Rapid7 InsightVM

Details
Content
Dependencies
Version History

Vulnerability management solution to help reduce threat exposure.

Overview

Rapid7 Nexpose provides vulnerability management, assessment, and
response to changes in the environment while prioritizing risk across
vulnerabilities, configurations, and controls.\
Use the Nexpose integration to access sites, assets, vulnerabilities and
their solutions, scans and reports. The integration was developed with
the Nexpose API v3.

Rapid7 Nexpose Playbooks

For scans there are two sub-playbooks available, depending on the command.

To start a site scan, use the Nexpose Scan Site sub-playbook.

To start an assets scan, use the Nexpose Scan Assets sub-playbook.

When using the sort parameter, the fields to sort must be provided as
they are in the API, e.g riskScore. All the available fields for any
type of response can be found in the API Documentation.

Nexpose Scan Assets

Nexpose Scan Site

Vulnerability Handling - Nexpose

Vulnerability Management - Nexpose

Nexpose - Create and download a report - GenericPolling

Overview

Rapid7 Nexpose Playbooks

For scans there are two sub-playbooks available, depending on the command.

To start a site scan, use the Nexpose Scan Site sub-playbook.

To start an assets scan, use the Nexpose Scan Assets sub-playbook.

When using the sort parameter, the fields to sort must be provided as
they are in the API, e.g riskScore. All the available fields for any
type of response can be found in the API Documentation.

Nexpose Scan Assets

Nexpose Scan Site

Vulnerability Handling - Nexpose

Vulnerability Management - Nexpose

Nexpose - Create and download a report - GenericPolling

Automations

Name	Description
NexposeEmailParserForVuln	Parses nexpose report into a clear table that contain risk score and vulnerability count for each server, And creates a new incident for each server.
NexposeEmailParser	Parses nexpose report into a clear table that contain risk score and vulnerability count for each server, And creates a new incident for each server.
NexposeVulnExtractor	Parse a specific server nexpose response in to a table of vulnerabilities.
NexposeCreateIncidentsFromAssets	Deprecated. No available replacement. Create incidents based on the Nexpose asset ID and vulnerability ID. Duplicate incidents are not created for the same asset ID and vulnerability ID.

Integrations

Name	Description
Rapid7 InsightVM	Vulnerability management solution to help reduce threat exposure.

Playbooks

Name	Description
Vulnerability Handling - Nexpose	Manage vulnerability remediation using Nexpose data, and optionally enrich data with 3rd-party tools. Before you run this playbook, run the "Vulnerability Management - Nexpose (Job)" playbook.
Nexpose - Create and Download Report	Use this playbook as a sub-playbook to configure a report and download it. This playbook implements polling by continuously running the `nexpose-get-report-status` command until the operation completes. The remote action should have the following structure: Initiate the operation - insert the type of the report (sites, scan, or assets) and it's additional arguments if required. Poll to check if the operation completed. Get the results of the operation.
Vulnerability Management - Nexpose (Job)	Deprecated. No available replacement. Manage assets vulnerabilities using Nexpose. This playbook runs as a job, and by default creates incidents of type "Vulnerability" based on assets and vulnerabilities. The incidents are created by querying Nexpose for the input assets vulnerability list. You can define the minimum severity (minSeverity) that incidents are created for. Duplicate incidents are not created for the same asset ID and the Nexpose ID. This playbook is a part of a series of playbooks for Nexpose vulnerability management and remediation. For this series of playbooks to run successfully, create a Job and do the following: Assign this playbook to the Job Enter the relevant assets' hostnames in the playbook inputs (comma separated list). Associate the "Vulnerability" type incident to the "Vulnerability Handling - Nexpose" playbook.
Scan Site - Nexpose	Starts a Nexpose scan by site id and waits for the scan to finish by polling its status in pre-defined intervals.
Rapid7 - Nexpose - Enrichment	Given an IP address, this playbook searches Rapid7 Nexpose assets for an asset with the associated IP address to retrieve asset information and proceeds to return all associated tags with it.
Scan Assets - Nexpose	Deprecated. Use the "Scan Site - Nexpose" playbook instead.

