Rapid7 InsightAppSec
Rapid7 InsightAppSec is a dynamic application security testing tool (DAST) that provides visibility into potential vulnerabilities found within your web applications. You can bring application, site, and dynamic code data from Rapid7 InsightAppSec into Brinqa. By combining InsightAppSec's application security capabilities with Brinqa's risk management and prioritization, you can achieve a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Rapid7 InsightAppSec and how to obtain that information from Rapid7. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Rapid7 InsightAppSec from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Rapid7 InsightAppSec with Brinqa:
-
Server URL: The Rapid7 InsightAppSec server URL. The default format is
https://<region>.api.insight.rapid7.com.infoReplace
<region>with the specific region your Rapid7 InsightAppSec server is located in. For example, if your server is in the United States, the API URL might behttps://us.api.insight.rapid7.com/.You can find your region by checking the Insight platform Home page as described in Rapid7's documentation. For a list of supported regions and corresponding URLs, please refer to the Rapid7 Insight API documentation.
-
API key: The access key associated with the Rapid7 InsightAppSec account, which must have permissions to log in to the API server and return data.
Generate a Rapid7 InsightAppSec API key
For the Rapid7 InsightAppSec connector to access the InsightAppSec API, you must provide an API key. To do so, follow these steps:
-
Log in to your organization's Rapid7 InsightAppSec server as an administrator.
-
Click Settings > API Keys. You have two options:
-
Organization Key: The organization key is tied to an organization as a whole. An organization key can be used to authenticate API requests and also provides access to all data within the organization. Only administrators can create organization API keys.
-
User Key: The user key is tied to a specific user account and can be used to authenticate API requests made by that user. The user key inherits the permissions of the user who creates the API key.
While both keys can be used to authenticate API requests, Brinqa recommends that you generate a User Key. This is because User Keys can provide more controlled access.
-
-
Click New User Key.
-
Select an organization and provide a name for the key.
-
Click Generate.
Your new API key displays. You cannot view the key after this, so copy the key and save it to a secure location.
-
Click Done.
If you do not have the permissions to create an API key, contact your Rapid7 administrator. For additional information, see Rapid7 InsightAppSec documentation.
Additional settings
The Rapid7 InsightAppSec connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 500. It is not recommended to go over 500.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 8.
-
Maximum retries: The maximum number of times that the integration attempts to connect to the Rapid7 InsightAppSec API before giving up and reporting a failure. The default setting is 5.
Types of data to retrieve
The Rapid7 InsightAppSec connector can retrieve the following types of data from the InsightAppSec API:
Table 1: Data retrieved from Rapid7 InsightAppSec
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Application | Yes | Application |
| Dynamic Code Finding | Yes | Dynamic Code Finding |
| Dynamic Code Finding Definition | Yes | Dynamic Code Finding Definition |
| Site | Yes | Site |
For detailed steps on how to view the data retrieved from Rapid7 InsightAppSec in the Brinqa Platform, see How to view your data.
Attribute mappings
Click the tabs below to view the mappings between the source and the Brinqa data model attributes.
- Application
- Dynamic Code Finding
- Dynamic Code Finding Definition
- Site
Table 2: Application attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| app.description | description |
| app.id | uid |
| app.name | name |
| asset.category_application | categories |
Table 3: Dynamic Code Finding attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| uid | uid |
| vulnerability.app.id ,vulnerability.rootcause.url.host | targets |
| vulnerability.first_discovered | firstFound |
| vulnerability.id | type |
| vulnerability.last_discovered | lastFound |
| vulnerability.newly_discovered | Local variable |
| vulnerability.root_cause.method | Local variable |
| vulnerability.root_cause.parameter | Local variable |
| vulnerability.status | status, statusCategory |
| vulnerability.variance.attack.classification | Local variable |
| vulnerability.variance.attack_value | Local variable |
| vulnerability.variance.exchange.request | Local variable |
| vulnerability.variance.exchange.response | Local variable |
| vulnerability.variance.message | Local variable |
| vulnerability.variance.original_exchange.request | request |
| vulnerability.variance.original_exchange.response | Local variable |
| vulnerability.variance.original_value | Local variable |
| vulnerability.attack.id | Local variable |
| vulnerability.module.id | Local variable |
Table 4: Dynamic Code Finding Definition attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| vulnerability.severity | severity, sourceSeverity, severityScore |
| vulnerability.variance.attack.type | categories |
| vulnerability.variance.doc.references | cweIds, weaknesses references |
| vulnerability.variance.doc.recommendation | recommendation |
| vulnerability.variance.module.description | description |
| vulnerability.variance.module.name | name |
| vulnerability.vuln.id | uid |
Table 5: Site attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| asset category web application | categories |
| vulnerability.root_cause.url.getHost | uid |
| vulnerability.root_cause.url.getHost | url, name |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Operation options
The Rapid7 InsightAppSec connector supports the following operation options. See connector operation options for information about how to apply them.
