1. Introduction
Rapid7 InsightVM combines the power of Nexpose vulnerability research, Metasploit exploit insights, global attacker intelligence, internet-wide scanning, exposure analytics, and real-time reporting — all in one platform.
By integrating InsightVM with Hyver, you can seamlessly bring in assets and their associated findings, helping you connect vulnerability data directly to business impact and remediation priorities.
Note: This integration is installed on-premises.
How the Integration Works
An on-premises connector is installed in your environment to collect data from Rapid7 InsightVM every 24 hours. Hyver then processes this data and presents findings, assets, and other relevant insights directly in the platform.
Key Term:
On-Prem Connector
A lightweight service installed in your environment that allows Hyver to securely access vulnerability data from Rapid7 InsightVM.
2. Prerequisites
Before setting up the integration, make sure you have the following in place:
Rapid7 InsightVM server URL
User credentials (username & password) for Rapid7 InsightVM
Hyver administrator role
A machine available to install the on-prem connector, with access to InsightVM
Docker Engine installed on the connector instance
Outbound internet access from the connector to the Hyver platform (TCP/443 outbound traffic to AWS API Gateway)
The connector user in Rapid7 InsightVM must have permission to:
View Site Asset Data
View Group Asset Data
Integration Workflow
Setting up the Rapid7 InsightVM integration in Hyver involves two main steps:
Configure authentication – enter your Rapid7 InsightVM login details and validate credentials.
Install the on-prem connector – a lightweight service that connects Hyver to InsightVM.
Required IP Addresses
For the integration to work smoothly, you may need to allow traffic from Hyver’s servers in your firewall or network configuration. This ensures that Hyver can securely connect to your environment and perform scans without being blocked.
Depending on your region and the type of scan, add the following IP addresses:
General IPs:
Europe →
18.198.79.197America →
52.1.10.176,35.171.70.87
IPs for Azure and AWS Scans:
Europe →
18.158.77.90America →
34.206.252.13
In most cases, you only need to add the IPs relevant to your region and use case.
Multi-Company Dashboard and Integrations
This section explains how Hyver’s Multi-Company Dashboard works in general, and how integrations behave when used in a Multi-Company setup.
What is the Multi-Company Dashboard?
Hyver’s Multi-Company Dashboard is designed for large enterprises with multiple subsidiaries. It gives you:
A centralized view of cybersecurity risk across the entire organization
Key metrics like exposure, cost of breach, and maturity scores
The ability to switch between subsidiaries and view their individual data
Parent admins and power users can view aggregated and subsidiary-level risk, while detailed findings remain visible only to members of the specific subsidiary
Data that updates in real time
To enable Multi-Company, contact your CYE Technical Account Manager.
How Integrations Work in Multi-Company
Here’s the important part:
Integrations are created only at the subsidiary level
Findings from an integration appear only in that subsidiary’s dashboards and reports
Parent companies cannot create integrations — they can only view the aggregated results
Best Practices for Combining Integrations with Multi-Company
To get the most out of Multi-Company with integrations, we recommend:
Each subsidiary should create its own integration, using credentials that only grant access to data relevant to that subsidiary
In some cases, it’s useful to also have a dedicated “General” company, which holds findings that apply to the entire enterprise and cannot be tied to a single subsidiary
The parent company then combines these insights and metrics from all subsidiaries and the General company — but remember, integrations cannot be connected directly to the parent company.
3. Configuring on the Rapid7 InsightVM Side
Step 1: Create the Integration
In Hyver, go to Settings > Integrations and select the Rapid7 InsightVM tile.
Click Add.
You must be a Hyver administrator.
Enter a name for the integration.
Enter your Rapid7 InsightVM credentials.
Enter the InsightVM server URL.
Click Validate to confirm the details match the expected format:
Then, Before data can be ingested, proceed to install the on-prem connector:
Step 2: Install the On-Prem Connector
The connector is installed on a server in your environment and securely transfers InsightVM data to Hyver every 24 hours.
Installation Requirements
Component | Description |
CPU | 64-bit kernel, 4 CPU / 8 vCPU, virtualization support |
Memory | 4 GB minimum |
OS | 64-bit Ubuntu, Debian, or CentOS |
Networking | TCP/443 outbound traffic to AWS API Gateway |
Permissions | View Site Asset Data, View Group Asset Data |
Install Docker
Choose the installation guide for your OS:
After installation, enable Docker as a system service:
sudo systemctl enable docker
Post-installation steps:
sudo groupadd docker sudo usermod -aG docker $USER
4. Configuring in Hyver
Run the Setup Script
After entering the integration name and Rapid7 login details, and completing the On-Prem Connector installation, continue with steps 2–3 on the integration page: download the configuration file and copy the provided commands into your environment:
Create integration directories:
mkdir -p /home/$USER/hyver/integrations/
Download the onboarding script from Hyver (valid for 1 hour) and move it to the integrations folder:
cp cye-integration-agent.sh /home/$USER/hyver/integrations/
Make the script executable:
sudo chmod +X /home/$USER/hyver/integrations/cye-integration-agent.sh
Run the onboarding script:
./home/$USER/hyver/integrations/cye-integration-agent.sh
Enter credentials and endpoint as prompted.
