
Rapid7 InsightCloudSec
Cloud Security- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The Rapid7 InsightCloudSec connector integrates with the Rapid7 InsightCloudSec cloud security posture management (CSPM) platform through its REST API (v2/v3/v4). It synchronizes connected cloud accounts and the resources discovered within them — access keys, storage buckets, cloud log configurations, encryption keys, user accounts, and virtual machines — along with the policy insights (violation definitions) and the violations raised against cloud resources. The data is mapped into the Brinqa Unified Data Model (UDM) as Cloud Accounts, Cloud Resources, Hosts, Violations, and Violation Definitions.
Data retrieved from Rapid7 InsightCloudSec
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Cloud Account | Yes | Cloud Account |
| Access Key | Yes | Cloud Resource |
| Bucket | Yes | Cloud Resource |
| Cloud Log Configuration | Yes | Cloud Resource |
| Encryption Key | Yes | Cloud Resource |
| User Account | Yes | Cloud Resource |
| Virtual Machine | Yes | Host |
| Violation | Yes | Violation |
| Violation Definition | Yes | Violation Definition |
Model relationships
For detailed steps on how to view the data retrieved from Rapid7 InsightCloudSec in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select Rapid7 InsightCloudSec from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| Server URL | Yes | https://insightcloudsec.mycompany.com | Rapid7 Nexpose server url |
| Username | No | — | Rapid7 Nexpose user login |
| Password | No | — | Rapid7 Nexpose user password |
| SSL / TLS | No | false | Skip certificate verification |
| Cloud Properties | No | — | Comma delimited list of cloud properties to promote as attributes on the host. |
Authentication
The connector authenticates to InsightCloudSec using an API Key. The configured key is sent on every request in the X-Api-Key header. No token-exchange step is performed; the same key is reused for every subsequent API call.
Endpoint
| Method | URL |
|---|---|
GET | https://<host>/v2/public/clouds/list |
Request Headers
| Header | Value |
|---|---|
X-Api-Key | <API key> |
Accept | application/json |
Content-Type | application/json (on POST query requests) |
Sample Response
{
"clouds": [
{
"account_id": "123456789012",
"name": "Production AWS",
"type_id": "AWS",
"status": "Active"
}
]
}
Usage
A 200 OK response confirms the key is valid. The same X-Api-Key value is reused on every model sync request.
How to obtain Rapid7 InsightCloudSec credentials
Obtain the required credentials (url, apiKey) from your Rapid7 InsightCloudSec administrator or the Rapid7 InsightCloudSec admin console, then enter them in the connection settings above.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Cloud Account
| Source Field Name | SDM Attribute |
|---|---|
cloud.accountId | UID |
cloud.creationTime | SOURCE_CREATED_DATE |
cloud.edhRole | EDH_ROLE |
cloud.groupResourceId | GROUP_RESOURCE_ARN |
cloud.lastRefreshed | LAST_REFRESHED |
cloud.name | NAME |
cloud.resourceCount | RESOURCE_COUNT |
cloud.resourceId | RESOURCE_ID |
cloud.roleArn | ROLE_ARN |
cloud.status | STATUS |
cloud.tenantId | TENANT_ID |
cloud.typeId | CLOUD_PLATFORM |
Access Key
| Source Field Name | SDM Attribute |
|---|---|
| cloud resource, identity | CATEGORIES |
common.account | CLOUD_ACCOUNT_NAME |
common.accountId | CLOUD_ACCOUNT_ID |
common.availabilityZone | AVAILABILITY_ZONE |
common.cloud | CLOUD_PLATFORM |
common.discoveredTimestamp | FIRST_SEEN |
common.discoveredTimestamp | DISCOVERED_DATE |
common.modifiedTimestamp | SOURCE_LAST_MODIFIED |
common.organizationServiceId | CLOUD_ORGANIZATION_ID |
common.providerId | PROVIDER_ID |
common.region | REGION |
