All integrations
Network

Rapid7 InsightVM integration

Centraleyezer integrates with the Rapid7 InsightVM Security Console over API v3. You select a site; on every run the platform walks the site’s assets, pulls each asset’s vulnerabilities with full detail and remediation steps, and imports them. Legacy Nexpose CSV exports are supported as a file upload.

Scan types imported

  • Network & host vulnerability assessment
  • Per-asset vulnerability detail with proof/evidence

File import

CSV (Nexpose export)

Upload a Nexpose/InsightVM CSV export using the Nexpose template.

What Centraleyezer expects in the file

  • Columns: Asset IP Address, Service Port, Vulnerability CVE IDs, Vulnerability Title, Vulnerability Description, Vulnerability Solution, Vulnerability Severity Level, Service Protocol, Vulnerability CVSSv3 Score.
  • The numeric severity level (1–6) drives risk scoring; assets are matched by IP.

API connection

Point the source at your Security Console, authenticate with a console account, click Test to list sites, and choose the site to import (the Remote Identifier).

Configuration

Hostname
InsightVM / Nexpose Security Console host (API v3 lives at /api/3 on the console).
Username / Password
A Security Console user with API access to the site (HTTP Basic authentication).
Remote Identifier
The Rapid7 site ID to import — required; populated by the Test button.
Proxy (optional)
HTTP proxy host:port plus optional proxy credentials.

Where to get the credentials

Use a Security Console account (Administration → Users) with permission to view the target site. No separate API key is needed — the v3 API authenticates with the console username/password.

What gets imported on every run

  • All assets of the selected site and each asset’s vulnerability instances (port, protocol, proof).
  • Vulnerability detail per finding: title, description, severity (Moderate/Severe/Critical), CVSSv2 vector and score, CVE.
  • Remediation: the InsightVM solution steps are assembled into the finding’s recommendation.
  • Assets already present in the project are matched by IP and linked automatically.

How imported findings are risk-scored

Every Rapid7 InsightVM finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.

See the Rapid7 InsightVM integration live

Book a demo and we’ll connect your Rapid7 InsightVM data and walk through risk-based prioritisation on your own findings.

Rapid7 InsightVM Integration — Setup & Imported Scan Types