Connect InsightVM, pick the right site, choose a scan template and credentials, and run a deduplicated import into PMAP.
This guide shows how to bring Rapid7 InsightVM into PMAP. You connect an integration of type rapid7_insightvm, confirm it with an inline connection test, and use the site picker to scope work to the right InsightVM site while reading its scan template, credentials, and sub-scanner. You learn how InsightVM maps onto the PMAP model along the way.
It is written for scan operators and vulnerability managers running InsightVM. By the end you can build a credentialed, template-driven remote scan through the wizard pickers without leaving PMAP, run the import pipeline so findings flow through correlation, dedup, and per-severity recount, verify the deduplicated result with the findings delta widget, and set a cron schedule for recurring imports.
Inside this guide
- See how InsightVM sites and scans map onto the PMAP model.
- Connect the rapid7_insightvm integration and confirm it with an inline test.
- Pick the InsightVM site and read its scan template, repository, and credentials.
- Pin the sub-scanner engine when a run needs it.
- Create and launch a credentialed, template-driven remote scan.
- Run the import with dedup and verify the result on the findings delta widget.
- Schedule recurring imports with a cron value.
Before you start
- A PMAP account that can create and edit integrations and import findings into your target company and project.
- InsightVM connection details: the console base URL and an account whose credentials PMAP stores encrypted at rest.
- At least one configured InsightVM site, because the site is the unit the picker and import scope around.
- Your organization’s minimum severity policy, so you can set the import_severity_threshold sensibly.
- A target PMAP company and project to receive the imported findings, since import routing is scope-enforced.
