This document will help you integrate Rapid7 InsightIDR with Squadcast.

Rapid7 InsightIDR is your security center for incident detection and response, authentication monitoring, and endpoint visibility. InsightIDR identifies unauthorized access from external and internal threats and highlights suspicious activity so you don’t have to weed through thousands of data streams.

Route detailed monitoring alerts from Rapid7 InsightIDR to the right users in Squadcast.

How to integrate Rapid7 InsightIDR with Squadcast

In Squadcast: Using Rapid7 InsightIDR as an Alert Source

(1) From the navigation bar on the left, select Services. Pick the applicable Team from the Team-picker on the top. Next, click on Alert Sources for the applicable Service

(2) Search for Rapid7 insightIDR from the Alert Source drop-down and copy the Webhook URL

In Rapid7 InsightIDR: Create a Squadcast Webhook

Configure your Universal Webhook Data Exporter

(1) From your InsightIDR dashboard, select Data Collection on the left hand menu

(2) When the Data Collection page appears, click the Setup Event Source drop-down and choose Add Event Source

(3) From the Security Data section, click the Data Exporter icon

The Add Event Source panel appears

• Choose your Collector and select Universal Webhook for Data Exporter. Give the Event Source a meaningful name
• Paste the previously copied Squadcast URL under URL
• If the secret is not already provided, enter in the Secret field
• There is no requirement by Squadcast to add any Additional Headers
• Enable the checkbox option Alerts under Data Export Types
• Click Save

That is it, you are good to go! Now, whenever there is an alert in the Rapid7 InsightIDR, an incident will be triggered in Squadcast for the same.

FAQ

Q: If an alert gets resolved in Rapid7 InsightIDR, does it send auto-resolve signals to Squadcast?

A: No, Rapid7 InsightIDR does not send auto-resolve signals for resolved alerts to Squadcast. Hence, Squadcast incidents from Rapid7 InsightIDR should be resolved manually.