If you're having trouble at any stage please contact us at support@skyformation.com.
Preface
For more information about Rapid7 InsightVM, please visit:
The main challenges and needs are to:
- Get all audit events and alerts from Rapid7 InsightVM service into your SIEM/Log management system.
- The granular alerts and events should be available at the organization’s central log or event management system for compliance, investigation or forensic needs.
What is it
SkyFormation for Rapid7 InsightVM Connector is part of the SkyFormation Collect (c) module. It continuously retrieves events and alerts from the different sources/APIs in the Rapid7 InsightVM cloud service and sends the events in a unified format to any existing SIEM/Log management system.
How it works
SkyFormation for Rapid7 InsightVM Connector retrieves the events from the Rapid7 InsightVM cloud service through its APIs. Before sending the events to the existing SIEM/SOC system the connector will
- Unify the events into the SkyFormation unified application events format
- Embed the origin event into the SkyFormation event as a blob
- Parse the origin event into a set of dedicated key-value fields
- Enrich the event with detection context (e.g. AD identity information)
- Encode the resulted event into the target SIEM/SOC system standard format (e.g. CEF)
- Send the event to the existing SIEM/SOC system over syslog
Connector's API/Audit Sources & Events Supported
Audit Source (API) | Service/Module Covered | Event Included |
---|---|---|
Report |
Rapid7 InsightVM vulnerability reports |
How to add Rapid7 InsightVM Connector to SkyFormation app
Adding SkyFormation for Rapid7 InsightVM connector
Comments
0 comments
Please sign in to leave a comment.