common.resourceId | RESOURCE_ID |
common.resourceName | RESOURCE_NAME |
common.resourceName (else common.resourceId) | NAME |
common.resourceType | RESOURCE_TYPE |
common.tags (as key:value) | TAGS |
generated from name + common.cloud + common.resourceType | DESCRIPTION |
resource.accessKeyId | KEY_ID |
resource.ageInDays | AGE_IN_DAYS |
resource.createDate (else common.creationTimestamp) | SOURCE_CREATED_DATE |
resource.expirationDate | EXPIRATION_DATE |
resource.lastUsedDate | LAST_USED_DATE |
resource.namespaceId (else common.namespaceId) | NAMESPACE_ID |
resource.roleName | PRINCIPAL_NAME |
resource.roleResourceId | PRINCIPAL_RESOURCE_ID |
resource.status (else active) | STATUS |
resource.uid | UID |
resource.userManaged | USER_MANAGED |
Bucket
| Source Field Name | SDM Attribute |
|---|---|
active (default) | STATUS |
| cloud resource, storage | CATEGORIES |
common.account | CLOUD_ACCOUNT_NAME |
common.accountId | CLOUD_ACCOUNT_ID |
common.availabilityZone | AVAILABILITY_ZONE |
common.cloud | CLOUD_PLATFORM |
common.discoveredTimestamp | FIRST_SEEN |
common.discoveredTimestamp | DISCOVERED_DATE |
common.modifiedTimestamp | SOURCE_LAST_MODIFIED |
common.namespaceId | NAMESPACE_ID |
common.organizationServiceId | CLOUD_ORGANIZATION_ID |
common.providerId | PROVIDER_ID |
common.region | REGION |
common.resourceId | RESOURCE_ID |
common.resourceName | RESOURCE_NAME |
common.resourceName (else common.resourceId) | NAME |
common.resourceType | RESOURCE_TYPE |
common.tags (as key:value) | TAGS |
generated from name + common.cloud + common.resourceType | DESCRIPTION |
resource.creationDate (else common.creationTimestamp) | SOURCE_CREATED_DATE |
resource.globalEncryption | GLOBAL_ENCRYPTION |
resource.impairedVisibility | IMPAIRED_VISIBILITY |
resource.isPublic | IS_PUBLIC |
resource.lifecyclePolicy | LIFECYCLE_POLICY |
resource.locationType | LOCATION_TYPE |
resource.minimalTlsVersion | MINIMAL_TLS_VERSION |
resource.objectCount | OBJECT_COUNT |
resource.totalSize | TOTAL_SIZE |
resource.transitEncryption | TRANSIT_ENCRYPTION |
resource.trustedAccounts | TRUSTED_ACCOUNTS |
resource.uid | UID |
resource.uniformAccess | UNIFORM_ACCESS |
resource.versioning | VERSIONING |
resource.website | WEBSITE |
Cloud Log Configuration
| Source Field Name | SDM Attribute |
|---|---|
active (default) | STATUS |
| cloud resource | CATEGORIES |
common.account | CLOUD_ACCOUNT_NAME |
common.accountId | CLOUD_ACCOUNT_ID |
common.availabilityZone | AVAILABILITY_ZONE |
common.cloud | CLOUD_PLATFORM |
common.creationTimestamp | SOURCE_CREATED_DATE |
common.discoveredTimestamp | FIRST_SEEN |
common.discoveredTimestamp | DISCOVERED_DATE |
common.modifiedTimestamp | SOURCE_LAST_MODIFIED |
common.namespaceId | NAMESPACE_ID |
common.organizationServiceId | CLOUD_ORGANIZATION_ID |
common.providerId | PROVIDER_ID |
common.region | REGION |
common.resourceId | RESOURCE_ID |
common.resourceName | RESOURCE_NAME |
common.resourceType | RESOURCE_TYPE |
common.tags (as key:value) | TAGS |
generated from name + common.cloud + common.resourceType | DESCRIPTION |
resource.isLogging | IS_LOGGING |
resource.locked | LOCKED |
resource.multiRegion | MULTI_REGION |
resource.name (else common.resourceName/common.resourceId) | NAME |
resource.retentionDays | RETENTION_DAYS |
resource.storageContainerName | BUCKET_NAME |
resource.uid | UID |
Encryption Key
| Source Field Name | SDM Attribute |
|---|---|
| cloud resource, secret key | CATEGORIES |
common.account | CLOUD_ACCOUNT_NAME |
common.accountId | CLOUD_ACCOUNT_ID |
common.availabilityZone | AVAILABILITY_ZONE |
common.cloud | CLOUD_PLATFORM |
common.discoveredTimestamp | FIRST_SEEN |
common.discoveredTimestamp | DISCOVERED_DATE |
common.namespaceId | NAMESPACE_ID |
