Hello,
Infoblox and Rapid7 Nexpose/InsightVM integration enables security operations teams to automate site management and perform scans as a response to DNS security events (such as malicious DNS requests and/or DNS Exfiltration detection) and/or when new devices connect to a network.
The updated templates use Rapid 7 Nexpose/InsightVM REST API v3 which eliminate some issues found in the previous API. Due to limitations on the API the templates no longer have support for Deleting assets on Rapid7 Nexpose/InsightVM.
Be sure to check out the video on how the integration works:
In the attached documents you will find txt format templates for the Rapid7 Nexpose/InsightVM integration. The templates are provided as-is and with no actual or implied warranties. The templates should be tested in your lab environment and modified as needed before implementing them into production.
The templates require extensible attributes described in the table below. It is recommended to inherit attributes with the default values from the network view level.
|
Extensible Attribute
|
Description
|
|
R7_Sync
|
Defines if an object should be synced with Rapid7 Nexpose/InsightVM. Possible values: true, false
|
|
R7_SyncedAt
|
Contains date/time when the object was synchronized, updated by the assets management template
|
|
R7_NetToSite
|
Defines if a network should be added to a site (as shown on the video). Possible values: true, false. If R7_NetToSite is false but R7_Sync is true, R7_SiteID will be updated.
|
|
R7_RangeToSite
|
Defines if a range should be added to a site. Possible values: true, false. If R7_NetToSite is false but R7_Sync is true, R7_SiteID will be updated.
|
|
R7_ScanOnEvent
|
Defines if an asset should be scanned if RPZ or DNS Tunneling events were triggered
|
|
R7_ScanOnAdd
|
Defines if an asset should be scanned immediately after creation
|
|
R7_ScanTemplate
|
Defines a Rapid7 Nexpose/InsightVM template which should be used for scans initiated by an Infoblox appliance. Possible values: default, full-audit, full-audit-without-web-spider etc (internal templates IDs). If set to “default” then a template configured for a site will be used.
|
|
R7_Site
|
Defines a Site name
|
|
R7_SiteID
|
Contains an internal site ID. Updated automatically. If the value was inherited from a top level, templates will bypass a few steps retrieving this ID. It should not be manually updated.
|
|
R7_LastScan
|
Contains a date when an asset was scanned last time by a request from Infoblox
|
|
R7_AddByHostname
|
Defines if a host should be synced with Rapid7 Nexpose/InsightVM using a hostname. The hostname should be resolvable by Nexpose. Possible values: true, false
|
Any feedback or questions are welcome.
Thank you,
Kevin Zettel
