Rapid7 InsightVM MCP. Query asset risk and launch scans from chat.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Rapid7 InsightVM connects your AI agent directly to the platform's security data. It lets you query asset inventories, check specific vulnerabilities against CVE numbers, and initiate live network scans without leaving your chat window.
You can use tools like `list_assets` or force a scan with `trigger_scan`, giving analysts instant visibility into which systems are exposed and what needs patching.
What your AI agents can do
Get asset
Gets detailed hardware and OS info for a single asset ID.
Get asset vulnerabilities
Lists all active CVE vulnerabilities found on one specific asset.
Get scan
Checks the execution status and final results of a past scan run.
Provides a list of every asset the network platform is currently tracking.
Retrieves specific CVE numbers and advisory details for one targeted asset ID.
Fetches the defined scope, health status, and boundaries of a configured network site.
Forces the platform to perform a new vulnerability assessment on a specified site ID.
Retrieves basic hardware and operating system information for one unique asset identifier.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
Rapid7 InsightVM MCP Server: 10 Tools for Security Auditing
Analyze asset details, review scan results, and query global vulnerability definitions using these ten specialized tools.
019d75fcget asset
Gets detailed hardware and OS info for a single asset ID.
019d75fcget asset vulnerabilities
Lists all active CVE vulnerabilities found on one specific asset.
019d75fcget scan
Checks the execution status and final results of a past scan run.
019d75fcget site
Retrieves detailed scope and health risk data for one network site ID.
019d75fcget vulnerability
Shows specific details about a single vulnerability definition ID.
019d75fclist assets
Lists every computing asset currently inventoried in the platform.
019d75fclist scans
Provides a chronological list of all assessment scans run.
019d75fclist sites
Lists all configured network sites that can be targeted for scanning.
019d75fclist vulnerabilities
Shows definitions and global details for vulnerability types.
019d75fctrigger scan
Forces an immediate, unscheduled vulnerability scan on a specified network site.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Rapid7 InsightVM, then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
Rapid7 InsightVM connects your AI agent right to the platform's core security data. You can treat your chat client like a full-featured console, interrogating asset health and vulnerability risks using natural language commands.
Asset Discovery and Detail
To get a complete list of every computing asset the network tracks, you use list_assets. This tool pulls an inventory of all tracked systems. If you narrow down your focus to one specific machine ID, get_asset retrieves detailed hardware specs and operating system information for that single asset.
Vulnerability Analysis
For checking vulnerabilities on a specific piece of gear, run get_asset_vulnerabilities. This shows all active CVE numbers found against that targeted asset. To understand the definition behind a risk, you can use get_vulnerability with a vulnerability definition ID; this pulls detailed information about that single vulnerability type. If you need to see global details or definitions for various vulnerability types without targeting a specific machine, list_vulnerabilities shows you those general records.
Site and Scan Management
To scope out your network's risk profile, first use list_sites to pull a list of all configured network sites. If you need the full scope, health status, or boundary details for one particular site, run get_site. To force an immediate vulnerability scan on a target location without scheduling it, trigger_scan initiates that assessment using a specified site ID.
Scan Tracking and History
To keep tabs on your security posture, you can get a chronological list of every single assessment run by calling list_scans. If you need to check the status or final results of one specific, past scan, get_scan handles that for you. You'll always know what happened and when it was done.
How Rapid7 InsightVM MCP Works
- 1 Authorize the server module in your environment, supplying the Rapid7 Security Console URL and credentials.
- 2 Ask your AI agent a question (e.g., 'What are the vulnerabilities on asset 1052?'). The agent translates this into a tool call like
get_asset_vulnerabilities. - 3 The tool runs against the InsightVM API, fetches the data, and returns it to your chat client for plain-language interpretation.
The bottom line is that you talk to your agent, and the agent talks directly to Rapid7's security database on your behalf.
Who Is Rapid7 InsightVM MCP For?