common.organizationServiceId | CLOUD_ORGANIZATION_ID |
common.providerId | PROVIDER_ID |
common.region | REGION |
common.resourceId | RESOURCE_ID |
common.resourceName | RESOURCE_NAME |
common.resourceType | RESOURCE_TYPE |
common.tags (as key:value) | TAGS |
generated from name + common.cloud + common.resourceType | DESCRIPTION |
resource.arn | ARN |
resource.createDate (else common.creationTimestamp) | SOURCE_CREATED_DATE |
resource.customerManaged | CUSTOMER_MANAGED |
resource.enabled (active/inactive) | STATUS |
resource.isPublic | IS_PUBLIC |
resource.keyId | KEY_ID |
resource.keyRotation | KEY_ROTATION |
resource.modifiedDate (else common.modifiedTimestamp) | SOURCE_LAST_MODIFIED |
resource.name (else common.resourceName/common.resourceId) | NAME |
resource.origin | ORIGIN |
resource.parentResourceId | PARENT_RESOURCE_ID |
resource.resourceCount | RESOURCE_COUNT |
resource.scheduledDeletionDate | SCHEDULED_DELETION_DATE |
resource.state | STATE |
resource.trustedAccounts | TRUSTED_ACCOUNTS |
resource.uid | UID |
User Account
| Source Field Name | SDM Attribute |
|---|---|
| cloud resource | CATEGORIES |
common.account | CLOUD_ACCOUNT_NAME |
common.accountId | CLOUD_ACCOUNT_ID |
common.availabilityZone | AVAILABILITY_ZONE |
common.cloud | CLOUD_PLATFORM |
common.creationTimestamp | SOURCE_CREATED_DATE |
common.discoveredTimestamp | FIRST_SEEN |
common.discoveredTimestamp | DISCOVERED_DATE |
common.modifiedTimestamp | SOURCE_LAST_MODIFIED |
common.namespaceId | NAMESPACE_ID |
common.organizationServiceId | CLOUD_ORGANIZATION_ID |
common.providerId | PROVIDER_ID |
common.region | REGION |
common.resourceId | RESOURCE_ID |
common.resourceName | RESOURCE_NAME |
common.resourceName (else common.resourceId) | NAME |
common.resourceType | RESOURCE_TYPE |
common.tags (as key:value) | TAGS |
generated from name + common.cloud + common.resourceType | DESCRIPTION |
resource.activeApiKeys | ACTIVE_API_KEYS |
resource.admin | ADMIN |
resource.ageInDays | AGE_IN_DAYS |
resource.disabled (inactive/active) | STATUS |
resource.email | |
resource.inactiveApiKeys | INACTIVE_API_KEYS |
resource.inlinePolicies | INLINE_POLICY_COUNT |
resource.loginProfile | LOGIN_PROFILE |
resource.managedPolicyCount | MANAGED_POLICY_COUNT |
resource.passwordLastChanged | PASSWORD_LAST_CHANGED |
resource.passwordLastUsed | PASSWORD_LAST_USED |
resource.policyCount | POLICY_COUNT |
resource.twoFactorEnabled | MFA_ENABLED |
resource.uid | UID |
resource.userId | USER_ID |
resource.userName | USERNAME |
Virtual Machine
| Source Field Name | SDM Attribute |
|---|---|
| cloud resource, virtual machine | CATEGORIES |
common.account | CLOUD_ACCOUNT_NAME |
common.accountId | CLOUD_ACCOUNT_ID |
common.availabilityZone | AVAILABILITY_ZONE |
common.cloud | CLOUD_PLATFORM |
common.creationTimestamp | SOURCE_CREATED_DATE |
common.discoveredTimestamp | FIRST_SEEN |
common.discoveredTimestamp | DISCOVERED_DATE |
common.modifiedTimestamp | SOURCE_LAST_MODIFIED |
common.namespaceId | NAMESPACE_ID |
common.organizationServiceId | CLOUD_ORGANIZATION_ID |
common.providerId | PROVIDER_ID |
common.region | REGION |
common.resourceId | RESOURCE_ID |
common.resourceName | RESOURCE_NAME |
common.resourceName (else common.resourceId) | NAME |
common.resourceType | RESOURCE_TYPE |
common.tags (as key:value) | TAGS |
generated from name + common.cloud + common.resourceType | DESCRIPTION |
instance.imageId | IMAGE |
instance.instanceType | INSTANCE_TYPE |
instance.launchTime | LAST_STARTED |
instance.launchTime | LAUNCH_TIME |
instance.networkResourceId | NETWORK_ID |
instance.object_id | INSTANCE_ID |
instance.platform | OPERATING_SYSTEM |
instance.platform | PLATFORM |
instance.privateIpAddress | PRIVATE_IP_ADDRESSES |