Table 6: Rapid7 InsightAppSec connector operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| Dynamic Code Finding | vulnerability.severity | SAFE, INFORMATIONAL, LOW, MEDIUM, HIGH | Retrieve vulnerabilities from dynamic code findings with the specified severity level. | Key: vulnerability.severity Value: HIGH. This key and value combination only retrieves vulnerabilities from dynamic code findings with a severity of HIGH. |
| vulnerability.status | UNREVIEWED, FALSE_POSITIVE, VERIFIED, IGNORED, REMEDIATED, DUPLICATE | Retrieves vulnerabilities from dynamic code findings with the specified status category as determined by Rapid7 InsightAppSec. | Key: vulnerability.status Value: VERIFIED. This key and value combination only retrieves vulnerabilities from dynamic code findings with a VERIFIED status. | |
| Dynamic Code Finding Definition | vulnerability.severity | SAFE, INFORMATIONAL, LOW, MEDIUM, HIGH | Retrieve vulnerabilities from dynamic code finding definitions with the specified severity level. | Key: vulnerability.severity Value: LOW. This key and value combination only retrieves vulnerabilities from dynamic code finding definition with a severity of LOW. |
| vulnerability.status | UNREVIEWED, FALSE_POSITIVE, VERIFIED, IGNORED, REMEDIATED, DUPLICATE | Retrieves vulnerabilities from dynamic code finding definitions with the specified status category as determined by Rapid7 InsightAppSec. | Key: vulnerability.status Value: UNREVIEWED. This key and value combination only retrieves vulnerabilities from dynamic code finding definitions with a UNREVIEWED status. | |
| Site | vulnerability.severity | SAFE, INFORMATIONAL, LOW, MEDIUM, HIGH | Retrieve vulnerabilities from sites with the specified severity level. | Key: vulnerability.severity Value: MEDIUM. This key and value combination only retrieves vulnerabilities from sites with a severity of MEDIUM. |
| vulnerability.status | UNREVIEWED, FALSE_POSITIVE, VERIFIED, IGNORED, REMEDIATED, DUPLICATE | Retrieve vulnerabilities from sites with the specified status category as determined by Rapid7 InsightAppSec. | Key: vulnerability.status Value: DUPLICATE. This key and value combination only retrieves vulnerabilities from sites with a DUPLICATE status. |
The option keys and values are case-sensitive as they are shown in this documentation.
APIs
The Rapid7 InsightAppSec connector uses the InsightAppSec API v1. Specifically, it uses the following endpoints:
Table 7: Rapid7 InsightAppSec API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Application | GET https://[region].api.insight.rapid7.com/ias/v1/apps |
| Dynamic Code Finding | GET https://[region].api.insight.rapid7.com/ias/v1/modules/{module-id} |
GET https://[region].api.insight.rapid7.com/ias/v1/modules/{module-id}/attacks/{attack-id} | |
GET https://[region].api.insight.rapid7.com/ias/v1/modules/{module-id}/attacks/{attack-id}/documentation | |
POST https://[region].api.insight.rapid7.com/ias/v1/search | |
| Dynamic Code Finding Definition | GET https://[region].api.insight.rapid7.com/ias/v1/modules/{module-id} |
GET https://[region].api.insight.rapid7.com/ias/v1/modules/{module-id}/attacks/{attack-id} | |
GET https://[region].api.insight.rapid7.com/ias/v1/modules/{module-id}/attacks/{attack-id}/documentation | |
POST https://[region].api.insight.rapid7.com/ias/v1/search | |
| Site | GET https://[region].api.insight.rapid7.com/ias/v1/modules/{module-id} |
GET https://[region].api.insight.rapid7.com/ias/v1/modules/{module-id}/attacks/{attack-id} | |
GET https://[region].api.insight.rapid7.com/ias/v1/modules/{module-id}/attacks/{attack-id}/documentation | |
POST https://[region].api.insight.rapid7.com/ias/v1/search |
Changelog
The Rapid7 InsightAppSec connector has undergone the following changes:
3.2.5
- Updated the paging logic.
3.1.1
- Normalized the values for status.
3.1.0
- Initial Integration+ release.