Rapid7 InsightVM integration
Centraleyezer integrates with the Rapid7 InsightVM Security Console over API v3. You select a site; on every run the platform walks the site’s assets, pulls each asset’s vulnerabilities with full detail and remediation steps, and imports them. Legacy Nexpose CSV exports are supported as a file upload.
Scan types imported
- Network & host vulnerability assessment
- Per-asset vulnerability detail with proof/evidence
File import
Upload a Nexpose/InsightVM CSV export using the Nexpose template.
What Centraleyezer expects in the file
- Columns: Asset IP Address, Service Port, Vulnerability CVE IDs, Vulnerability Title, Vulnerability Description, Vulnerability Solution, Vulnerability Severity Level, Service Protocol, Vulnerability CVSSv3 Score.
- The numeric severity level (1–6) drives risk scoring; assets are matched by IP.
API connection
Point the source at your Security Console, authenticate with a console account, click Test to list sites, and choose the site to import (the Remote Identifier).
Configuration
Where to get the credentials
Use a Security Console account (Administration → Users) with permission to view the target site. No separate API key is needed — the v3 API authenticates with the console username/password.
What gets imported on every run
- All assets of the selected site and each asset’s vulnerability instances (port, protocol, proof).
- Vulnerability detail per finding: title, description, severity (Moderate/Severe/Critical), CVSSv2 vector and score, CVE.
- Remediation: the InsightVM solution steps are assembled into the finding’s recommendation.
- Assets already present in the project are matched by IP and linked automatically.
How imported findings are risk-scored
Every Rapid7 InsightVM finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.