Rapid7 InsightIDR Integration

The Universal Webhook Data Exporter allows you to integrate Rapid7 Platform products with Binalyze AIR to respond in a specified way when events trigger on the Rapid7 Platform.

Step 1 - Creating A webhook for Rapid7 InsightIDR

  • Visit the Webhooks page in Binalyze AIR,

  • Click the "+ New Webhook" button in the upper right corner,

  • Provide a self-explanatory name,

  • Select "Rapid7 InsightIDR Webhook Parser" as the parser for this webhook,

  • Select an Acquisition Profile when the trigger activates this webhook,

  • Select the Ignore option or leave with its default value (defaults to 24 hours for recurrent alerts for a single endpoint),

  • Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy

  • Click the "Save" button.

Step 2: Create Triggers for InsightIDR

  • From the left menu, go to Data Collection and click Data Exporters.

  • Click Add Data Exporter.

  • Select Universal Webhook as the Data Exporter Type.

  • Choose your collector. You can also name your data exporter if you want. Provide the URL that you previously configured.

  • Add Content-Type: application/json for your webhook HTTP POST request.

  • Select the Alerts checkbox to export asset-specific alerts from InsightIDR.

    • Optionally, trust all certificates or self-signed certificates by selecting the Certificate Settings checkboxes.

  • Click Save

Please refer to Rapid7 documentation for more information.

Last updated