> ## Documentation Index
> Fetch the complete documentation index at: https://docs.livingsecurity.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Rapid7 InsightVM

> Connect Rapid7 InsightVM to import vulnerability and asset data.

export const ConnectInPlatform = ({tile, children}) => <Step title="Enter the credentials in the Living Security Platform">
    <p>
      Completed by whoever holds Living Security access — the program owner, or the system
      admin if they've been invited (delegated setup).
    </p>
    <ol>
      <li>
        Go to <strong>Settings → Integrations → Catalog</strong>, find the{' '}
        <strong>{tile}</strong> tile, click <strong>Connect</strong>.
      </li>
      <li>
        Fill in the fields below, then click <strong>Connect</strong>.
      </li>
    </ol>
    {children}
  </Step>;

export const SystemAdminBanner = ({system, recommendDelegated}) => <Note>
    <p>
      <strong>This guide is for your {system} administrator.</strong> It covers creating API
      credentials inside {system}, which requires admin access to {system} — not to the
      Living Security Platform.
    </p>
    <p>
      If you're the Living Security <strong>program owner</strong> and don't administer {system},
      send this page to whoever does. They complete Part A and hand the credentials back to you
      (or enter them directly if you've invited them into the platform).
      {recommendDelegated && <>
          {' '}Because setup produces sensitive key material, we recommend the{' '}
          <strong>delegated setup</strong> path so the secret is never sent back to you.
        </>}
    </p>
  </Note>;

<SystemAdminBanner system="Rapid7 Insight Platform" />

## What Living Security needs

| Credential           | Description                                                          |
| -------------------- | -------------------------------------------------------------------- |
| **API key**          | An Insight Platform API key (Organization or User key)               |
| **Region subdomain** | The code identifying your Insight Platform region (e.g., `us`, `eu`) |

**Scopes:** Read access to InsightVM assets and vulnerability data

**Required role:** **Platform Administrator**, or any role with API Key Management access

### Prerequisites

* You must have **Platform Administrator** access or a role with access to API Key Management in the Rapid7 Command Platform.

***

## Part A — In Rapid7 Insight Platform

*Your Rapid7 administrator completes these steps.*

<Steps>
  <Step title="Open API Key Management">
    1. Sign in to the Rapid7 Command Platform at [insight.rapid7.com](https://insight.rapid7.com).
    2. In the left navigation, click **Administration**.
    3. Select **API Key Management**.
  </Step>

  <Step title="Generate an API key">
    Living Security requires either an **Organization key** or a **User key**:

    | Key type             | Who can create it            | Scope                                 |
    | -------------------- | ---------------------------- | ------------------------------------- |
    | **Organization key** | Platform Administrators only | Fixed to the organization             |
    | **User key**         | Any user                     | Inherits permissions of the key owner |

    **To generate an Organization key:**

    1. Click the **Organization Keys** tab.
    2. Click **Generate New Admin Key** → **Organization Admin Key**.
    3. Select the target organization and enter a name (e.g., `Living Security Platform`).
    4. Click **Generate**.

    **To generate a User key:**

    1. Click **Generate New User Key**.
    2. Select the target organization and enter a name.
    3. Click **Generate**.

    <Note>
      For least-privilege access, use a dedicated service account with read-only access to InsightVM data rather than a personal administrator account.
    </Note>
  </Step>

  <Step title="Copy and save your API key">
    After clicking **Generate**, a window displays the new API key.

    **Copy the key immediately** and store it securely.

    <Warning>
      The API key is displayed **only once**. If you close the window without copying it, you must delete the key and generate a new one.
    </Warning>
  </Step>

  <Step title="Identify your region subdomain">
    The region code appears as the first segment of your Insight Platform URL (e.g., `us.app.rapid7.com` → `us`).

    | Code   | Region                    |
    | ------ | ------------------------- |
    | `us`   | United States (us-east-1) |
    | `us2`  | United States (us-east-2) |
    | `us3`  | United States (us-west-2) |
    | `eu`   | Europe                    |
    | `ca`   | Canada                    |
    | `au`   | Australia                 |
    | `ap`   | Japan                     |
    | `aps2` | India                     |
    | `me1`  | Middle East               |

    Enter only the code (e.g., `us`) — not the full URL.
  </Step>
</Steps>

***

## Part B — In the Living Security Platform

*The program owner completes this step, or the system admin if using delegated setup.*

<Steps>
  <ConnectInPlatform tile="Rapid7 InsightVM">
    | Field                | Value                                     |
    | -------------------- | ----------------------------------------- |
    | **API key**          | The key from Part A, Step 3               |
    | **Region subdomain** | The code from Part A, Step 4 (e.g., `us`) |

    <img src="https://mintcdn.com/livingsecurity/oVkrOMkYmNevekTI/integrations/images/rapid7-insightvm/connect-dialog.png?fit=max&auto=format&n=oVkrOMkYmNevekTI&q=85&s=0d007633a2508e996155c95d0d2b6e3a" alt="Living Security connect dialog for Rapid7 InsightVM" style={{maxWidth: "450px"}} width="576" height="372" data-path="integrations/images/rapid7-insightvm/connect-dialog.png" />
  </ConnectInPlatform>
</Steps>

You are now connected to Rapid7 InsightVM.

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="401 Unauthorized">
    The API key is invalid or has been deleted. Generate a new key from **Administration → API Key Management**.
  </Accordion>

  <Accordion title="403 Forbidden">
    The API key lacks permissions to access InsightVM data. If using a User key, verify the key owner has read access to InsightVM assets and vulnerabilities.
  </Accordion>

  <Accordion title="Wrong region subdomain">
    Using the wrong region causes all syncs to fail. Verify:

    1. The code matches your Rapid7 data residency region
    2. You entered only the code (e.g., `us`), not the full URL
    3. Check your browser URL when signed in to identify the correct region
  </Accordion>

  <Accordion title="No data returned">
    If syncs succeed but return no assets or vulnerabilities:

    1. Verify the key has access to the correct organization
    2. Confirm InsightVM data exists in your Rapid7 account
    3. Check that the key owner has the required InsightVM permissions
  </Accordion>
</AccordionGroup>
