What is Rapid7 InsightAppSec? #
Rapid7 InsightAppSec provides Dynamic Application Security Testing (DAST) solution for applications. InsightAppSec “attacks” different aspects of your applications to identify response behaviors that make your applications vulnerable to attackers. The attacks are run during scans, which you can customize and schedule based on your needs.
Why Should You Use the Rapid7 InsightAppSec Connector? #
The Rapid7 InsightAppSec connector provides visibility into devices and applications in your environment. You can use this visibility to:
-
ensure devices and applications are managed per your security policies
-
derive relationships between assets, applications, and data
How Does This Connector Work? #
Lucidum executes read-only requests to the Rapid7 InsightAppSec REST API and ingests only meta-data about Rapid7 InsightAppSec applications and devices. Lucidum does not retrieve any data stored on InsightAppSec.
Configuring the Connector in Lucidum #
|
Field |
Description |
Example |
|---|---|---|
|
Profile Name |
Name for this configuration |
lucidum_connector |
|
URL |
The URL for the Rapid7 InsightAppSec API. |
https://us.api.insight.rapid7.com |
|
API Key |
API Key for use with the Rapid7 InsightAppSec API. The role associated with the API Key must be InsightAppSec ReadOnly . For details on generating an API Key, see: https://docs.rapid7.com/insight/managing-platform-api-keys/#generating-a-user-key |
Vp7N7TwDsdfdsFbIuTaSINT84wNCWbODRQ |
Source Documentation #
Creating Credentials #
-
Create a user account. For details, see: https://docs.rapid7.com/insight/rbac/#add-users
-
Assign the user account the role InsightAppSec ReadOnly. For details, see: https://docs.rapid7.com/insight/rbac#insightappsec-managed-roles
-
Login as that user and generate an API Key. For details, see https://docs.rapid7.com/insight/managing-platform-api-keys/#generating-a-user-key
Required Permissions #
Assign the user associated with the API key the following role:
-
InsightAppSec ReadOnly
