macOS - Software Lifecycle - Install Rapid7 Insight Agent

What the Rapid7 Insight Agent installer does

This Automox Worklet™ downloads and installs the Rapid7 Insight Agent on macOS endpoints. The Worklet first detects the endpoint's architecture (Intel x86_64 or Apple Silicon ARM64), then downloads the appropriate agent installer from Rapid7's servers.

The installation uses your Rapid7 User Token to register the endpoint with your Rapid7 account automatically. Once installed, the agent runs as a launchd service and begins scanning for vulnerabilities, misconfigurations, and security risks on your endpoints.

The Worklet includes built-in safety checks to prevent duplicate installations and handles cases where the agent exists but the service is not active.

Why deploy Rapid7 Insight Agent through Automox

Manual software deployment creates inconsistencies and delays across endpoints. Deploying Rapid7 Insight Agent at scale solves the vulnerability visibility problem across your macOS infrastructure. Without endpoint-level vulnerability scanning, security teams cannot detect compromised or unpatched systems until an incident occurs.

Using Automox to deploy the Rapid7 agent eliminates manual installation steps on hundreds or thousands of endpoints. The Worklet provides consistent deployment, standardized configuration, and immediate enrollment in your Rapid7 instance.

You gain continuous vulnerability intelligence, threat detection, and compliance visibility across your macOS fleet without requiring user intervention on each endpoint.

How Rapid7 agent installation works

1. Evaluation phase: The Worklet checks if the Rapid7 Insight Agent is already installed by querying the launchd service list for the rapid7 service entry. If the service is active, no remediation is needed. If the agent directory exists at /opt/rapid7/ir_agent but the service is not running, the Worklet exits without reinstalling.

2. Remediation phase: The Worklet validates that the rapid7_token secret has been provided. It detects the endpoint's processor architecture using uname -p, then downloads the appropriate installation script (ARM64 for Apple Silicon, x86_64 for Intel). The script is executed with the install_start command and your Rapid7 token. The Worklet confirms successful installation by checking that the rapid7 launchd service is running and the agent executable exists at /opt/rapid7/ir_agent/ir_agent.

Rapid7 agent installation requirements

• macOS 10.12 (Sierra) or later

• Supported architectures: Intel x86_64 and Apple Silicon (ARM64)

• Valid Rapid7 User Token stored as a secret input named rapid7_token

• Administrative privileges to install system services

• Network connectivity to download from us.storage.endpoint.ingress.rapid7.com

• Active Rapid7 subscription with Insight Agent licensing

Expected state after Rapid7 installation

After the Worklet executes successfully, the Rapid7 Insight Agent runs as an active launchd service on the endpoint. The agent binary is installed at /opt/rapid7/ir_agent/ir_agent and communicates continuously with Rapid7's cloud infrastructure to perform vulnerability scans, security assessments, and threat detection. You can verify this change through the Automox Activity Log or by checking the endpoint configuration directly.

You can verify successful installation by checking the Rapid7 console for the endpoint's enrollment status and viewing vulnerability findings in your Rapid7 dashboard. The endpoint now appears in your Rapid7 vulnerability management program and receives continuous security monitoring.

How to validate install rapid7 insight agent changes

1. Run this Worklet on a pilot macOS endpoint and review evaluation output for install rapid7 insight agent.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as function, return, else.

4. Validate remediation effects from script operations such as function, return, else, then rerun evaluation for compliance.