Overview
SA-Rapid7Assets for Enterprise Security connects Rapid7 InsightVM's vulnerability management data with Splunk ES's asset framework. Vulnerability scanners maintain detailed inventories of every scanned asset — operating system, open ports, installed software, and known CVEs. This add-on makes that information available inside Splunk so analysts can immediately understand the risk posture of any asset involved in a security event.
When an alert fires in ES, analysts often need to answer: is this asset patched? Is it running end-of-life software? Does it have known critical vulnerabilities? SA-Rapid7Assets answers those questions automatically by enriching the asset lookup with InsightVM data.
How It Works
The add-on queries the Rapid7 InsightVM API to retrieve asset records including hostname, IP address, operating system, and risk score. This data is normalized to ES's asset schema and written to the asset lookup on a configurable schedule. The integration supports large environments by paginating through results efficiently and only updating changed records. Documentation and setup instructions are available at the project site.