Ctrlk
ProductBook a demoOpen app
linkedinyoutube

Rapid7 InsightIDR

Connect Rapid7 InsightIDR to Radiant Security to forward alerts for AI triage.

Rapid7 InsightIDR is a cloud SIEM and XDR platform that detects intrusions, lateral movement, credential theft, and other threats across endpoints, network traffic, and cloud activity. Connecting Rapid7 InsightIDR forwards investigation alerts to Radiant Security over a universal webhook.

This configuration requires switching between Rapid7 InsightIDR and Radiant Security several times to copy credentials in both directions. Have both platforms open before you start.

Prerequisites

Create the user and API Key in Rapid7 InsightIDR

  1. In Rapid7 InsightIDR, in the upper-right corner, click Settings > Users.

  1. Click Create User.

  1. Under User Details, enter values for First Name, Last Name, and Email, then click Next.

  1. Click the Manage Individual Permissions tab.

  2. On the Products tab, toggle InsightIDR to enabled.

  1. Click the Roles tab, then select the InsightIDR Analyst and Log Search Admin role checkboxes.

  1. Click Save.

  2. Sign in as the newly created user. In the upper-right corner, click Settings > API Keys.

  1. Click Generate New User Key.

  2. Select your organization, enter a Name (e.g., Radiant Security), then click Submit.

  3. Click Copy to copy the API Key value.

Copy the API Key value now. It cannot be retrieved later.

Start adding the data connector in Radiant Security

  1. Sign in to Radiant Security.

  2. From the navigation menu, select Settings > Data Connectors, then click + Add Connector.

  3. Search for and select Rapid7 Insights IDR, then click Data Feeds.

  4. Under Select your data feeds, select Rapid7 Insights IDR (Webhook), then click Credentials.

  5. Under Credential Name, enter an identifiable name for this credential (e.g., Rapid7 InsightIDR Credentials).

  6. Under Required Credentials, enter the following:

    • Rapid7 Investigation API Token: the API Key value copied from Rapid7 InsightIDR.

Leave this page open. You will return to it after generating the HMAC Secret in Rapid7.

Create the webhook and obtain the HMAC Secret in Rapid7 InsightIDR

  1. In Rapid7 InsightIDR, click Data Collection > Data Exporters > Add Data Exporter.

  1. Under Select Data Exporter Type, select Universal Webhook, then copy the Secret value.

Leave this page open. You will return to it after generating the Webhook URL and Token in Radiant.

Finish adding the data connector in Radiant Security

  1. Return to the Rapid7 Insights IDR (Webhook) connector you started in Radiant Security.

  2. Under Required Credentials, enter the following:

    • Rapid7 Webhook HMAC Secret: the Secret value copied from Rapid7 InsightIDR.

  3. Click Add Connector.

  4. Click View Details on the newly created connector.

  5. Copy the following values to use in the next section:

    • Token

    • Webhook URL

Complete the webhook configuration in Rapid7 InsightIDR

  1. In the Edit Data Exporter page, paste the Webhook URL copied from Radiant Security into the URL field.

  2. Under Headers, add the following:

    • Key: X-RS-TOKEN

    • Value: the Token copied from Radiant Security.

  1. Click Save.

Verify ingestion

After Rapid7 InsightIDR begins forwarding, confirm alerts and events are reaching Radiant.

  1. In Radiant, navigate to Log Management.

  2. Filter by rs_connectorType:"rapid7_insight_idr".

  3. Confirm recent alerts and events appear.

Allow several minutes for alerts and events to be parsed, indexed, and available for search.

PreviousExecute Response Actions with Proofpoint TAPNextSalt Security

Last updated

Was this helpful?