# Rapid7 InsightIDR

[<mark style="color:blue;">Rapid7 InsightIDR</mark>](https://www.rapid7.com/products/insightidr/) is your security center for incident detection and response, authentication monitoring, and endpoint visibility. InsightIDR identifies unauthorized access from external and internal threats and highlights suspicious activity so you don’t have to weed through thousands of data streams.

Route detailed monitoring alerts from Rapid7 InsightIDR to the right users in Squadcast.

### How to integrate Rapid7 InsightIDR with Squadcast

### In Squadcast: Using Rapid7 InsightIDR as an Alert Source

1. Navigate to **Services** -> **Service Overview** -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click **Add**.

<figure><img src="https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-4fbd74e7ca0b30173c47a1d58ed6a0804a0465aa%2FAlert_Sources.png?alt=media&#x26;token=aaca6610-9d18-4dd4-9cf5-320042f326f1" alt="How to configure Rapid7 InsightIDR api integration in Squadcast" width="563"><figcaption></figcaption></figure>

2\. Select **Rapid7 InsightIDR.** Copy the displayed **Webhook URL** to [configure](#in-rapid7-insightidr-create-a-squadcast-webhook) it within **Rapid7 InsightIDR**. Finish by clicking **Add Alert Source** -> **Done.**

<figure><img src="https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-1d83ec76c19014e16863ddf09dd106a51500b953%2FRapid7.png?alt=media&#x26;token=ac2d0421-3fbe-488c-aa52-0a0c32673041" alt="Steps to add Rapid7 InsightIDR api integration to a service in Squadcast" width="563"><figcaption></figcaption></figure>

{% hint style="warning" %} <mark style="color:orange;">**Important**</mark>**:**

When an alert source turns <mark style="color:green;">Active</mark>, it’ll show up under Configured Alert Sources. You can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source.\
\
An Alert Source is <mark style="color:green;">active</mark> if there is a recorded incident via that Alert Source for the Service.
{% endhint %}

### In Rapid7 InsightIDR: Create a Squadcast Webhook

#### **Configure your** [**Universal Webhook Data Exporter**](https://docs.rapid7.com/insightidr/webhook/#section-how-to-configure-this-data-exporter)

1. From your InsightIDR dashboard, select **Data Collection** on the left-hand menu
2. When the **Data Collection** page appears, click the **Setup Event Source** drop-down and choose **Add Event Source**
3. From the **Security Data** section, click the **Data Exporter** icon

The **Add Event Source** panel appears

* Choose your **Collector** and select **Universal Webhook** for **Data Exporter**. Give the Event Source a meaningful name
* Paste the previously copied Squadcast URL under the **URL**
* If the secret is not already provided, enter the **Secret** field
* There is no requirement by Squadcast to add any Additional Headers
* Enable the checkbox option **Alerts** under **Data Export Types**
* Click **Save**

![](https://1574591692-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8TaWz01jmUJl58p4ZVel%2Fuploads%2Fgit-blob-238cac8656366b78800ecfe48f3a827b8f113512%2Frapid7_2.png?alt=media\&token=8563d8b6-281b-4934-8396-b6c55f4dd23a)

That is it, you are good to go! Now, whenever there is an alert in the Rapid7 InsightIDR, an incident will be triggered in Squadcast for the same.

### FAQ

**Q:** If an alert gets resolved in Rapid7 InsightIDR, does it send auto-resolve signals to Squadcast?

**A:** No, Rapid7 InsightIDR does not send auto-resolve signals for resolved alerts to Squadcast. Hence, Squadcast incidents from Rapid7 InsightIDR should be resolved manually.

*Have any other questions?* [*Ask the community*](https://community.squadcast.com/view/home)*.*