How do I configure my credentials for Rapid7?

The integration uses Basic Authentication interacting with the Rapid7 Console API. You must configure the `RAPID7_HOST` (IP or FQDN), `RAPID7_PORT` (usually 3780), along with a dedicated `RAPID7_USER` and `RAPID7_PASSWORD`. We strongly recommend generating a specific service account in your console with restricted scan permissions.

Is the scanning triggered individually per asset?

By default, the `trigger_scan` mechanism relies on referencing a defined `site_id`, scanning the preconfigured scope attached to it rather than blindly scanning one unassociated IP.

Does it report CVSS scores?

Yes, depending on the response data provided by your installed version of the InsightVM console. Using `get_vulnerability` or checking asset lists brings standard threat metadata and corresponding CVSS vectors directly into your AI interface context.

Rapid7 InsightVM MCP Server

Name: Rapid7 InsightVM
Availability: InStock
Author: Vinkius

rapid7.com/products/insightvm

Built by Vinkius GDPR ToolsFree

Equip your AI to interact directly with Rapid7 InsightVM, extracting vulnerability assessments, scanning network assets, and launching immediate scans.

Vinkius AI Gateway supports streamable HTTP and SSE.

Works with every AI agent you already use

…and any MCP-compatible client

Rapid7 InsightVM MCP Server: see your AI Agent in action

AI Agent→Vinkius→Rapid7 InsightVM

You

Vinkius AI Gateway

GDPR·High Security·Kill Switch·Ultra-Low Latency·Plug and Play

Built-in capabilities (10)

get_asset

Retrieves detailed information for a specific asset

get_asset_vulnerabilities

Lists all vulnerabilities found on a specific asset

get_scan

Retrieves execution status and results for a specific scan

get_site

Retrieves details for a specific network site

get_vulnerability

Retrieves details for a specific vulnerability ID

list_assets

Lists all discovered computing assets

list_scans

Lists chronological assessment scans

list_sites

Lists all configured network scan sites

list_vulnerabilities

Lists global vulnerability definitions

trigger_scan

Forces an immediate vulnerability scan for a site

What this connector unlocks

Connect your Rapid7 InsightVM (formerly Nexpose) platform directly to your AI agent. By granting this access, your AI becomes a highly interactive cybersecurity assistant, allowing engineers and security analysts to query vulnerabilities, review asset health, and start scans right from their workspace or IDE.

What you can do

Asset Querying — Retrieve comprehensive inventory lists to discover all tracked computing assets and read their operating system fingerprints and hardware information.
Vulnerability Checks — Scan specific assets to instantly read CVE numbers mapped against them, alongside full vulnerability advisories and remediation guidelines.
Scan Operations — Read chronologically maintained assessment scans and track their execution status without jumping between consoles.
Site Management — Explore configured network sites, observing their designated scanning scopes and reviewing overall health risks.
Trigger Scanning — Force an immediate re-evaluation scan on a specified site after applying a patch, validating your resolution securely.

How it works

1. Authorize the server module inside your environment.
2. Add the URL and port of your Rapid7 Security Console alongside a dedicated set of credentials (username and password) configured as Basic Authentication.
3. Chat with your AI to start asking about the latest threats affecting your domain servers.

Who is this for?

Cybersecurity Analysts (SOC) — Analyze identified security flaws and fetch CVE details and remediation instructions without leaving their incident response platform.
DevOps & SysAdmins — Quickly order a vulnerability assessment on a subnet after applying OS updates to check if the threat is successfully patched.
Network Engineers — Evaluate site configurations directly when provisioning new subnets to ensure full scanning scope coverage.

Frequently asked questions

Give your AI agents the power of Rapid7 InsightVM

Access Rapid7 InsightVM and 2,000+ MCP servers — ready for your agents to use, right now. No glue code. No custom integrations. Just plug Vinkius AI Gateway and let your agents work.

DETAILS

CategoryFort Knox

Semgrep

10 tools

Equip your AI agent with read/write access to Semgrep's SAST platform to audit code security findings, update triage statuses, and enforce custom semantic rules.