The article covers how to create a new InsightDR API key and configure a feed in Chronicle.
InsightIDR is a security center for incident detection and response, authentication monitoring, and endpoint visibility. InsightIDR identifies unauthorized access from external and internal threats and highlights suspicious activity, so you don’t have to scroll through thousands of data streams.
Create a new InsightIDR API Key
Follow the below steps to generate a new API key.
- Open your InsightIDR home page and from the Settings cog icon menu at the top right-hand corner of the page, select API Keys.
2. From the left-hand menu, select type of the API Key
Please note, there are two types of available API keys - Organization key or User key. An organization API key allows access to Insight product APIs and can only be generated by platform administrators. The user API key is associated with a single user and inherits all permissions of that user.
In this example, we are generating a User Key.
-
- Click User Key in the left menu as shown in the following image.
-
- From the organization dropdown, choose the organization you wish to create the API Key for and type the name of the key.
We recommend giving the key a meaningful name that will indicate its purpose. Once done, click on the Generate button.
- From the organization dropdown, choose the organization you wish to create the API Key for and type the name of the key.
-
- You will now be shown your API key. Copy it and save it in your password manager. This API key will be required in the InsightConnect connection configuration steps.
Configure a feed in Chronicle
Complete the following steps to configure a feed in Chronicle to ingest the insightIDR logs.
- Go to Chronicle Settings and click Feeds.
- Click Add New.
3. Select Third Party API for Source Type.
4. Select Rapid7 Insight for Log Type.
5. Click Next.
6. Under Authentication HTTP Header, API KEY and API HOSTNAME, paste the key collected from the above process.
-
- Authentication HTTP Header: The HTTP header used to authenticate against us.api.insight.rapid7.com in "key:value" format.
Example: X-Api-key: 7d2c100f-fe90-4ae9-bfc1 cb7114bdb16d (Organization Key). - API ENDPOINT: which REST API endpoint to hit, which can be either "vulnerabilities" or "assets".
- API HOSTNAME: The fully qualified domain name of your Rapid7 API endpoint.
Example: [region].api.insight.rapid7.com.
- Authentication HTTP Header: The HTTP header used to authenticate against us.api.insight.rapid7.com in "key:value" format.
InsightIDR |
|
7. Click Next and Finish.
Comments
0 comments
Please sign in to leave a comment.