Rapid7 InsightCloudSec
Rapid7 InsightCloudSec is a cloud security tool that provides visibility into your cloud environments. You can bring access key, bucket, cloud, user account, virtual machine, and security data from Rapid7 InsightCloudSec into Brinqa to gain a more comprehensive view of your attack surface and strengthen your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Rapid7 InsightCloudSec, and how to obtain that information from Rapid7. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Rapid7 InsightCloudSec from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Rapid7 InsightCloudSec with Brinqa:
-
Base URL: Your organization's Rapid7 InsightCloud server URL. The default format is
https://insightcloudsec.<mycompany>.com.- Replace
<mycompany>with the hostname of your Rapid7 InsightCloudSec server, e.g.,https://insightcloudsec.brinqa.com.
- Replace
-
API key: The access key associated with the Rapid7 InsightCloudSec account, which must have permissions to log in to the API server and return data.
Generate a Rapid7 InsightCloudSec API key
For the Rapid7 InsightCloudSec connector to access the InsightCloudSec API, you must provide an API key. To do so, follow these steps:
-
Log in to your organization's Rapid7 InsightCloudSec server as an administrator.
-
Click Settings > API Keys. You have two options:
-
Organization Key: The organization key is tied to an organization as a whole. An organization key can be used to authenticate API requests and also provides access to all data within the organization. Only administrators can create organization API keys.
-
User Key: The user key is tied to a specific user account and can be used to authenticate API requests made by that user. The user key inherits the permissions of the user who creates the API key.
While both keys can be used to authenticate API requests, Brinqa recommends that you generate a User Key. This is because User Keys can provide more controlled access.
-
-
Click New User Key.
-
Select an organization and provide a name for the key.
-
Click Generate.
Your new API key displays. You cannot view the key after this, so copy the key and save it to a secure location.
-
Click Done.
If you do not have the permissions to create an API key, contact your Rapid7 administrator. For additional information, see Rapid7 documentation.
Additional settings
The Rapid7 InsightCloudSec connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 1000. It is not recommended to go over 1000.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 8.
-
Request timeout (secs): The maximum time allotted, in seconds, before a request times out. The default setting is 120 seconds. Although it is not recommended, you can also enter zero (0) to disable timeouts.
-
Maximum retries: The maximum number of times that the integration attempts to connect to the Rapid7 InsightCloudSec API before giving up and reporting a failure. The default setting is 5.
-
Skip certificate verification: Select this option to allow for untrusted certificates.
Types of data to retrieve
The Rapid7 InsightCloudSec connector can retrieve the following types of data from the InsightCloudSec API:
Table 1: Data retrieved from Rapid7 InsightCloudSec
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Access Key | No | Cloud Resource |
| Bucket | No | Cloud Resource |
| Cloud Account | Yes | Cloud Resource |
| Cloud Log Configuration | No | Cloud Resource |
| Encryption Key | No | Cloud Resource |
| User Account | No | Cloud Resource |
| Violation | No | Violation |
| Violation Definition | No | Violation Definition |
| Virtual Machine | Yes | Host |
The Rapid7 InsightCloudSec connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Rapid7 InsightCloudSec in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Access Key
Table 2: Access Key attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| categories | categories |
| common.account | Local variable(CLOUD_ACCOUNT_NAME) |
| common.accountId | Local variable(CLOUD_ACCOUNT_ID) |
| common.availabilityZone | Local variable(AVAILABILITY_ZONE) |
| common.cloud | Local variable(CLOUD_PLATFORM) |
| common.creationTimestamp | sourceCreatedDate |
| common.discoveredTimestamp | firstSeen, Local variable(DISCOVERED_DATE) |
| common.modifiedTimestamp | sourceLastModified |
| common.namespaceId | Local variable(NAMESPACE_ID) |
