``` -------------------------------- ### Activate InsightVM Console with License Key Source: https://docs.rapid7.com/insightvm/deploy-additional-consoles This snippet shows how to access the InsightVM console login page via a web browser. It includes a placeholder for the new console's IP address and the expected format for the license key activation. ```bash https://:3780 ``` ```text XXXX-XXXX-XXXX-XXXX ``` -------------------------------- ### Display Help Information Source: https://docs.rapid7.com/insightvm/using-the-command-console Displays all available commands or specific help information. ```bash [all] ``` -------------------------------- ### Verify Scan Assistant Network Listening (Command Prompt) Source: https://docs.rapid7.com/insightvm/scan-assistant-combined This command, executed in the Windows Command Prompt, verifies if the Scan Assistant is listening on its default TCP port (21047). The 'netstat -a' command displays all active TCP connections and listening ports on the system. ```batch >netstat -a ``` -------------------------------- ### Create User in InsightVM Console Source: https://docs.rapid7.com/insightvm/okta-saml-20-configuration-guide Guide for adding a new user to the InsightVM Console, ensuring the email address matches the IdP user account, and assigning appropriate roles and permissions. ```plaintext On the Administration page, under User Management, click Add User. Complete the required User Information fields. The E-mail address field is case sensitive, and must exactly match the existing IdP user account email value. Select SAML Authorization Method > SAML. Select the User Role. Assign Site and Asset Group Permissions. Click Save. ``` -------------------------------- ### RESTful API Authentication and Usage Source: https://context7.com/context7/rapid7_insightvm/llms.txt This section covers authentication methods (basic and API key) and provides examples for common API operations like retrieving sites, creating API keys, fetching assets, paginating results, filtering data, performing bulk operations, and accessing API metadata. ```APIDOC ## Basic Authentication ### Description Authenticates using username and password for API requests. ### Method GET ### Endpoint `https://:3780/api/3/sites` ### Parameters #### Query Parameters - **-u** (string) - Required - Username and password in the format "username:password" ### Request Example ```bash curl https://:3780/api/3/sites \ -u "username:password" ``` ``` ```APIDOC ## Create API Key ### Description Generates an API key for a service account to use for authentication. ### Method POST ### Endpoint `https://:3780/api/3/users/api_keys` ### Parameters #### Request Body - **name** (string) - Required - A descriptive name for the API key. - **userId** (integer) - Required - The ID of the user for whom the API key is being created. - **expiresAt** (string) - Required - The expiration date and time for the API key in ISO 8601 format (YYYY-MM-DDTHH:MM:SSZ). ### Request Example ```json { "name": "Automation Service Key", "userId": 15, "expiresAt": "2026-12-31T23:59:59Z" } ``` ### Response #### Success Response (200) - **apiKey** (string) - The generated API key. - **userId** (integer) - The ID of the user associated with the API key. - **expiresAt** (string) - The expiration date and time of the API key. #### Response Example ```json { "apiKey": "1a2b3c4d-5e6f-7g8h-9i0j-k1l2m3n4o5p6", "userId": 15, "expiresAt": "2026-12-31T23:59:59Z" } ``` ``` ```APIDOC ## Authenticate with API Key ### Description Uses a generated API key for authentication via the Authorization header. ### Method GET ### Endpoint `https://:3780/api/3/assets` ### Parameters #### Headers - **Authorization** (string) - Required - The API key prefixed with "Bearer " (e.g., "Bearer YOUR_API_KEY") ### Request Example ```bash curl https://:3780/api/3/assets \ -H "Authorization: Bearer 1a2b3c4d-5e6f-7g8h-9i0j-k1l2m3n4o5p6" ``` ``` ```APIDOC ## Paginated Results ### Description Retrieves paginated lists of resources, allowing control over the page number and size of results. ### Method GET ### Endpoint `https://:3780/api/3/vulnerabilities` ### Parameters #### Query Parameters - **page** (integer) - Required - The page number to retrieve (0-indexed). - **size** (integer) - Required - The number of items to return per page. - **sort** (string) - Optional - The field and direction to sort the results by (e.g., "riskScore,DESC"). ### Request Example ```bash curl "https://:3780/api/3/vulnerabilities?page=0&size=100&sort=riskScore,DESC" \ -u "username:password" ``` ``` ```APIDOC ## Filter and Search Assets ### Description Retrieves assets based on specified filter criteria, such as hostname patterns or operating system fingerprints. ### Method GET ### Endpoint `https://:3780/api/3/assets` ### Parameters #### Query Parameters - **hostname** (string) - Optional - A pattern to filter assets by hostname (e.g., "prod-*"). - **osFingerprint** (string) - Optional - A filter for the operating system fingerprint (e.g., "Linux"). ### Request Example ```bash curl "https://:3780/api/3/assets?hostname=prod-*&osFingerprint=Linux" \ -u "username:password" ``` ``` ```APIDOC ## Bulk Delete Assets ### Description Deletes multiple assets from the console based on a list of asset IDs. ### Method DELETE ### Endpoint `https://:3780/api/3/assets` ### Parameters #### Request Body - **assets** (array of integers) - Required - A list of asset IDs to delete. ### Request Example ```json { "assets": [201, 202, 203, 204] } ``` ``` ```APIDOC ## Get API Metadata ### Description Retrieves metadata about the API, including available endpoints and their capabilities. ### Method GET ### Endpoint `https://:3780/api/3` ### Request Example ```bash curl https://:3780/api/3 \ -u "username:password" ``` ``` ```APIDOC ## Error Handling Example ### Description Demonstrates how the API responds to requests for non-existent resources. ### Method GET ### Endpoint `https://:3780/api/3/sites/999` ### Response #### Error Response (404) - **status** (integer) - The HTTP status code indicating the error. - **message** (string) - A description of the error. - **links** (array) - Links to relevant documentation or resources. - **rel** (string) - The relationship type of the link. - **href** (string) - The URL of the linked resource. #### Response Example ```json { "status": 404, "message": "Site not found", "links": [ { "rel": "documentation", "href": "https://help.rapid7.com/insightvm/en-us/api/index.html" } ] } ``` ``` -------------------------------- ### Make Linux Installer Executable Source: https://docs.rapid7.com/insightvm/collector-installation-and-deployment This command changes the permissions of the Linux installer script to allow execution. It is a prerequisite before running the installer. ```shell chmod +x InsightSetup-Linux64.sh ``` -------------------------------- ### Verify Windows Installer Integrity with certutil Source: https://docs.rapid7.com/insightvm/install This command verifies the integrity of the downloaded Windows installer file using its SHA512 hash. It ensures the installer was not corrupted during download. ```powershell certutil -hashfile sha512 ``` -------------------------------- ### Verify Linux Installer Integrity with sha512sum Source: https://docs.rapid7.com/insightvm/install This command verifies the integrity of the downloaded Linux installer file using its corresponding sha512sum checksum file. It ensures the installer was not corrupted during download. ```shell sha512sum -c .sha512sum ``` -------------------------------- ### RPM-based Distributions Commands Source: https://docs.rapid7.com/insightvm/authentication-on-unix-and-related-targets-best-practices Essential commands for fingerprinting and gathering information on RPM-based Linux distributions like Red Hat, SUSE, and Oracle. ```bash uname rpm chkconfig ``` -------------------------------- ### List Installed Packages in Docker Container Source: https://docs.rapid7.com/insightvm/containerized-scan-engine Lists all installed packages within a Docker container and filters for 'vim' to confirm its installation. This helps verify that the vim editor was successfully installed. ```docker docker exec -it sh -c "apt list --installed | grep vim" ``` -------------------------------- ### Start InsightVM Scan Engine Container with External Mounts Source: https://docs.rapid7.com/insightvm/containerized-scan-engine This command launches the scan engine container and mounts local directories for configuration, keystores, logs, and scans. This allows for persistent storage and easier management of scan engine data outside the container. ```bash docker run --env CONNECT_TO_SHARED_SECRET= --env CONNECT_TO_ADDRESS= -v /var/docker/nse-container/data/rapid7/nexpose/nse/conf:/opt/rapid7/nexpose/nse/conf -v /var/docker/nse-container/data/rapid7/nexpose/nse/keystores:/opt/rapid7/nexpose/nse/keystores -v /var/docker/nse-container/data/rapid7/nexpose/nse/logs:/opt/rapid7/nexpose/nse/logs -v /var/docker/nse-container/data/rapid7/nexpose/nse/scans:/opt/rapid7/nexpose/nse/scans rapid7/insightvm_scan_engine:latest ```