# Rapid7 InsightVM MCP

> Rapid7 InsightVM MCP connects your AI client directly to a major vulnerability assessment platform. It lets you query detailed asset inventories, check for specific vulnerabilities (like CVEs), track historical scan results, and even force immediate scans on network sites—all from one chat window or IDE. You get real-time security intelligence without having to jump between multiple dashboards.

## Overview
- **Category:** fort-knox
- **Price:** Free
- **Tags:** cybersecurity, threat-remediation, risk-management, network-scanning, asset-inventory, security-audit

## Description

This MCP makes your AI client a full cybersecurity assistant that operates directly within the Rapid7 InsightVM platform. Instead of logging into separate consoles, you ask questions about your network assets and get answers instantly. For instance, you can ask what vulnerabilities are active on a specific machine or check if a patch deployment worked by triggering an immediate scan. The tool's first function allows you to retrieve complete inventory lists, telling you everything about every piece of hardware and software running in your environment. You can also review detailed vulnerability reports, seeing which CVE numbers apply and how to fix them. If you need to manage sites, you can view all configured network locations or initiate a fresh assessment on a subnet after making changes. Since Vinkius hosts this MCP, your agent gets access to this entire suite of security tools through one single connection point.

## Tools

### get_asset
Retrieves specific, detailed information for a single asset you identify.

### get_asset_vulnerabilities
Lists every vulnerability found on one particular machine or host.

### get_scan
Retrieves the execution status and results for a specific assessment scan run.

### get_site
Retrieves all details about one designated network site.

### get_vulnerability
Gets detailed information for a specific vulnerability ID number.

### list_assets
Shows you an inventory list of all computing assets that have been discovered and tracked.

### list_scans
Lists assessment scans in chronological order so you can see their history.

### list_sites
Shows all the network sites that are configured for scanning.

### list_vulnerabilities
Provides a list of global vulnerability definitions used by the system.

### trigger_scan
Forces an immediate, new vulnerability scan to run for any specified site.

## Prompt Examples

**Prompt:** 
```
Fetch the list of network sites currently managed by Rapid7.
```

**Response:** 
```
Using the `list_sites` command, I found 3 network targets: 'London Head Office' (ID: 10), 'Cloud AWS Infrastructure' (ID: 12), and 'Guest WiFi Segment' (ID: 15).
```

**Prompt:** 
```
What vulnerabilities are discovered on asset 1052?
```

**Response:** 
```
I queried `get_asset_vulnerabilities` for asset 1052. The host has 5 active vulnerabilities, primarily unpatched OpenSSL packages triggering high-severity CVE-2023-XXXX listings.
```

**Prompt:** 
```
Force a new scan on Site ID 15 immediately.
```

**Response:** 
```
I submitted the `trigger_scan` command for Site ID 15. The InsightVM engine has confirmed the execution, and the scan is now running in the background. You can check its progress shortly using queries.
```

## Capabilities

### Inventory Network Assets
You can retrieve full details for every tracked computing asset, including its operating system and hardware type.

### Check Asset Vulnerabilities
The MCP lists all known vulnerabilities found on a single machine, providing associated advisories and fixes.

### Review Scan History
You can view assessment scans chronologically to track their execution status and results without switching windows.

### Manage Network Sites
It lets you explore configured network sites, checking their scope and overall risk level.

### Force New Scans
You can trigger an immediate re-evaluation scan on a specific site to validate security fixes.

## Use Cases

### Post-Patch Verification
A DevOps engineer applies a critical OS update across three subnets. Instead of waiting for the next scheduled scan, they ask their agent to run `trigger_scan` on those specific sites immediately. The agent confirms the new assessment is running and reports back when it's ready.

### Incident Response Triage
The SOC analyst spots a suspicious IP address in an alert. They use `get_asset` to quickly pull up all asset data for that IP, confirming its hardware type and OS fingerprint without leaving the incident response dashboard.

### Quarterly Audit Prep
A network engineer needs a full list of all sites and their current risk profiles. They ask the agent to run `list_sites` and then use `get_site` on each one, compiling all necessary data for auditors in minutes.

### Understanding Vulnerability Scope
A team lead wants to know if a specific vulnerability (CVE-2023-XXXX) affects any assets. They use `list_vulnerabilities` first, then query the results against all known assets using `get_asset_vulnerabilities`.

## Benefits

- Stop switching between tabs to check security status. Using the `list_assets` command, your agent builds a complete picture of every machine you own in one go.
- Need to know what's wrong with a specific host? Use `get_asset_vulnerabilities`. This instantly shows all associated CVE numbers and tells you exactly how to patch them up.
- Don't trust old reports. If you patched something, use the `trigger_scan` command. It forces InsightVM to re-evaluate that site right now, giving you proof of resolution.
- Tracking security changes is easier than ever. You can use `list_scans` and `get_scan` to see a clear timeline of every assessment run against your environment.
- When setting up new subnets, the MCP lets you explore configured network sites using `list_sites` and check their full scope coverage before it's too late.

## How It Works

The bottom line is that you get deep security visibility without leaving the application you’re already working in.

1. First, you authorize this MCP within your preferred environment. You'll need to provide the URL and port for your Rapid7 Security Console, plus dedicated credentials configured for Basic Authentication.
2. Next, you chat with your AI agent and ask a question about your domain servers or network status. Your agent sends an API call through this connection.
3. Finally, the MCP processes the request using InsightVM's data and returns a concise, actionable report directly to you in your workspace.

## Frequently Asked Questions

**How does Rapid7 InsightVM MCP get asset data?**
This MCP connects directly to your running Rapid7 InsightVM instance. It retrieves inventory data by using the `list_assets` tool, giving you real-time visibility into tracked computing resources.

**Can I use Rapid7 InsightVM MCP to patch vulnerabilities?**
No, this MCP doesn't apply patches. It helps you identify them. You use `get_asset_vulnerabilities` to see the CVE details and remediation guidelines so your team knows what needs fixing.

**Is Rapid7 InsightVM MCP better than just looking at reports?**
Yes, because you aren't reading a static report. You ask specific questions about assets or sites, and the agent uses tools like `get_site` to retrieve only the exact information you need.

**What if I change my network after using Rapid7 InsightVM MCP?**
You can force a fresh check by using the `trigger_scan` tool. This command initiates an immediate scan on that site, validating your changes against current threat data.

**Does Rapid7 InsightVM MCP show me old scans?**
It does. Use the `list_scans` and `get_scan` tools to review assessment history and track the status of previous security runs for compliance purposes.