API DocsDeveloper PortalSystem StatusTry for Free
Search…
⌃K
Links

Rapid7 InsightIDR

Steps to configure Rapid7 InsightIDR integration for incident management, using Squadcast
Rapid7 InsightIDR is your security center for incident detection and response, authentication monitoring, and endpoint visibility. InsightIDR identifies unauthorized access from external and internal threats and highlights suspicious activity so you don’t have to weed through thousands of data streams.
Route detailed monitoring alerts from Rapid7 InsightIDR to the right users in Squadcast.

How to integrate Rapid7 InsightIDR with Squadcast

In Squadcast: Using Rapid7 InsightIDR as an Alert Source

  1. 1.
    Navigate to Services -> Service Overview -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click Add.
2. Select Rapid7 InsightIDR. Copy the displayed Webhook URL to configure it within Rapid7 InsightIDR. Finish by clicking Add Alert Source -> Done.
Important:
When an alert source turns Active, it’ll show up under Configured Alert Sources, you can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source. An Alert Source is active if there is a recorded incident via that Alert Source for the Service.

In Rapid7 InsightIDR: Create a Squadcast Webhook

(1) From your InsightIDR dashboard, select Data Collection on the left hand menu
(2) When the Data Collection page appears, click the Setup Event Source drop-down and choose Add Event Source
(3) From the Security Data section, click the Data Exporter icon
The Add Event Source panel appears
  • Choose your Collector and select Universal Webhook for Data Exporter. Give the Event Source a meaningful name
  • Paste the previously copied Squadcast URL under URL
  • If the secret is not already provided, enter in the Secret field
  • There is no requirement by Squadcast to add any Additional Headers
  • Enable the checkbox option Alerts under Data Export Types
  • Click Save
That is it, you are good to go! Now, whenever there is an alert in the Rapid7 InsightIDR, an incident will be triggered in Squadcast for the same.

FAQ

Q: If an alert gets resolved in Rapid7 InsightIDR, does it send auto-resolve signals to Squadcast?
A: No, Rapid7 InsightIDR does not send auto-resolve signals for resolved alerts to Squadcast. Hence, Squadcast incidents from Rapid7 InsightIDR should be resolved manually.
Previous
PRTG Network Monitor
Next
Redash
Last modified 3mo ago