# Rapid7 Insight IDR Webhook

In this guide, you will integrate Rapid7 InsightIDR with Radiant Security using the universal webhook. This configuration forwards alert data into Radiant for correlation, triage, and investigation.

{% hint style="warning" %}
**Important note**: This configuration requires switching between the Rapid7 Insight IDR and Radiant Security platforms to gather different information needed for each step. Please follow the instructions carefully to successfully complete this configuration.
{% endhint %}

### Prerequisites

* [ ] This configuration requires that you have admin access to your Rapid7 Insight IDR account.

### Create the user and API Key in Rapid7 Insight IDR

1. In Rapid7 Insight IDR, in the upper right hand corner, click **Settings** > **Users**.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2F2dynTg8yyzNW4IMZ317v%2FRapid7_IDR_01.png?alt=media&#x26;token=9662c608-0001-4774-8d00-37e3aded558d" alt=""><figcaption></figcaption></figure></div>

2. Click **Create User**.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FYwHetIyLwI9DySBHrCX1%2FRapid7_IDR_02.png?alt=media&#x26;token=9a816c7b-a9b7-46d3-8df8-2f2100bc074d" alt=""><figcaption></figcaption></figure></div>

3. Under **User** **Details**, add the fields for **First Name**, **Last Name**, and **Email** then click **Next**.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FvkhZ8UVJdFAuWdXedNLi%2FRapid7_IDR_03.png?alt=media&#x26;token=a484bbca-15c2-4c88-9bb5-791544153ce2" alt="" width="563"><figcaption></figcaption></figure></div>

4. Click the **Manage Individual Permissions** tab.
5. On the **Products** tab, click the toggle to enable **InsightIDR**.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2F9itbQLIyoHFuSyYAPlGv%2FRapid7_IDR_04.png?alt=media&#x26;token=f7d3cdf0-3411-4cce-a71e-b395328d919e" alt="" width="563"><figcaption></figcaption></figure></div>

6. Click the **Roles** tab, select the **InsightIDR** **Analyst** and **Log** **Search** **Admin** roles checkboxes.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2F34jMyAnjbT5Zdr5cetL2%2FRapid7_IDR_05.png?alt=media&#x26;token=757c6421-910f-42a2-a069-759a52101184" alt="" width="563"><figcaption></figcaption></figure></div>

7. Click **Save** to save the user.
8. Next, login as the newly created user. In the upper right hand corner, click **Settings** > **API Keys**.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FnD77OYEueWDMZeOVt9RB%2FRapid7_IDR_06.png?alt=media&#x26;token=7fbcea61-ec7e-4d35-ae23-961ade0c6541" alt=""><figcaption></figcaption></figure></div>

9. Click **Generate New User Key**.
10. Select your organization and provide a **Name** (e.g. **`Radiant Security`**) and click **Submit**.
11. Click **Copy** to copy the **API Key** value.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2F9GPx2Lq2nPvYh3RRV0vL%2FRapid7_IDR_08.png?alt=media&#x26;token=bf3b1d74-653d-473c-8c4f-df42320d5b6d" alt="" width="450"><figcaption></figcaption></figure></div>

{% hint style="warning" %}
**Important note**: Ensure that you copy and save the API key value now as you won't be able to look it up again later. You will need to provide it to Radiant Security to complete the configuration.&#x20;
{% endhint %}

### Add the connector in Radiant Security (Part 1)

Begin the first part of configuring the data connector in Radiant Security.

1. Login to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, select **Settings** > **Data Connectors**.
3. Click **+ Add Connector**.
4. Search for and select the **Rapid7 Insights IDR** option and then click **Data Feeds**.
5. Under **Select** **your** **data** **feeds**, select **Rapid7 Insights IDR (Webhook)** and click **Credentials**.
6. Under **Credential** **Name**, add a name.
7. Under **Required Credentials**, add the following:
   * **Rapid7 Investigation API Token**: Add the **API Token** that you copied from Rapid7 Insight IDR.

### Create the webhook and obtain the HMAC Secret in Rapid7 Insight IDR

Obtain the HMAC Secret from Rapid7.

1. In Rapid7 Insight IDR, click **Data Collection** > **Data Exporters** > **Add Data Exporter**.

<figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FxtIR6gfygud2kpOrmApZ%2FRapid7_IDR_09.png?alt=media&#x26;token=4154ab8c-baa8-41fb-aa39-6a8289ccc2b1" alt=""><figcaption></figcaption></figure>

2. Under **Select Data Exporter Type**, select **Universal Webhook**, then copy the **Secret**.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FV3NYdSqT523PI9vYw546%2FRapid7_IDR_10.png?alt=media&#x26;token=047bcac1-dd2c-4f46-a17c-984568cdb4e5" alt="" width="563"><figcaption></figcaption></figure></div>

3. Keep this page open, you’ll return to it to add the **URL** after you copy it from Radiant Security.

### Add the connector in Radiant Security (Part 2)

Now that you have the HMAC Secret, complete the data connector setup:

1. Return to where you left off configuring the Rapid7 Insights IDR (Webhook) data connector in Radiant Security.
2. Under **Required Credentials**, add the following:
   * **Rapid7 Webhook HMAC Secret**: Paste the webhook **Secret** you copied from Rapid7 Insight IDR.
3. Click **Add Connector** to finalize the creation of the data connector.
4. Once the connector is created, click **View Details**.
5. Copy the following:
   * **Token**
   * **Webhook URL**

### Complete the webhook **configuration** in Rapid7 Insight IDR

1. In the **Edit** **Data** **Exporter** page, paste the **Webhook URL** that you copied previously into the **URL** field.
2. Under **Headers**, add the following:
   * **Key**: **X-RS-TOKEN**
   * **Value**: Paste the **Token** provided by Radiant Security.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2F0sHHk3Tn91BMb38A2q5D%2FRapid7_IDR_11.png?alt=media&#x26;token=be49679b-a979-4ab3-8b7a-d556f45d6ae0" alt="" width="563"><figcaption></figcaption></figure></div>

3. Click **Save**.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/rapid7-insight-idr-webhook.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.