| common.organizationServiceId | Local variable(CLOUD_ORGANIZATION_ID) |
| common.providerId | Local variable(PROVIDER_ID) |
| common.region | region |
| common.resourceId | Local variable(RESOURCE_ID) |
| common.resourceName | name, Local variable(RESOURCE_NAME) |
| common.resourceType | Local variable(RESOURCE_TYPE) |
| common.tags | tags |
| description | description |
| resource.accessKeyId | Local variable(KEY_ID) |
| resource.ageInDays | Local variable(AGE_IN_DAYS) |
| resource.createdDate | sourceCreatedDate |
| resource.expirationDate | Local variable(EXPIRATION_DATE) |
| resource.lastUsedDate | Local variable(LAST_USED_DATE) |
| resource.namespaceId | Local variable(NAMESPACE_ID) |
| resource.roleName | Local variable(PRINCIPAL_NAME) |
| resource.roleResourceId | Local variable(PRINCIPAL_RESOURCE_ID) |
| resource.status | status |
| resource.uid | uid |
| resource.userManaged | Local variable(USER_MANAGED) |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Bucket
Table 3: Bucket attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| categories | categories |
| common.account | Local variable(CLOUD_ACCOUNT_NAME) |
| common.accountId | Local variable(CLOUD_ACCOUNT_ID) |
| common.availabilityZone | Local variable(AVAILABILITY_ZONE) |
| common.cloud | Local variable(CLOUD_PLATFORM) |
| common.creationTimestamp | sourceCreatedDate |
| common.discoveredTimestamp | firstSeen, Local variable(DISCOVERED_DATE) |
| common.modifiedTimestamp | sourceLastModified |
| common.namespaceId | Local variable(NAMESPACE_ID) |
| common.organizationServiceId | Local variable(CLOUD_ORGANIZATION_ID) |
| common.providerId | Local variable(PROVIDER_ID) |
| common.region | region |
| common.resourceId | Local variable(RESOURCE_ID) |
| common.resourceName | Local variable(RESOURCE_NAME) |
| common.resourceType | Local variable(RESOURCE_TYPE) |
| common.tags | tags |
| description | description |
| name | name |
| resource.globalEncryption | Local variable(GLOBAL_ENCRYPTION) |
| resource.uid | uid |
| status | status |
Cloud Account
Table 4: Cloud Account attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| cloud.accountId | uid |
| cloud.creationTime | sourceCreatedDate |
| cloud.edhRole | Local variable(EDH_ROLE) |
| cloud.groupResourceId | Local variable(RESOURCE_ID) |
| cloud.lastRefreshed | Local variable(LAST_REFRESHED) |
| cloud.name | name |
| cloud.resourceCount | Local variable(RESOURCE_COUNT) |
| cloud.resourceId | Local variable(GROUP_RESOURCE_ARN) |
| cloud.roleArn | Local variable(ROLE_ARN) |
| cloud.status | status |
| cloud.tenantId | Local variable(TENANT_ID) |
| cloud.typeId | Local variable(CLOUD_PLATFORM) |
Cloud Log Configuration
Table 5: Cloud Log Configuration attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| categories | categories |
| common.account | Local variable(CLOUD_ACCOUNT_NAME) |
| common.accountId | Local variable(CLOUD_ACCOUNT_ID) |
| common.availabilityZone | Local variable(AVAILABILITY_ZONE) |
| common.cloud | Local variable(CLOUD_PLATFORM) |
| common.creationTimestamp | sourceCreatedDate |
| common.discoveredTimestamp | firstSeen, Local variable(DISCOVERED_DATE) |
| common.modifiedTimestamp | sourceLastModified |
| common.namespaceId | Local variable(NAMESPACE_ID) |
| common.organizationServiceId | Local variable(CLOUD_ORGANIZATION_ID) |
| common.providerId | Local variable(PROVIDER_ID) |
| common.region | region |
| common.resourceId() | Local variable(RESOURCE_ID) |
| common.resourceName | Local variable(RESOURCE_NAME) |
| common.resourceType | Local variable(RESOURCE_TYPE) |
| common.tags | tags |
| description | description |
| name, resource.name | name |
| resource.isLogging | isLogging |
| resource.locked | locked |
| resource.multiRegion | multiRegion |
| resource.retentionDays | retentionDays |
| resource.storageContainerName | bucketName |
| resource.uid | uid |
| status | status |
Encryption Key
Table 6: Encryption Key attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| categories | categories |
| common.account | Local variable(CLOUD_ACCOUNT_NAME) |
| common.accountId | Local variable(CLOUD_ACCOUNT_ID) |
| common.availabilityZone | Local variable(AVAILABILITY_ZONE) |
| common.cloud | Local variable(CLOUD_PLATFORM) |
| common.creationTimestamp, resource.createDate | sourceCreatedDate |
