Automox Plugin for Rapid7 InsightConnect

InsightConnect is the Rapid7 Security Orchestration Automation and Response (SOAR) product.

The Automox plugin for Rapid7 InsightConnect provides the ability for teams to orchestrate daily IT operations tasks such as device A subset of Assets, a general term denoting anything that runs the Automox Agent and is registered with the system. management, triggering remote outcomes on endpoint Endpoint is used interchangably with Device and Servers, to denote a device running the Automox Agent and registered with the system. We refer to endpoints as devices within the Automox product. Device is the preferred terminology. Endpoint is also used to describe functionality exposed via the Automox Public API. devices, and Automox platform administration. Through the use of the plugin, teams can build workflows to orchestrate repeatable tasks and streamline integrations between Vulnerability A flaw, weakness, or error in code, design, or configuration that can be exploited by threat actors to compromise the security, functionality, or data of an application or system. Management and Patch A software security or stability update. Management teams.

Key features of the plugin include:

• Retrieve and manage Automox managed devices
• Manage Automox groups Represents a concrete grouping of devices. Every device must be assigned to a single group. A group contains settings for the following: - refresh interval - OS auto-update
• Initiate Vulnerability Sync Feature for uploading third-party scanner reports and organizing into remediation tasks. uploads and remediation The act of mitigating a vulnerability or a threat, or the neutralization or elimination of a vulnerability or the likelihood of its exploitation. of issues
• Trigger workflows based on Automox platform events

The latest version of the plugin can be found on the Rapid7 Extension library.

Vulnerability Sync Workflow

This pre-built workflow automatically imports the vulnerability detection reports Exportable data (PDF, CSV) for device management analysis. from InsightVM through InsightConnect into Automox. This workflow can be found in the Rapid7 Extension Library:

• Orchestrate Automox Vulnerability Sync with Rapid7 InsightVM

When you use this method, remediation teams do not need to coordinate the export of Rapid7 InsightVM/Nexpose vulnerabilities report from their security teams. In addition, you do not need to manually upload a vulnerability report into Automox.

When the imported report is ready, you can continue with the vulnerability process from the point of observing the mapping process until it is complete and taking actions. Follow the description in our Vulnerability Sync documentation: Syncing the Imported Report.

Slack and Teams Workflow

The InsightConnect plugin also allows you to display the device details from Automox in your ChatOps tools: Slack and Teams. The two workflows and documentation on using them can be found on the Rapid7 Extension library:

• Lookup Automox Host from Slack
• Lookup Automox Host from Teams

For more information about these topics refer to these links:

• Rapid7 Extension Library
• About Automox Vulnerability Sync

Related Topics

• Automox & Rapid7