Validate the Service
Check logs to confirm the connector is running:
cat /home/$USER/hyver/integrations/integration_logs.log
Expected output example:
Using log_level='INFO' log_file='/var/log/integrations.log' [INFO] Verbosity level: Info [INFO] Collection method: All [INFO] Starting data collection...
It may take a few seconds, even after the loading bar reaches 100%.
If everything worked correctly, you’ll see a green “Running” message:
At this point, the integration is complete. Click Save if prompted.
Health and Status
Once configured, Hyver collects data automatically every 24 hours.
If the connection is successful, the integration status appears as Active.
A periodic health check runs in the background; if it fails, the status will change to Inactive.
5. Viewing Results
Integration Outcome in Hyver
Once the integration is complete, Hyver automatically creates a new technology asset with the following details:
Asset type: VM (Vulnerability Management)
Technology name: Rapid7
Engagement: Integration with external tools
This technology asset is automatically mapped to the NIST Cybersecurity Framework (CSF). In Hyver, technologies are treated as assets (such as security tools) that can strengthen the maturity level of specific NIST subcategories — and they are included in the overall maturity calculation.
Findings in Rapid7
With the Rapid7 InsightVM integration, you can easily work with Rapid7 findings inside Hyver:
View all imported findings directly on the Findings page.
Use the Sources filter to quickly search for findings coming from Rapid7:
Filter by assets on the Assets page to see which findings are linked to each asset.
Collected Endpoints
Collected endpoints are the specific data sources Hyver pulls from Rapid7 InsightVM to bring in relevant assets and findings. These endpoints define what information is synchronized into Hyver and made available for analysis.
For the Rapid7 InsightVM integration, Hyver collects data from the following endpoints:
assets – the inventory of all systems and devices tracked in InsightVM.
assets vulnerabilities – the list of vulnerabilities identified on those assets.
scans – details of vulnerability scans performed in InsightVM, including scope and results.
settings – configuration data that provides context about how InsightVM is set up in your environment.
By collecting this data, Hyver can map InsightVM findings to business risk, correlate vulnerabilities with assets, and help prioritize remediation.
6. Types of Fetched Entities
Rapid7 Findings Handled by Hyver
Hyver ingests and processes a wide range of findings from Rapid7 InsightVM, ensuring they can be prioritized and mapped to business risk.
Full list provided here:
Insufficient Global Security Update Policy or Mechanism
Weak Password Policy
Unauthenticated Sensitive Information Disclosure
Active Default Administration Account
Subdomains are Susceptible to Subdomain Takeover
Servers can be Abused for DDoS Amplification Attacks
Weak Cryptographic Algorithms
Weak Authentication Mechanism
Usage of Outdated and Vulnerable Protocols
Sensitive Business Information Disclosure
Direct Database Access Via SQL Injection
Untrusted Server Certificates
Usage of Outdated and Vulnerable Technologies
No Malicious Code Detection Capabilities
Insufficient Access Control Governance and Segregation of Duties
Anonymous Access to Sensitive Interfaces
Reflected Cross-Site Scripting
Local File Inclusion
Source Code Disclosure
XPath Injection
Buffer Overflow
Parameter Pollution
Persistent Cross-Site Scripting
Insecure HTTP Methods are Enabled
Sensitive Files Disclosure
OS Command Injection
Authorization Bypass
Privileged Accounts Governance and Hardening Strategy is Lacking
7. Deleting the Integration
Deleting the integration
Click Delete Integration and confirm the action.
The connection is terminated immediately.
No new data will be ingested, but all previously collected data remains available in Hyver.
Editing the integration
Go to the Rapid7 InsightVM integration in Hyver.
Click Edit Integration, update the details, and click Save.
Wrap-up
In this article, we explored how to integrate Rapid7 InsightVM with Hyver. We reviewed the prerequisites and installation requirements, walked through the setup workflow, and explained how to edit or delete the integration. Finally, we covered how Rapid7 findings are ingested into Hyver and mapped to business risk, enabling smarter prioritization and remediation.