Automations

Name	Description
NexposeEmailParser	Parses nexpose report into a clear table that contain risk score and vulnerability count for each server, And creates a new incident for each server.
NexposeCreateIncidentsFromAssets	Deprecated. No available replacement. Create incidents based on the Nexpose asset ID and vulnerability ID. Duplicate incidents are not created for the same asset ID and vulnerability ID.
NexposeCreateAlertsFromAssets	Deprecated. No available replacement. Create alerts based on the Nexpose asset ID and vulnerability ID. Duplicate alerts are not created for the same asset ID and vulnerability ID.
NexposeEmailParserForVuln	Parses nexpose report into a clear table that contain risk score and vulnerability count for each server, And creates a new incident for each server.
NexposeVulnExtractor	Parse a specific server nexpose response in to a table of vulnerabilities.

Integrations

Name	Description
Rapid7 InsightVM	Vulnerability management solution to help reduce threat exposure.

Playbooks

Name	Description
Scan Site - Nexpose	Starts a Nexpose scan by site id and waits for the scan to finish by polling its status in pre-defined intervals.
Nexpose - Create and Download Report	Use this playbook as a sub-playbook to configure a report and download it. This playbook implements polling by continuously running the `nexpose-get-report-status` command until the operation completes. The remote action should have the following structure: Initiate the operation - insert the type of the report (sites, scan, or assets) and it's additional arguments if required. Poll to check if the operation completed. Get the results of the operation.
Rapid7 - Nexpose - Enrichment	Given an IP address, this playbook searches Rapid7 Nexpose assets for an asset with the associated IP address to retrieve asset information and proceeds to return all associated tags with it.
Scan Assets - Nexpose	Deprecated. Use the "Scan Site - Nexpose" playbook instead.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (6)

Pack Name	Pack By
Aggregated Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR

1.4.2 - 9729413 (June 1, 2026)

Integrations

Added support for exposure_management in the integration's supportedModules so the integration can be installed and configured on Cortex Platform tenants with the Exposure Management module enabled.
Updated the Docker image to: demisto/auth-utils:1.0.0.9224111.

Playbooks

Nexpose - Create and Download Report

Documentation and metadata improvements.

Rapid7 - Nexpose - Enrichment

Documentation and metadata improvements.

Scan Assets - Nexpose

Documentation and metadata improvements.

Scan Site - Nexpose

Documentation and metadata improvements.

Scripts

NexposeCreateIncidentsFromAssets

Documentation and metadata improvements.

NexposeEmailParser

Documentation and metadata improvements.

NexposeEmailParserForVuln

Documentation and metadata improvements.

NexposeVulnExtractor

Documentation and metadata improvements.

Related pull requests:
- 44451

Download

1.4.1 - 8382811 (April 20, 2026)

Rapid7 InsightVM

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 43976

Download

1.4.0 - 7756396 (March 18, 2026)

Integrations

Rapid7 InsightVM

Replaced the long-running command with the fetch-assets command for asset and vulnerability collection. The integration now uses the platform's built-in fetch-assets scheduling mechanism.

Added the Assets Fetch Interval parameter to configure the interval between asset fetches (default: 24 hours).

Related pull requests:
- 43336

Download

1.3.4 - 7440817 (March 4, 2026)

Integrations

Rapid7 InsightVM

Fixed an issue where the long-running-integration command would fail with Object of type CIMultiDictProxy is not JSON serializable when sending assets to XSIAM and encountering an HTTP error response.
Updated the Docker image to: demisto/auth-utils:1.0.0.6111183.