instance.privateIpAddress, instance.publicIpAddress | IP_ADDRESSES |
instance.publicIpAddress | PUBLIC_IP_ADDRESSES |
instance.roleResourceId | ROLE_ID |
instance.state (normalized, else active) | STATUS |
instance.subnetResourceId | SUBNET_ID |
instance.terminationProtection | TERMINATION_PROTECTION |
resource.uid | UID |
Violation
| Source Field Name | SDM Attribute |
|---|---|
derived from status (active) | STATUS_CATEGORY |
derived from status (active) | SOURCE_STATUS |
derived from status (active) | PROVIDER_STATUS |
generated (active) | STATUS |
generated (Instant.now) | LAST_FOUND |
insight.uid | TYPE |
resource.cloudAccountId | CLOUD_ACCOUNT_ID |
resource.cloudAccountName | CLOUD_ACCOUNT_NAME |
resource.resourceId | TARGETS |
resource.resourceId + _ + insight.uid (generated) | UID |
Violation Definition
| Source Field Name | SDM Attribute |
|---|---|
insight.author | AUTHOR |
insight.description | SUMMARY |
insight.filters[].name | QUERY_FILTERS |
insight.insertedAt | SOURCE_CREATED_DATE |
insight.name | NAME |
insight.notes (raw, then parsed Overview section) | DESCRIPTION |
insight.released | RELEASED |
insight.resourceTypes | RESOURCE_TYPES |
insight.severity | SOURCE_SEVERITY |
insight.severity (normalized to score) | SEVERITY_SCORE |
insight.severity (normalized) | SEVERITY |
insight.source | SOURCE |
insight.supportedClouds | SUPPORTED_CLOUDS |
insight.supportedClouds + insight.supportedIacClouds + insight.tags | CATEGORIES |
insight.uid | UID |
insight.updatedAt | SOURCE_LAST_MODIFIED |
parsed insight.notes (Remediation / references sections) | RECOMMENDATION |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Cloud Account
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /v2/public/clouds/list
Access Key
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
POST /v3/public/resource/etl-query
Bucket
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
POST /v3/public/resource/etl-query
Cloud Log Configuration
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
POST /v3/public/resource/etl-query
Encryption Key
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
POST /v3/public/resource/etl-query
User Account
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
POST /v3/public/resource/etl-query
Virtual Machine
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
POST /v3/public/resource/etl-query
Violation
Operation options
| Option | Type | Default | Description |
|---|---|---|---|
packIds | String[] | — | Restrict to specific insight pack IDs (pack_ids) |
resourceTypes | String[] | — | Restrict to specific resource types (resource_types) |
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /v2/public/insights/list
Violation Definition
Operation options
| Option | Type | Default | Description |
|---|---|---|---|
packIds | String[] | — | Restrict to specific insight pack IDs (pack_ids) |
resourceTypes | String[] | — | Restrict to specific resource types (resource_types) |
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /v2/public/insights/list
Changelog
The Rapid7 InsightCloudSec connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.4.27 | No changes in this release. | N/A |
| 3.4.26 | No changes in this release. | N/A |
| 3.4.25 | No changes in this release. | N/A |
| 3.4.24 | No changes in this release. | N/A |
| 3.4.23 | No changes in this release. | N/A |
| 3.4.22 | No changes in this release. | N/A |
| 3.4.21 | No changes in this release. | N/A |
| 3.4.20 | No changes in this release. | N/A |
| 3.4.19 | No changes in this release. | N/A |
| 3.4.18 | No changes in this release. | N/A |
| 3.4.17 | No changes in this release. | N/A |
| 3.4.16 | No changes in this release. | N/A |