This is for security analysts and infrastructure teams who spend too much time switching between consoles. It's perfect for the SOC analyst at 2 AM who needs to check a vulnerability or patch status without leaving their incident response platform. If you regularly audit assets or plan network upgrades, this saves hours of manual clicking.
Quickly fetches CVE details and remediation instructions for identified security flaws directly within the chat interface.
Orders a vulnerability assessment on a subnet after deploying OS patches to confirm that the threat is actually contained and patched up.
Evaluates site configurations before provisioning new subnets, ensuring full scanning scope coverage and adherence to policy.
What Changes When You Connect
- Deep Dive Vulnerability Checks: Stop reading summaries. Use
get_asset_vulnerabilitiesto instantly read specific CVE numbers, full advisories, and remediation guidelines for any machine. - Hands-Free Scan Management: You don't need to jump between tabs. Use
list_scansto see the history of assessment runs andget_scanto check its current status—all from your chat window. - Immediate Patch Validation: Applying a patch? Don't wait for the next scheduled scan. Call
trigger_scanon the target site, then useget_siteafterward to confirm the resolution is visible and effective. - Full Inventory Visibility: Need to know what hardware you have out there? Use
list_assetsto get a comprehensive list of every tracked asset ID, including OS fingerprints and hardware specs. - Centralized Site Mapping: Don't forget which subnets are covered. Use
list_sitesto map all configured network locations, ensuring no segment is overlooked during planning.
Real-World Use Cases
The Post-Patch Verification
A sysadmin just finished updating the OS on a critical subnet. Instead of waiting 24 hours, they immediately call trigger_scan for that site ID. They then use get_site to confirm the scan is running and monitor its progress until the results prove the patches closed the gaps.
On-Demand Threat Hunting
A SOC analyst gets an alert about a specific CVE (e.g., Log4Shell). They use list_vulnerabilities to confirm the definition, then use get_asset_vulnerabilities against their entire asset list (list_assets) to see exactly which machines are exposed right now.
New Subnet Provisioning
A network engineer is setting up a new office segment. They first use list_sites to confirm the site list, then manually call get_site on the new ID before connecting anything. This confirms the scanning scope is correctly defined and active.
Pre-Audit Asset Check
A compliance officer needs a quick asset count for an audit. They run list_assets to get the full inventory, then use get_asset on a sample set of IDs to verify that key hardware details (like OS version) are accurately logged before submitting reports.
The Tradeoffs
Using asset data for general networking
Assuming list_assets gives you the current IP address schema or network topology diagram. It only provides inventory IDs and OS fingerprints.
→
Use list_sites to get a list of network sites. Then use get_site to validate the defined scanning scope, which is where network boundary information lives.
Relying on old scan results
Thinking that running list_scans and looking at an old date means the vulnerability data is still current. Vulnerabilities change fast.
→
Always run a fresh assessment. Use trigger_scan to force an immediate re-evaluation, then check the status with get_scan.
Confusing asset and site IDs
Trying to run get_asset_vulnerabilities using a network site ID instead of a specific computing asset ID.
→
Remember the difference: list_sites gives you the location (site); list_assets gives you the individual machine (asset). Vulnerability checks must target the machine.
When It Fits, When It Doesn't
Use this server if your goal is deep, technical visibility into network security posture. You need to know what vulnerabilities exist (get_asset_vulnerabilities), where they are located (list_sites / get_site), and the ability to prove remediation happened instantly (trigger_scan).
Don't use this if you just want a high-level summary of 'risk.' The tool gives raw data, not executive summaries. If your primary need is simply summarizing risk for a board meeting, pull the compiled report from the console and feed it to your agent—don't try to run get_vulnerability on every single item. You are using this for operational diagnostics, not reporting.
If you only need a basic list of all connected devices without any vulnerability detail, just use list_assets. But if you want the full story, stick with the combination: list_sites -> get_site -> trigger_scan.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Rapid7 InsightVM. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 10 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Tracking network scope shouldn't involve logging into three separate dashboards.
