Configure the Rapid7 Vulnerability Integration

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 8 minutes de lecture

    • Configure the Rapid7 Vulnerability Integration after the application is installed and activated on your ServiceNow AI Platform®.

    Avant de commencer

    Role required: The administrator [admin] downloads and installs the app. The sn_vul.vulnerability_admin or sn_vul.admin oversees configuration and verifies expected results.

    Procédure

    1. After the application is activated (installed), navigate to Rapid7 Vulnerability Integration > Administration > Configuration.
    2. Select an integration type from the list.
      Figure 1. Integration type list
      Integration type drop-down menu.
    3. Select an integration instance.
      The default Rapid7 InsightVM integration instance is selected by default. If that is the integration type you want, follow these steps. If you want to configure the Rapid7 data warehouse integration type, proceed to step 4.
      1. With the Integration Setup tab selected on the form that is displayed, fill in the fields:
        Tableau 1. Integration Setup tab for InsightVM integration type
        Field Description
        InsightVM Region The server URL you acquired from the Rapid7 site.
        API Key The API key you acquired from your Rapid7 Insight account.
        Validation Status Read only: Status of credential validation process.
      2. Verify successful configuration by clicking Test credentials.
        If an error message is displayed during the configuration, reenter your data.
      3. After a successful test, click Save.
      4. Click the Import Configuration tab.

        On the form that is displayed, fill in the fields.

        Tableau 2. Import Configuration tab for InsightVM
        Field Description
        Min CVSS score Minimum vulnerable item CVSS score used to filter vulnerable items during import.
        Max CVSS score Maximum vulnerable item CVSS score used to filter vulnerable items during import.
        Site filter

        Limits the data to the Rapid7 InsightVM sites chosen from the Sites list. See Filtering by Rapid7 sites. You can choose more than one site. The default (empty) brings in all sites. To pre-populate the Sites list, run the Rapid7 Site Integration — API prior to setting this field.

        For information on using site filtering, see Filtering by Rapid7 sites.
        Auto-create CVE Entry The system property to create a CVE Entry is active (true) by default. CVE placeholders are created automatically with the Rapid7 knowledge ingestion if the CVE ID does not exist.

        If you want this feature inactive, deactivate the property [sn_vul_r7.create_cve_for_vulnerabilities] from the System Properties list.
        Reopen resolved by age When selected, vulnerable items are automatically reopened when the number of days they have been resolved but not closed matches the value displayed in the Reopen resolved after field.
      5. Click Save.

        For multiple deployments of the Rapid7 InsightVM integration type:

      6. On Integration Instance field open the Lookup list Search icon and select an existing integration instance or click New in the pop-up menu.
      7. For New, enter a Name for the integration instance and click Submit.
        The integration type appears in the Rapid7 configuration form.
        Remarque :
        You can delete any integration instance except the default. Deleting an instance deletes the following (excluding VIs):
        • Integrations
        • Instance Parameters
        • Integration Runs
        • Integration Processes
        • Instance column on the VI is marked empty
      8. Verify successful configuration by clicking Test credentials.
      9. After a successful test, click Save.
    4. In the Integration Type field, expand the list and click Data Warehouse.
      1. Select the Integration Setup tab.

        On the form that is displayed, fill in the fields.

        Tableau 3. Integration Setup tab for Data Warehouse Integration type
        Field Description
        JDBC credential name Name of your data warehouse credentials.
        User name Rapid7 data warehouse user name.
        Password Rapid7 data warehouse password.
        Validation Status Read only: Status of credential validation process.
        Validation Detail Read only: Data warehouse only. Shows additional information about the validation check after you have clicked Test Credentials at least once. This can be useful in debugging your setup, (for example, validating if your MID server is configured incorrectly, or you just have the credentials wrong.
        Database server DNS/IP DNS or IP address for your data warehouse.
        Database port Port to use for your data warehouse integration.
        Database name Name of your data warehouse.
        Data delay offset (Days) The data delay offset factors in the delay between the real-time data in the Rapid7 Nexpose scanner and the data in the data warehouse.
        MID Server MID Server to use. Only standalone MID servers are supported. Clustered MID servers are not supported.
        MID Server timeout (min) Number of minutes to wait for the MID Server to respond before timing out the integration run.
      2. Verify successful configuration by clicking Test credentials.
      3. After a successful test, click Save.
      4. Click the Import Configuration tab.

        On the form that is displayed, fill in the fields.

