Rapid7 Insight IDR Webhook

Set up the Rapid7 Insight IDR Webhook data connector.

In this guide, you will integrate Rapid7 InsightIDR with Radiant Security using the universal webhook. This configuration forwards alert data into Radiant for correlation, triage, and investigation.

Important note: This configuration requires switching between the Rapid7 Insight IDR and Radiant Security platforms to gather different information needed for each step. Please follow the instructions carefully to successfully complete this configuration.

Prerequisites

This configuration requires that you have admin access to your Rapid7 Insight IDR account.

Create the user and API Key in Rapid7 Insight IDR

  1. In Rapid7 Insight IDR, in the upper right hand corner, click Settings > Users.

  2. Click Create User.

  3. Under User Details, add the fields for First Name, Last Name, and Email then click Next.

  4. Click the Manage Individual Permissions tab.

  5. On the Products tab, click the toggle to enable InsightIDR.

  6. Click the Roles tab, select the InsightIDR Analyst and Log Search Admin roles checkboxes.

  7. Click Save to save the user.

  8. Next, login as the newly created user. In the upper right hand corner, click Settings > API Keys.

  9. Click Generate New User Key.

  10. Select your organization and provide a Name (Radiant Security) and click Submit.

  11. Click Copy to copy the API Key value.

Important note: Ensure that you copy and save the API key value now as you won't be able to look it up again later. You will need to provide it to Radiant Security to complete the configuration.

Add the connector in Radiant Security (Part 1)

Begin the first part of configuring the data connector in Radiant Security.

  1. Login to Radiant Security.

  2. From the navigation menu, select Settings > Data Connectors.

  3. Click + Add Connector.

  4. Search for and select the Rapid7 Insights IDR option and then click Data Feeds.

  5. Under Select your data feeds, select Rapid7 Insights IDR (Webhook) and click Credentials.

  6. Under Credential Name, add a name.

  7. Under Required Credentials, add the following:

    • Rapid7 Investigation API Token: Add the API Token that you copied from Rapid7 Insight IDR.

Create the webhook and obtain the HMAC Secret in Rapid7 Insight IDR

Obtain the HMAC Secret from Rapid7.

  1. In Rapid7 Insight IDR, click Data Collection > Data Exporters > Add Data Exporter.

  2. Under Select Data Exporter Type, select Universal Webhook, then copy the Secret.

  3. Keep this page open, you’ll return to it to add the URL after you copy it from Radiant Security.

Add the connector in Radiant Security (Part 2)

Now that you have the HMAC Secret, complete the data connector setup:

  1. Return to where you left off configuring the Rapid7 Insights IDR (Webhook) data connector in Radiant Security.

  2. Under Required Credentials, add the following:

    • Rapid7 Webhook HMAC Secret: Paste the webhook Secret you copied from Rapid7 Insight IDR.

  3. Click Add Connector to finalize the creation of the data connector.

  4. Once the connector is created, click View Details.

  5. Copy the following:

    • Token

    • Webhook URL

Complete the webhook configuration in Rapid7 Insight IDR

  1. In the Edit Data Exporter page, paste the Webhook URL that you copied previously into the URL field.

  2. Under Headers, add the following:

    • Key: X-RS-TOKEN

    • Value: Paste the Token provided by Radiant Security.

  3. Click Save.

PreviousProofpointNextSalt Security

Last updated