Technology Partners

FireSIGHT & InsightVM

FireSIGHT & InsightVM Integration Brief

Stop Real-Time Threats

With Cisco FireSIGHT and Rapid7 InsightVM or Nexpose

Integration Benefits

  • Stop threats in real-time with IPS rules that are enabled with a high impact flag
  • Gain deeper insight by utilizing InsightVM or Nexpose active scanning technology to reach assets that may not be visible to Cisco FireSIGHT
  • Receive greater contextual information about each asset in FireSIGHT Management Center such as vulnerabilities, OS, applications, services, etc.
  • Reduce false positives by importing InsightVM data and correlating attacks with vulnerabilities to raise the impact flag
  • Automate vulnerability data import on a scheduled basis to correspond with latest scans

Threats are evolving at a faster pace every day, but making sure that you’re constantly aware of your organization’s vulnerabilities can be a daunting challenge. Active vulnerability scanning needs to be supplemented with intelligent, preventative security measures to give a comprehensive picture of your security posture and your organization’s exposure to real world attacks. Leveraging Rapid7’s InsightVM or Nexpose solutions within Cisco’s FireSIGHT Management Center gives you the confidence to stop attacks with the most accurate security data available.

How It Works

An InsightVM* scan is conducted to assess the risk posture of the systems within your organization. The InsightVM connector generates a CSV file containing all the vulnerability and asset data, which then gets pushed to Cisco FireSIGHT Management Center. Once in FireSIGHT Management Center, the data gets combined with the vulnerability and asset information that already exists in the Host Map. From there, if malicious network traffic is detected that matches a known vulnerability on the host, the Impact flag gets raised accordingly; this signals with confidence that the attack will be successful, and can be stopped by enabling the IPS rule.

Cisco FireSIGHT and InsightVM Integration

Overview of Integration Process

  • Step 1: Rapid7 InsightVM performs a security assessment.
  • Step 2: An XML report is generated with the latest vulnerability findings.
  • Step 3: InsightVM connector connects to Cisco FireSIGHT Management Center and pushes a CSV file with latest vulnerabilities and asset details.
  • Step 4: FireSIGHT Management Center adds the corresponding vulnerabilities to its Host Map database and pushes it out to each sensor.
  • Step 5: Rules can be enabled to stop the corresponding attack.

What You Need

  • Rapid7 InsightVM or Nexpose
  • Cisco FireSIGHT Management Center 5.x

Figure 1: Cisco FireSIGHT Management Center with Rapid7 vunerability data

Cisco FireSIGHT InsightVM integration vulnerability data

*All mentions of Rapid7 InsightVM associated with Cisco FireSIGHT also apply to Rapid7 Nexpose.

Integration Overview

Download this Integration Overview

Download Now

Free 30-Day Trial

Take this integration for a spin and experience the full functionality of InsightVM for 30 days

Explore InsightVM

Need help with an integration?

Please contact Rapid7 for support or assistance at +1.866.380.8113, or view all of our support options.

Get Support

Free InsightVM Trial

Try InsightVM

Try InsightVM

No credit card required. All fields are mandatory.

    Sorry your request cannot be completed at this time. Please reach out to sales at +1-866-7RAPID7 or at
    Switch to Virtual Appliance Download