        Tableau 4. Import Configuration tab for Data Warehouse
        Field Description
        Prior to v12.0: Create CVE entry check box When checked, placeholders for CVEs, not already present, are created as NVD records and referenced in the third-party entry for Rapid7. When unchecked, these CVEs are ignored.
        Min CVSS score Minimum vulnerable item CVSS score used to filter vulnerable items during import.
        Max CVSS score Maximum vulnerable item CVSS score used to filter vulnerable items during import.
        Site filter Limits the imported Sites Integration data to the sites chosen. You can choose more than one.
        Remarque :
        Since the default setting is to import data from all sites, you do not need to use the filter if you want all sites. Doing so slows down the request.
        Reopen resolved by age When selected, vulnerable items are automatically reopened when the number of days they have been resolved but not closed matches the value displayed in the Reopen resolved after field.
    5. Click Save.
    6. Facultatif : If you want to set a start date in the Rapid7 Vulnerability Integration - API and the Rapid7 Vulnerable Item Integration - API integration records to retrieve historical data during your initial import from the Rapid7 scan, follow these steps.
      You might use this data to help you with Closing stale detections in Vulnerability Response.
      1. Navigate to Rapid7 Vulnerability Integration > Administration > Integrations.
        The Rapid7 Integrations list is displayed.
      2. Click one of the integration records to open it.

        Near the top of the form, click the here link to edit the record.

        The Import since date field in the Rapid7 integrations is blank, by default, except for the Rapid7 Vulnerability Integration - API and the Rapid7 Vulnerable Item Integration - API. For these integrations, these fields are set to 1998-12-31 or 1999-01-01.

        To retrieve historical data during your initial import from the Rapid7 scan, set a start date in the appropriate integration records. This process works for any Rapid7 integration with the following exceptions:
        • The Rapid7 Exploit and Malware Kit integrations do not show the Import since field, because they do not do delta updates and therefore do not use that field.
        • The Rapid7 Asset List integration ignores the field since its intent is to retrieve all data.
        • For the initial run of the Rapid7 InsightVM Comprehensive Vulnerable Item Integration – API when the Auto-Close Stale Vulnerable Items module is enabled and the Import since field is left blank.

          When you enable the auto-close feature, a successful run from the Rapid7 Comprehensive Vulnerable Item Integration or the Rapid7 Comprehensive Vulnerable Item Integration - API is required. These integrations are disabled by default.

          When you enable the Rapid7 InsightVM Comprehensive Vulnerable Item Integration – API, if you leave the Import since field blank on the integration configuration page, the value in the days ago field of the Auto-Close Stale Vulnerable Items form is also used for the Import since date on the first integration run. The default value for Auto-Close Stale Vulnerable Items is (90 days).

          For example, if the days ago field in the Auto-Close Stale Vulnerable Items form is 90, and the Import since field on the Rapid7 Comprehensive Vulnerable Item Integration – API configuration page is blank, the first integration run imports the data for the last 90 days.

          This relationship between the Import since and days ago fields applies only to the first integration run. After that, changing the days ago field on the Auto-Close Stale Vulnerable Items form doesn’t affect the Import since field on the Rapid7 Comprehensive Vulnerable Item Integration – API configuration page. The field is changed to the first run’s start time so that the subsequent integration runs import only the delta information

          The Import since field is editable, and you can enter whatever values you want for each of the integrations.

    7. Navigate to All > sn_sec_int_impl.list > Rapid7 InsightVM.
      1. The import_startime_buffer_comprehensive integration instance parameter sets a buffer time of 24 hours prior to the time specified in the Import since field so that the assets that are scanned from this buffer time are fetched during the Rapid7 Comprehensive Vulnerable Item Integration - API integration run.
        You can modify this buffer time according to your requirement.
      2. Facultatif : Set the close_stale_detections parameter to true to close the stale detections that are no longer coming through the Rapid7 API for the assets that are scanned and retrieved through the Rapid7 API via Rapid7 Comprehensive Vulnerable Item Integration - API.

      You have successfully completed the set up, installation, and configuration steps for the Rapid7 Vulnerability Integration. You are now ready to review and verify imported data.

    Que faire ensuite

    The Rapid7 and Qualys scanners are deactivated by default in the Vulnerability Response application. If you try to perform a rescan from the vulnerable items or remediation tasks that have these applications as a source, the Rescan button is not available.

    To activate these scanners, as a user with the sn_vul.vulnerability_admin role:

    1. Navigate to All > Vulnerability Response > Vulnerability Scanning > Scanners.
    2. Locate the scanner product you want to activate and click the record to open it.
    3. Select the Active check box.
    4. Click Update.

      The product you activated is displayed in the Source field on vulnerable item and remediation task records after the next import, and Rescan is available as a UI action.

    If your environment requires domain-separated imports, see Create domain-separated imports for an integration.

    To create or refine your lookup rules prior to import, see Create a Vulnerability Response CI lookup rule.