![Hyperproof.Io [Test] Help Center](https://downloads.intercomcdn.com/i/o/xgk1dxp2/757668/427b255f2659cc7e0853d6a00ec1/628914ae2617199b7d999ba797a5305a.png)
Hyperproof supports collecting proof from Rapid7.
Note: Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance in meeting the requirements to integrate with Hyperproof and collect the proof you need.
When you create a Hypersync between Hyperproof and Rapid7, you can automatically collect the following proof types:
Rapid7 proof types and fields
Proof type | Fields | Testable |
List of Assets | Hostname, IP Address, Operating System, Services, Last Scanned, Assessed for Policies, Assessed for Vulnerabilities, Vulnerabilities, Risk Score | Yes |
List of Asset Groups | Name, Description, Assets, Vulnerabilities, Risk Score, Type | Yes |
List of Users | Name, Username, Email, Role, Enabled, Lockout | Yes |
Vulnerabilities by Asset | Vulnerability, Severity, Status, First Recorded, CVSS Severity | Yes |
Vulnerabilities by Site | Asset, Site, Vulnerability, Severity, Status, First Recorded, CVSS Severity | Yes |
Requirements
To connect to Rapid7 and collect proof, your Rapid7 configuration must meet the following requirements.
InsightVM Security Console
The InsightVM Security Console is an on-premises tool that the Rapid7 Hypersync connects to directly to automate proof collection. InsightVM is typically hosted within your network infrastructure, but it can also be hosted directly by Rapid7.
Depending on where the InsightVM Security Console is hosted, the connection URL will vary. When configuring your Rapid7 Hypersync, you must connect to the InsightVM Security Console using HTTPS. If InsightVM is hosted on your network, the URL must include the specified port. Here are two examples of valid InsightVM Security Console URLs:
Hosted on your network-
https://rapid7.myCompany.com:3780Hosted by Rapid7-
https://myCompany.managed.rapid7.com/home.jsp
To make sure that you are using the correct URL for your instance of the Insight VM Security Console, test the URL as follows:
Log in to the InsightVM Security Console as an administrator.
Using the same internet browser, open a new browser window.
Construct a URL that is a combination of the URL displayed for the InsightVM Security Console with the following path appended to it:
/api/3/assetsNavigate to that URL.
If you see data returned in JSON format, then the InsightVM Security Console URL is correct and can be used with the Rapid7 Hypersync to connect to Rapid7
Allowlist
Certain cloud services offer specialized IP filtering options in their cloud consoles to lock down specific cloud API endpoints for security and compliance. You can use the Hyperproof static IP addresses to allow communication between Hyperproof Hypersyncs and your cloud service.
If your instance is on a private network, add the static IP address for the Hyperproof instance where your organization is hosted to your company's allowlist.
Hyperproof US IP addresses - 20.184.128.53, 52.9.169.38, 52.159.252.1
Note: IP address 52.9.169.38 will be deprecated and replaced with 52.159.252.1 in the future. To prevent connectivity issues, it is recommended that you include all three IP addresses in your allowlists.
Hyperproof EU IP addresses - 9.141.172.46, 4.185.45.100
Hyperproof Gov IP addresses - 4.155.77.155, 4.155.78.5, 4.155.8.97
See Hyperproof instances for more information.
Authentication
Authentication type: Custom
Custom authentication parameters: InsightVM Security Console URL, Username, Password
In Rapid7, set up a service account with a username and password to use with Hyperproof.
Note: If you plan to collect the List of Users proof, the service account must be configured as a Global Administrator.
Permissions
To generate the proof types listed above, add a new custom role to your InsightVM instance and apply the following minimum permissions.
View site asset data
View group asset data
View vulnerability investigations
Configure a new user account in User Management:
Make sure the Require password reset upon login option is not selected.
Assign the new role as an Existing Custom Role.
For Site Permissions, select all Sites whose data you want to include when populating Hypersync proof.
Note: If a site is not selected, data for its assets will not populate in the proof.
Additional documentation
Note: You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need.
Additionally, you can create multiple Hypersyncs for a single control or label.