Skip to main content

What Living Security needs

Scopes: Read access to InsightVM assets and vulnerability data Required role: Platform Administrator, or any role with API Key Management access

Prerequisites

  • You must have Platform Administrator access or a role with access to API Key Management in the Rapid7 Command Platform.

Part A — In Rapid7 Insight Platform

Your Rapid7 administrator completes these steps.
1

Open API Key Management

  1. Sign in to the Rapid7 Command Platform at insight.rapid7.com.
  2. In the left navigation, click Administration.
  3. Select API Key Management.
2

Generate an API key

Living Security requires either an Organization key or a User key:To generate an Organization key:
  1. Click the Organization Keys tab.
  2. Click Generate New Admin KeyOrganization Admin Key.
  3. Select the target organization and enter a name (e.g., Living Security Platform).
  4. Click Generate.
To generate a User key:
  1. Click Generate New User Key.
  2. Select the target organization and enter a name.
  3. Click Generate.
For least-privilege access, use a dedicated service account with read-only access to InsightVM data rather than a personal administrator account.
3

Copy and save your API key

After clicking Generate, a window displays the new API key.Copy the key immediately and store it securely.
The API key is displayed only once. If you close the window without copying it, you must delete the key and generate a new one.
4

Identify your region subdomain

The region code appears as the first segment of your Insight Platform URL (e.g., us.app.rapid7.comus).Enter only the code (e.g., us) — not the full URL.

Part B — In the Living Security Platform

The program owner completes this step, or the system admin if using delegated setup.
1
You are now connected to Rapid7 InsightVM.

Troubleshooting

The API key is invalid or has been deleted. Generate a new key from Administration → API Key Management.
The API key lacks permissions to access InsightVM data. If using a User key, verify the key owner has read access to InsightVM assets and vulnerabilities.
Using the wrong region causes all syncs to fail. Verify:
  1. The code matches your Rapid7 data residency region
  2. You entered only the code (e.g., us), not the full URL
  3. Check your browser URL when signed in to identify the correct region
If syncs succeed but return no assets or vulnerabilities:
  1. Verify the key has access to the correct organization
  2. Confirm InsightVM data exists in your Rapid7 account
  3. Check that the key owner has the required InsightVM permissions