Rapid7 InsightVM

  • Published on Nov 12, 2025
  • 3 minute(s) read
Prev Next

InsightVM brings together Rapid7’s library of vulnerability research knowledge, exploit knowledge from Metasploit, global attacker behaviour, internet-wide scanning data, exposure analytics, and real-time reporting.  For detailed information, please refer to the InsightVM’s official documentation.

Integration Method: API

Tables: Account Change (3001), API Activity (6003), Authentication (3002), User Access Management (3005), Device Inventory Info (5001), Detection Findings (2004)

This integration supports the following events.

Event

Description

Assets Events

Returns the inventory, assessment, and summary details for a page of assets. Only assets which the caller has access to are returned.

Vulnerabilities Events

Returns all vulnerabilities that can be assessed.

Audit Events

User created, activated, updated, successful login/logout, role assigned/removed.

This integration supports the following versions.

InsightVM Version Tested

7.7.0

InsightVM API version

V3

Prerequisites

  • The User should have Administrator privileges to the InsightVM Platform for creating API tokens

  • The User should have access to the DataBee console

Configuration Overview

  1. Generate an API token on the InsightVM console with the required scopes.

  2. Add the Rapid7 InsightVM data feed integration in the DataBee console with the required API token.

    DataBee Parameter

    InsightVM Parameter

    Token

    Organization Key

InsightVM Configuration

Start by creating an API Token for the integration.

  1. Login to your Insight Platform account which has admin privileges.
     A screenshot of a computer AI-generated content may be incorrect.

  2. In the left side bar, click ADMINISTRATION.
     

  3. Under SETTINGS, navigate to Company Settings page, select Audit Log and enable the toggle button and note down the <data-storage-region> and refer for region placeholder choices.
     

    Note:

    Enabling this toggle button is necessary to pull audit events logs through API.

  4. On the left side bar, expand API KEY MANAGEMENT drop down and choose Organization Keys. On the “Organization Keys” page select Generate New Organization Key.
     A screenshot of a computer AI-generated content may be incorrect.

  5. On the Generate New Organization Key prompt, choose your organization from the drop down and enter a name for the key and hit Submit button at the bottom.

    A screenshot of a computer AI-generated content may be incorrect.

  6. On the Copy Your API Key Now prompt, make sure to copy the key by hitting the Copy button. It will be required when configuring the data feed. Once it’s been copied, click Done.
     A screenshot of a computer AI-generated content may be incorrect.     A screenshot of a computer AI-generated content may be incorrect.

    Note:

    API Key will not be available later to be copied.

  7. Verify the key created is visible on the console.
     A screenshot of a computer AI-generated content may be incorrect.

  8. On the left side bar, expand USER MANAGEMENT section and choose Users and click Create New User button.
     A screenshot of a computer AI-generated content may be incorrect.

  9. On the Create User prompt, fill in the user details below and click the Create User button.

    • Email Address - This address must be a valid email format, such as example@domain.com

    • First Name

    • Last Name

    • Timezone - By default UTC is selected. Please change, if required

    • Platform Administrator Privileges - If user is wanted to be a platform administrator, please enable the check box

    A screenshot of a computer AI-generated content may be incorrect.

  10. Created user information will be displayed on the page.

    A screenshot of a computer AI-generated content may be incorrect.

  11. On the left side bar, under User Management click Users and confirm the created user is listed.
     A screenshot of a computer AI-generated content may be incorrect.

    Note:

    Steps 8, 9, 10 and 11 enable audit logs to be pulled through API calls.

    “Asset Events” & “Vulnerability Events” logs will be available only, if you have “RAPID7 INSIGHTVM” agents installed on any.

    This is a Rapid7 Command platform where we can generate keys and pull subscribed event logs.

DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
     

  2. Search for the Rapia7 InsightVm and click it as shown below.
     

  3. Click on the API Ingest option for collection method.
     

  4. Enter feed contact information and click Next.
     

  5. In the configuration page, confirm the following:

    • API Base URL: (Make sure to replace <data-storage-region>, with actual value. This is the base URL that DataBee will interact with)

    • Authorization Method: Bearer Token

    • Token: Paste the Organization Key generated earlier in the InsightVM console.

    • Event types: Preselected for all the event types that integration pulls.
       

  6. Click Submit.

Troubleshooting Tips

  • Ensure the Organization Key is pasted correctly. Since you cannot view the Organization Key after the 1st time, re-create the Key, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

  • Ensure the <data-storage-region> is entered correctly.