Rapid7 InsightIDR
Efficiently integrate Rapid7 InsightIDR API for incident management with Squadcast - Streamline incident response and enhance collaboration.
Last updated
Efficiently integrate Rapid7 InsightIDR API for incident management with Squadcast - Streamline incident response and enhance collaboration.
Last updated
Rapid7 InsightIDR is your security center for incident detection and response, authentication monitoring, and endpoint visibility. InsightIDR identifies unauthorized access from external and internal threats and highlights suspicious activity so you don’t have to weed through thousands of data streams.
Route detailed monitoring alerts from Rapid7 InsightIDR to the right users in Squadcast.
Navigate to Services -> Service Overview -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click Add.
2. Select Rapid7 InsightIDR. Copy the displayed Webhook URL to configure it within Rapid7 InsightIDR. Finish by clicking Add Alert Source -> Done.
Important:
When an alert source turns Active, it’ll show up under Configured Alert Sources. You can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source. An Alert Source is active if there is a recorded incident via that Alert Source for the Service.
From your InsightIDR dashboard, select Data Collection on the left-hand menu
When the Data Collection page appears, click the Setup Event Source drop-down and choose Add Event Source
From the Security Data section, click the Data Exporter icon
The Add Event Source panel appears
Choose your Collector and select Universal Webhook for Data Exporter. Give the Event Source a meaningful name
Paste the previously copied Squadcast URL under the URL
If the secret is not already provided, enter the Secret field
There is no requirement by Squadcast to add any Additional Headers
Enable the checkbox option Alerts under Data Export Types
Click Save
That is it, you are good to go! Now, whenever there is an alert in the Rapid7 InsightIDR, an incident will be triggered in Squadcast for the same.
Q: If an alert gets resolved in Rapid7 InsightIDR, does it send auto-resolve signals to Squadcast?
A: No, Rapid7 InsightIDR does not send auto-resolve signals for resolved alerts to Squadcast. Hence, Squadcast incidents from Rapid7 InsightIDR should be resolved manually.
Have any other questions? Ask the community.