| common.discoveredTimestamp | firstSeen, Local variable(DISCOVERED_DATE) |
| common.modifiedTimestamp, resource.modifiedDate | sourceLastModified |
| common.namespaceId | Local variable(NAMESPACE_ID) |
| common.organizationServiceId | Local variable(CLOUD_ORGANIZATION_ID) |
| common.providerId | Local variable(PROVIDER_ID) |
| common.region | region |
| common.resourceId() | Local variable(RESOURCE_ID) |
| common.resourceName | Local variable(RESOURCE_NAME) |
| common.resourceType | Local variable(RESOURCE_TYPE) |
| common.tags | tags |
| description | description |
| name, | name |
| resource.arn | Local variable(ARN) |
| resource.customerManaged | Local variable(CUSTOMER_MANAGED) |
| resource.isPublic | Local variable(IS_PUBLIC) |
| resource.keyId | Local variable(KEY_ID) |
| resource.keyRotation | Local variable(KEY_ROTATION) |
| resource.name | name |
| resource.origin | Local variable(ORIGIN) |
| resource.parentResourceId | Local variable(PARENT_RESOURCE_ID) |
| resource.resourceCount | Local variable(RESOURCE_COUNT) |
| resource.scheduledDeletionDate | Local variable(SCHEDULED_DELETION_DATE) |
| resource.state | Local variable(STATE) |
| resource.trustedAccounts | Local variable(TRUSTED_ACCOUNTS) |
| resource.uid | uid |
| status, resource.enabled | status |
User Account
Table 7: User Account attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| categories | categories |
| common.account | Local variable(CLOUD_ACCOUNT_NAME) |
| common.accountId | Local variable(CLOUD_ACCOUNT_ID) |
| common.availabilityZone | Local variable(AVAILABILITY_ZONE) |
| common.cloud | Local variable(CLOUD_PLATFORM) |
| common.creationTimestamp | sourceCreatedDate |
| common.discoveredTimestamp | firstSeen, Local variable(DISCOVERED_DATE) |
| common.modifiedTimestamp | sourceLastModified |
| common.namespaceId | Local variable(NAMESPACE_ID) |
| common.organizationServiceId | Local variable(CLOUD_ORGANIZATION_ID) |
| common.providerId | Local variable(PROVIDER_ID) |
| common.region | region |
| common.resourceId | Local variable(RESOURCE_ID) |
| common.resourceName | Local variable(RESOURCE_NAME) |
| common.resourceType | Local variable(RESOURCE_TYPE) |
| common.tags | tags |
| description | description |
| name | name |
| resource.activeApiKeys | Local variable(ACTIVE_API_KEYS) |
| resource.admin | Local variable(ADMIN) |
| resource.ageInDays | Local variable(AGE_IN_DAYS) |
| resource.disabled | status |
| resource.email | |
| resource.inactiveApiKeys | Local variable(INACTIVE_API_KEYS) |
| resource.inlinePolicies | Local variable(INLINE_POLICY_COUNT) |
| resource.loginProfile | Local variable(LOGIN_PROFILE) |
| resource.managedPolicyCount | Local variable(MANAGED_POLICY_COUNT) |
| resource.passwordLastChanged | Local variable(PASSWORD_LAST_CHANGED) |
| resource.passwordLastUsed | Local variable(PASSWORD_LAST_USED) |
| resource.policyCount | Local variable(POLICY_COUNT) |
| resource.twoFactorEnabled | Local variable(MFA_ENABLED) |
| resource.uid | uid |
| resource.userName | username |
| resource.userId | Local variable(USER_ID) |
| status | status |
Violation
Table 8: Violation attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| cloud.id | cloudAccountId |
| finding.identifiedAt | firstFound |
| finding.insightId | type |
| finding.resourceId | targets |
| last found | lastFound |
| status | status |
| status category | statusCategory |
| uid | uid |
Violation Definition
Table 9: Violation Definition attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| categories | categories |
| insight.author | Local variable(AUTHOR) |
| insight.description | summary |
| insight.filters | Local variable(QUERY_FILTERS) |
| insight.insertedAt | sourceCreatedDate |
| insight.name | name |
| insight.notes, notes.getDescription | description |
| insight.released | Local variable(RELEASED) |
| insight.resourceTypes | Local variable(RESOURCE_TYPES) |
| insight.severity | severity(normalized), severityScore, sourceSeverity |
| insight.source | Local variable(SOURCE) |
| insight.supportedClouds | Local variable(SUPPORTED_CLOUDS) |
| insight.updatedAt | sourceLastModified |
| notes.getRecommendation | recommendation |
| uid | uid |
Virtual Machine
Table 10: Virtual Machine attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| categories | categories |
| common.account | Local variable(CLOUD_ACCOUNT_NAME) |