Today, checking a site's coverage means jumping from the main dashboard to Site Management, then clicking on the specific subnet ID, and finally running a separate report generation tool. You end up with four different screens, three copies of your credentials, and half an hour just gathering context.
With this MCP server, you ask your agent: 'What's the scope for our London site?' It runs `get_site`, pulls all the configuration details—scope boundaries, assigned roles, risk level—and presents it back to you in a single, clean response. Period.
Rapid7 InsightVM MCP Server: Check asset status and launch scans via chat.
The ability to force a scan used to require manually entering the site ID, selecting 'Scan,' choosing 'Immediate,' confirming credentials, and hitting submit. It was tedious, error-prone work that slowed down remediation cycles.
Now, you just tell your agent: 'Run an immediate vulnerability assessment on Site 15.' The agent handles the `trigger_scan` command entirely, gives you confirmation that it's running in the background, and lets you track its progress without lifting a finger.
Common Questions About Rapid7 InsightVM MCP
How do I list all assets using the get_asset tool? +
You don't use get_asset to list everything. To see every asset, you must call list_assets. Then, if you need details on a specific machine from that list, you pass its ID back into get_asset.
What is the best way to check for new vulnerabilities? +
The most reliable method is running an immediate scan. Use trigger_scan on your target site. Once that's done, you can use get_asset_vulnerabilities against specific machines to see what was found.
Can I check the status of a previous scan using get_scan? +
Yes. If you have an ID from a past assessment, run get_scan. This returns the execution status and whether the results are finalized, so you know if you can trust the data.
How do I see all possible network sites? +
Use the list_sites tool. This command pulls a list of every configured site ID that Rapid7 tracks, letting you know exactly where your scope is defined.
How do I get full advisory details for a specific CVE using get_vulnerability? +
The tool retrieves comprehensive data on a specific vulnerability ID. This includes detailed advisories, impact assessments, and required remediation guidelines associated with that exact flaw.
When should I use the trigger_scan command? +
Use trigger_scan immediately after applying a patch or making network changes. It forces a new assessment on a site to validate whether your fix successfully mitigated the security threat.
What information can I get about past assessments using list_scans? +
The list_scans tool provides a chronological list of all executed assessments. You can track the execution status, start/end times, and overall results for historical review.
Does get_asset provide operating system and hardware fingerprints? +
Yes, get_asset retrieves detailed inventory information for a given asset. This data includes its assigned computing assets' operating system fingerprint and underlying hardware specifications.
How do I configure my credentials for Rapid7? +
The integration uses Basic Authentication interacting with the Rapid7 Console API. You must configure the RAPID7_HOST (IP or FQDN), RAPID7_PORT (usually 3780), along with a dedicated RAPID7_USER and RAPID7_PASSWORD. We strongly recommend generating a specific service account in your console with restricted scan permissions.
Is the scanning triggered individually per asset? +
By default, the trigger_scan mechanism relies on referencing a defined site_id, scanning the preconfigured scope attached to it rather than blindly scanning one unassociated IP.
Does it report CVSS scores? +
Yes, depending on the response data provided by your installed version of the InsightVM console. Using get_vulnerability or checking asset lists brings standard threat metadata and corresponding CVSS vectors directly into your AI interface context.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
CrowdSec
Automate threat intelligence via CrowdSec — query local decisions, stream security updates, and check global IP reputation directly from any AI agent.
Jamf Pro
Manage Apple devices, computers, and inventory via Jamf Pro API.
Elastic Security
Manage SIEM and SOC operations via Elastic Security — monitor detection rules, search security alerts (Signals), handle whitelisting, and audit threat coverage directly from any AI agent.
You might also like
Umbraco
Automate content workflows via Umbraco — retrieve delivery content, execute backoffice CRUD, and browse media assets directly from your AI agent.
Auth0
Manage IAM operations—users, clients, connections, and logs in your Auth0 tenant directly via your AI agent.
Odoo eCommerce
List shop products, manage eCommerce orders, browse categories and customers — Odoo Website & eCommerce through natural conversation.