Related pull requests:
- 43281

Download

1.3.3 - 6655217 (January 12, 2026)

Integrations

Rapid7 InsightVM

Updated the Rapid7 Nexpose integration to include aggregated softwares column.

Related pull requests:
- 42608

Download

1.3.2 - 6580350 (January 6, 2026)

Rapid7 InsightVM

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 42564

Download

1.3.1 - 6325115 (December 17, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 42312

Download

1.3.0 - 6307293 (December 16, 2025)

Integrations

Rapid7 InsightVM

Updated the Docker image to: demisto/auth-utils:1.0.0.5476008.

Related pull requests:
- 42078

Download

1.2.33 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.2.32 - 5538136 (October 23, 2025)

Rapid7 InsightVM

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41627

Download

1.2.31 - 4049458 (July 3, 2025)

Rapid7 InsightVM

Documentation and metadata improvements.

Related pull requests:
- 40478

Download

1.2.30 - 3802487 (June 15, 2025)

Integrations

Rapid7 InsightVM

Added support for the 'Preference Center' feature for selected commands.
Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40192

Download

1.4.2 - 9729413 (June 1, 2026)

Integrations

Rapid7 InsightVM

Added support for exposure_management in the integration's supportedModules so the integration can be installed and configured on Cortex Platform tenants with the Exposure Management module enabled.
Updated the Docker image to: demisto/auth-utils:1.0.0.9224111.

Playbooks

Nexpose - Create and Download Report

Documentation and metadata improvements.

Rapid7 - Nexpose - Enrichment

Documentation and metadata improvements.

Scan Assets - Nexpose

Documentation and metadata improvements.

Scan Site - Nexpose

Documentation and metadata improvements.

Scripts

NexposeCreateIncidentsFromAssets

Documentation and metadata improvements.

NexposeEmailParser

Documentation and metadata improvements.

NexposeEmailParserForVuln

Documentation and metadata improvements.

NexposeVulnExtractor

Documentation and metadata improvements.

Related pull requests:
- 44451

Download

1.4.1 - 8382811 (April 20, 2026)

Rapid7 InsightVM

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 43976

Download

1.4.0 - 7756396 (March 18, 2026)

Integrations

Rapid7 InsightVM

Replaced the long-running command with the fetch-assets command for asset and vulnerability collection. The integration now uses the platform's built-in fetch-assets scheduling mechanism.

Added the Assets Fetch Interval parameter to configure the interval between asset fetches (default: 24 hours).

Related pull requests:
- 43336

Download

1.3.4 - 7440817 (March 4, 2026)

Integrations

Rapid7 InsightVM

Fixed an issue where the long-running-integration command would fail with Object of type CIMultiDictProxy is not JSON serializable when sending assets to XSIAM and encountering an HTTP error response.
Updated the Docker image to: demisto/auth-utils:1.0.0.6111183.

Related pull requests:
- 43281

Download

1.3.3 - 6655217 (January 12, 2026)

Integrations

Rapid7 InsightVM

Updated the Rapid7 Nexpose integration to include aggregated softwares column.

Related pull requests:
- 42608

Download

1.3.2 - 6580350 (January 6, 2026)

Rapid7 InsightVM

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 42564

Download

1.3.1 - 6325115 (December 17, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 42312

Download

1.3.0 - 6307293 (December 16, 2025)

Integrations

Rapid7 InsightVM

Updated the Docker image to: demisto/auth-utils:1.0.0.5476008.

Related pull requests:
- 42078

Download

1.2.33 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.2.32 - 5538136 (October 23, 2025)

Rapid7 InsightVM

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41627

Download

1.2.31 - 4049458 (July 3, 2025)

Rapid7 InsightVM

Documentation and metadata improvements.

Related pull requests:
- 40478

Download

1.2.30 - 3802487 (June 15, 2025)

Integrations

Rapid7 InsightVM

Added support for the 'Preference Center' feature for selected commands.
Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40192

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	July 24, 2020
Last Release	June 1, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.