Rapid7 Actions

Actions for Rapid7 #

  • Create a New List of IPs/Hosts for Scanning. Send a list of IPs/host names to Rapid7 for scanning.

Use Cases #

Below are the possible use cases for the Rapid7 action:

  • Add previously unknown assets to your Rapid7 system.

  • Scan for a specific vulnerability.

  • Ensure you comply with regulations.

Prerequisites #

To execute Rapid7 actions, you must configure a Rapid7 API connection. The required parameters are described in the instructions for creating a Rapid7 connector in Lucidum https://lucidum.io/docs/rapid7-insightvm-cloud.

NOTE. The specified account should have read and write permissions.

Workflows #

Rapid7 Configuration #

rapid7_config.png
  • Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.

  • Host. The hostname or IP address of the Rapid7 server.

  • Port. TCP/UDP port 389 or TCP port 636 if using an SSL connection.

  • User Name. User name or email with read and write permission. .

  • Password. The password associated with User Name.

Create or Edit an Action #

To create an action for Rapid7:

  1. In the Create a New Action page, in the General step, enter:

    rapid7_new_action1.png
    • Action Type. Select an action from the pulldown options.

    • Configuration Name. Select an action configuration from the pulldown options.

    • Action Name. Identifier for the action. This name will appear in the Lucidum Action Center.

    • Description. Description of the action.

  2. Click the Next (>) icon.

  3. In the Filters page, click Configure Filters.

    filters_page.png
  4. The Build a Query page appears.

    build_query1_updated.png
  5. In the Build a Query page, you define the query for the assets or users that the action will act upon.

  6. Click Next.

  7. In the Build a Current Query page, enter the fields, operators, and values for the query. For existing actions, the query is already loaded in this page.

    build_query2_updated.png
  8. For details on creating and editing queries in Lucidum, see the section on Building Queries.

    NOTE: To optimize performance, the default time range is Current. If you need to access historical data, contact Lucidum Custom Success for help on using historical data without affecting performance.

  9. Click the Apply (page and pencil) icon.

  10. Click the Next (>) icon.

  11. In the Schedule step, enter:

    rapid7_new_action3.png
    • Schedule Type. Define the schedule for the action. Choices are:

      • Recurrence. Specify a frequency for the recurring schedule.

      • After Data Ingestion. The action is executed after data ingestion, which happens at least once every 24 hours and can also be triggered manually.

    • Do not trigger the action unless. Specify the number of results from Filters as a prerequisite for executing the action.

  12. Click the Next (>) icon.

  13. In the Details step, enter the following:

    rapid7_new_action4.png
    • Output Fields. For the records selected with the Filters field, specify the columns to display. When creating or editing the query, you can select these fields in the Query Results page > Edit Column button.

    • site id. A site is a collection of assets that are targeted for a scan. You must provide a site ID an existing site. Lucidum will add the list of IPs/hosts that you want to scan with this action to that site.