| common.accountId | Local variable(CLOUD_ACCOUNT_ID) |
| common.availabilityZone | Local variable(AVAILABILITY_ZONE) |
| common.cloud | Local variable(CLOUD_PLATFORM) |
| common.creationTimestamp | sourceCreatedDate |
| common.discoveredTimestamp | firstSeen, Local variable(DISCOVERED_DATE) |
| common.modifiedTimestamp | sourceLastModified |
| common.namespaceId | Local variable(NAMESPACE_ID) |
| common.organizationServiceId | Local variable(CLOUD_ORGANIZATION_ID) |
| common.providerId | Local variable(PROVIDER_ID) |
| common.region | region |
| common.resourceId() | Local variable(RESOURCE_ID) |
| common.resourceName | Local variable(RESOURCE_NAME) |
| common.resourceType | Local variable(RESOURCE_TYPE) |
| common.tags | tags |
| description | description |
| instance.imageId | image |
| instance.instanceType | Local variable(INSTANCE_TYPE) |
| instance.launchTime | lastStarted, Local variable(LAUNCH_TIME) |
| instance.networkResourceId | Local variable(NETWORK_ID) |
| instance.object_id | instanceId |
| instance.platform | operatingSystem, Local variable(PLATFORM) |
| instance.privateIpAddress | privateIpAddresses |
| instance.publicIpAddress | publicIpAddresses |
| instance.roleResourceId | Local variable(ROLE_ID) |
| instance.subnetResourceId | Local variable(SUBNET_ID) |
| instance.terminationProtection | Local variable(TERMINATION_PROTECTION) |
| ipAddresses | ipAddresses |
| name | name |
| resource.uid | uid |
| status, instance.state | status |
APIs
The Rapid7 InsightCloudSec connector uses the InsightCloudSec API. Specifically, it uses the following endpoints:
Table 7: Rapid7 InsightCloudSec API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Access Key | v3/public/resource/etl-query |
| Bucket | v3/public/resource/etl-query |
| Cloud Account | v2/public/clouds/list |
| Cloud Log Configuration | v3/public/resource/etl-query |
| Encryption Key | v3/public/resource/etl-query |
| User Account | v3/public/resource/etl-query |
| Violation | v2/public/clouds/list |
v4/insights/findings-per-cloud/%s | |
| Violation Definition | v2/public/insights/list |
| Virtual Machine | v3/public/resource/etl-query |
Changelog
The Rapid7 InsightCloudSec connector has undergone the following changes:
Table 8: Rapid7 InsightCloudSec connector changelog
This connector is part of a bundled release with other connectors from the same vendor. If a version shows "No change", it means that the connector version was updated for consistency as part of the bundle, but no functional changes were made to this specific connector. You can update to or skip this version without affecting your existing configuration.
| Version | Description | Date Published |
|---|---|---|
| 3.4.15 | No change. | July 14th, 2025 |
| 3.4.14 | No change. | July 8th, 2025 |
| 3.4.13 | No change. | June 26th, 2025 |
| 3.4.12 | No change. | May 7th, 2025 |
| 3.4.11 | No change. | April 23rd, 2025 |
| 3.4.10 | No change. | April 9th, 2025 |
| 3.4.9 | No change. | February 25th, 2025 |
| 3.4.8 | No change. | January 22nd, 2025 |
| 3.4.7 | No change. | November 30th, 2024 |
| 3.4.6 | No change. | November 27th, 2024 |
| 3.4.5 | No change. | October 31st, 2024 |
| 3.4.4 | No change. | September 26th, 2024 |
| 3.4.3 | No change. | September 25th, 2024 |
| 3.4.2 | No change. | September 22nd, 2024 |
| 3.4.1 | Added the PROVIDER_STATUS and SOURCE_STATUS attributes to the Violation object. | September 21st, 2024 |
| 3.4.0 | No change. | September 20th, 2024 |
| 3.3.3 | No change. | August 23rd, 2024 |
| 3.3.2 | No change. | June 19th, 2024 |
| 3.3.1 | No change. | May 16th, 2024 |
| 3.3.0 | No change. | April 19th, 2024 |
| 3.2.8 | No change. | April 8th, 2024 |
| 3.2.7 | Code clean up and general maintenance. | March 31st, 2024 |
| 3.2.6 | Added new additional settings to help manage API throttling and optimize API call handling: Request timeout and Maximum retries. | March 30th, 2024 |
| 3.2.5 | Updated the paging logic. | March 27th, 2024 |
| 3.2.4 | Code clean up and general maintenance. | March 27th, 2024 |
| 3.2.3 | Code clean up and general maintenance. | March 27th, 2024 |
| 3.2.2 | Code clean up and general maintenance. | March 27th, 2024 |
| 3.2.1 | Added a new additional setting for configuring connections: Page size. | March 22nd, 2024 |
| 3.2.0 | Initial Integration+ release. | March 5th, 2024 |