Rapid7 InsightVM: New CCF Connector Expands Vulnerability Management Data Ingestion Options

What Changed

Rapid7InsightVM solution updated from version 3.1.1 to 3.2.0 with the addition of a new Codeless Connector Framework (CCF) data connector. The solution now provides dual ingestion paths: the existing Azure Function App connector and the new CCF connector for organizations preferring cloud-native data collection architecture.

New Data Connector: CCF Implementation

The new CCF connector (Rapid7InsightVM_CCP/) implements DCR-based ingestion for:

• Custom Tables: Rapid7InsightVMCloudAssets and Rapid7InsightVMCloudVulnerabilities
• API Endpoints: Assets (/asset/search) and Vulnerabilities (/vulnerability/search)
• Authentication: API Key-based with regional endpoint support (us, eu, etc.)
• Ingestion Method: REST API polling via DCE/DCR pipeline instead of Function App

Parser Enhancement: Unified Data Handling

Updated parsers (v2.0.0) now support both data sources via union isfuzzy=true:

• InsightVMAssets: Combines NexposeInsightVMCloud_assets_CL (Function App) with Rapid7InsightVMCloudAssets (CCF)
• InsightVMVulnerabilities: Unifies NexposeInsightVMCloud_vulnerabilities_CL with Rapid7InsightVMCloudVulnerabilities

Field mappings are normalized across both ingestion paths, ensuring consistent detection compatibility regardless of connector choice.

Deployment Impact

Organizations can choose their preferred ingestion method:

• Function App: For environments with existing Function App management processes
• CCF: For simplified deployment without custom code requirements

Both connectors populate the same normalized fields via updated parsers — existing detections and queries remain compatible.

Affected Files

.script/tests/KqlvalidationsTests/CustomTables/Rapid7InsightVMCloudAssets.json
.script/tests/KqlvalidationsTests/CustomTables/Rapid7InsightVMCloudVulnerabilities.json
Solutions/Rapid7InsightVM/Data Connectors/Rapid7InsightVM_CCP/Rapid7InsightVM_ConnectorDefinition.json
Solutions/Rapid7InsightVM/Data Connectors/Rapid7InsightVM_CCP/Rapid7InsightVM_DCR.json
Solutions/Rapid7InsightVM/Data Connectors/Rapid7InsightVM_CCP/Rapid7InsightVM_PollingConfig.json
Solutions/Rapid7InsightVM/Package/testParameters.json
Solutions/Rapid7InsightVM/Parsers/InsightVMAssets.yaml
Solutions/Rapid7InsightVM/Parsers/InsightVMVulnerabilities.yaml
Tools/Create-Azure-Sentinel-Solution/common/standardLogStreams.ps1
(packaging artefacts: 3.2.0.zip, Solution_InsightVMCloudAPI.json, createUiDefinition.json, mainTemplate.json)