Rapid7 InsightIDR Integration

The Universal Webhook Data Exporter allows you to integrate Rapid7 Platform products with AIR to respond in a specified way when events trigger on the Rapid7 Platform.

Step 1 - Creating A webhook for Rapid7 InsightIDR

Visit the Webhooks page in AIR,
Click the "+ New Webhook" button in the upper right corner,
Provide a self-explanatory name,
Select "Rapid7 InsightIDR Webhook Parser" as the parser for this webhook,
Select an Acquisition Profile when the trigger activates this webhook,
Select the Ignore option or leave with its default value (defaults to 24 hours for recurrent alerts for a single endpoint),
Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy
Click the "Save" button.

Step 2: Create Triggers for InsightIDR

From the left menu, go to Data Collection and click Data Exporters.
Click Add Data Exporter.
Select Universal Webhook as the Data Exporter Type.
Choose your collector. You can also name your data exporter if you want. Provide the URL that you previously configured.
Add Content-Type: application/json for your webhook HTTP POST request.
Select the Alerts checkbox to export asset-specific alerts from InsightIDR.
- Optionally, trust all certificates or self-signed certificates by selecting the Certificate Settings checkboxes.
Click Save

Please refer to Rapid7 documentation for more information.

PreviousCarbon Black Cloud Integration NextLogicHub SOAR (DEVO) Integration

Last updated 2 months ago

Was this helpful?