Skip to main content
Skip table of contents

Rapid7 InsighAppSec

What is Rapid7 InsightAppSec?

Rapid7 InsightAppSec provides Dynamic Application Security Testing (DAST) solution for applications. InsightAppSec “attacks” different aspects of your applications to identify response behaviors that make your applications vulnerable to attackers. The attacks are run during scans, which you can customize and schedule based on your needs.

Why Should You Use the Rapid7 InsightAppSec Connector?

The Rapid7 InsightAppSec connector provides visibility into devices and applications in your environment. You can use this visibility to:

  • ensure devices and applications are managed per your security policies

  • derive relationships between assets, applications, and data

How Does This Connector Work?

Lucidum executes read-only requests to the Rapid7 InsightAppSec REST API and ingests only meta-data about Rapid7 InsightAppSec applications and devices. Lucidum does not retrieve any data stored on InsightAppSec.

Configuring the Connector in Lucidum




Profile Name

Name for this configuration



The URL for the Rapid7 InsightAppSec API.


API Key for use with the Rapid7 InsightAppSec API. The role associated with the API Key must be InsightAppSec ReadOnly .

For details on generating an API Key, see:


Source Documentation

Creating Credentials

  1. Create a user account. For details, see:

  2. Assign the user account the role InsightAppSec ReadOnly. For details, see:

  3. Login as that user and generate an API Key. For details, see

Required Permissions

Assign the user associated with the API key the following role:

  • InsightAppSec ReadOnly

API Documentation

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.