Seamlessly deploy patches for the vulnerabilities detected by InsightVM (On-Prem)

The Patch Manager Plus and InsightVM (On-Prem) integration streamlines the process from vulnerability detection to remediation. This empowers IT administrators to effortlessly deploy patches from the Patch Manager Plus console for vulnerabilities detected by InsightVM (On-Prem). No more hassle of switching between multiple dashboards or manually correlating vulnerabilities with their patches. The Patch Manager Plus - InsightVM (On-Prem) integration simplifies these tasks and streamlines the entire process.

Steps to integrate InsightVM (On-Prem) with Patch Manager Plus

Configure API Settings in Patch Manager Plus

• Navigate to Admin > Integrations > Threat scanner settings and click on InisghtVM (On-prem).

• Enter the login credentials of InsightVM - base URL, Username and Password. User with Basic permissions is sufficient to integrate.

• If Two-Factor Authentication is activated on Rapid7, you can subsequently enable Two-Factor Authentication within Patch Manager Plus and provide the authentication token generated from the InsightVM Security Console.

• If a proxy is configured to block access to the local InsightVM server, you can enable the Skip Proxy option, but only if the InsightVM hosted server URL is not globally whitelisted. Enabling this option overrides the proxy settings, allowing direct connection to the InsightVM server.
• Configure the frequency at which you want the data sync to happen.
• Click on Save to enable the Integration.

Workflow

• After enabling the Integration, Patch Manager Plus will import the vulnerability details and the affected machine details from Insight VM (on-prem).
• Identify the corresponding patch/fix for the respective vulnerabilities and remediate those vulnerabilities by installing the appropriate patch.
• Threats detected by Insight VM (On-prem), with the patch availability, will be listed under Insight VM (On-prem) Threats. Users can also deploy patches for vulnerabilities from this view.

Patch Mapping is based on CVE of the vulnerability. There might be chance for a vulnerability to map patches with more than one vendors/products.

FAQs

1) How is InsightVM data imported into Patch Manager Plus?

Data is imported using the provided credentials and configurations. Additionally, the Reports API is utilized to fetch data from InsightVM.

2) How patches are corelated with the vulnerabilities in Patch Manager Plus?

The patches are automatically corelated by utlizing the CVE IDs associated with the vulnerabilities.

3) Do we need to perform scanning post-patching or, or does Insight VM automatically receive updated data once Patch Manager Plus patches the vulnerabilities?

After initiating a Manual Deployment task in Patch Manager Plus and successfully deploying the patches, it is necessary to perform a scan in InsightVM to ensure the latest scan results are updated.

4) Why do certain assets managed in Insight VM not listed in Patch Manager Plus?

Only assets with the Patch Manager Plus agent installed will be listed and their corresponding vulnerabilities will be added accordingly.

5) Why has the vulnerability not been remediated even after deploying the corresponding patch?

This is because certain vulnerabilities have multiple patches available. You can find further instructions in the Remediation section on Rapid7.

6) How can I integrate only a specific set of computers into Rapid7?

To integrate only a specific set of computers, you can add them to the Sites -> Asset Groups section on Rapid7 for seamless integration.

7) Why are certain vulnerabilities marked as Not Available in terms of Patch Availability?

Patches for vulnerabilities detected by InsightVM are mapped by comparing with the imported CVE information. Specifically, only patches supported by Patch Manager Plus will be associated with InsightVM detected vulnerabilities. Check the list of supported applications for reference. You can find further instructions in the Remediation section on Rapid7. Note: Patch Manager Plus currently does not support patching user installed applications.