| 3.4.15 | No changes in this release. | N/A |
| 3.4.14 | No changes in this release. | N/A |
| 3.4.13 | No changes in this release. | N/A |
| 3.4.12 | No changes in this release. | N/A |
| 3.4.11 | Dependency Upgrades Updated shared model, connector-common, and HTTP client libraries. | N/A |
| 3.4.10 | Dependency Upgrades Updated the shared data model library. | N/A |
| 3.4.9 | Dependency Upgrades Updated the shared data model and CVSS calculator libraries. | N/A |
| 3.4.8 | No changes in this release. | N/A |
| 3.4.7 | No changes in this release. | N/A |
| 3.4.6 | No changes in this release. | N/A |
| 3.4.5 | No changes in this release. | N/A |
| 3.4.4 | Dependency Upgrades Switched the local storage engine library used during synchronization. | N/A |
| 3.4.3 | Improvements - Improved HTTP error handling and diagnostics, including clearer messages for bad-request, unauthorized, forbidden, and not-found responses returned by InsightCloudSec. | N/A |
| 3.4.2 | No changes in this release. | N/A |
| 3.4.1 | Improvements - Violation findings now populate standardized provider and source status attributes so finding state is represented consistently across connectors. | • Violation: Finding status is now recorded on the standardized Provider Status and Source Status attributes instead of the previous status fields. Run a full re-sync so existing violations are re-keyed to the new status attributes. |
| 3.4.0 | Bug Fixes - Fixed configuration validation so the request timeout value is checked against its own allowed range instead of being validated against the max-retries setting. | N/A |
| 3.3.3 | Dependency Upgrades Updated the shared data model and local-store libraries. | N/A |
| 3.3.2 | No changes in this release. | N/A |
| 3.3.1 | No changes in this release. | N/A |
| 3.3.0 | Dependency Upgrades Updated the shared data model library. | N/A |
| 3.2.8 | No changes in this release. | N/A |
| 3.2.7 | No changes in this release. | N/A |
| 3.2.6 | New Features - Added a configurable request timeout so the connection wait time for InsightCloudSec API requests can be tuned per environment. Improvements - Added validation for the page size, parallel-requests, max-retries, and request-timeout configuration values, with clearer error messages when an invalid value is supplied. | N/A |
| 3.2.5 | Improvements - Violations now use a stable identifier that combines the insight source and ID, ensuring violations are de-duplicated correctly across data sources. | • Violation: The unique identifier for violations changed to include the insight source. Run a full re-sync so existing violations are re-keyed to the new identifier and stale records are cleared. |
| 3.2.4 | Improvements - Improved compatibility with older InsightCloudSec API responses that do not return per-resource-type failure counts, so violations are still collected in those environments. | N/A |
| 3.2.3 | Bug Fixes - Fixed an error that could occur when an insight reported no per-resource-type failure counts, preventing violation collection from failing. | N/A |
| 3.2.2 | New Features - Added collection of violations and their affected cloud resources from the InsightCloudSec insights API, expanding violation coverage beyond cloud-native findings. | N/A |
| 3.2.1 | Improvements - Set a sensible default page size for InsightCloudSec API requests. Bug Fixes - Fixed cursor-based pagination so resource queries correctly retrieve all pages instead of stopping after the first page. | N/A |
| 3.2.0 | Overview The Rapid7 InsightCloudSec connector integrates with Rapid7 InsightCloudSec (CSPM) to synchronize cloud accounts, cloud resources, virtual machines, and policy violations into Brinqa. Category: Cloud Security Models | N/A |