# Rapid7 Insight IDR

The Dropzone AI Platform integrates with [Rapid7 Insight IDR](https://www.rapid7.com/products/insightidr/) (InsightIDR), a cloud-native SIEM and XDR solution. Dropzone can poll InsightIDR investigations as alert sources, enrich them with associated alerts and evidence (Attacker Behavior Analytics and User Behavior Analytics), and run AI-driven investigations.

{% hint style="info" %}
This integration is currently available as a beta alert source. It may be hidden in the UI unless beta integrations are enabled for your tenant. Contact your administrator or Dropzone support if you do not see it.
{% endhint %}

## Obtain credentials

InsightIDR uses the [Insight platform API](https://help.rapid7.com/insightidr/en-us/api/v2/docs.html) for authentication. You need:

* API Key – An Insight platform (organization) API key with access to InsightIDR.
* Region – The data storage region for your InsightIDR instance (e.g. `us`, `us2`, `eu`, `ca`, `ap`, `au`).

To obtain an API key:

1. Log in to the [Rapid7 Insight platform](https://insight.rapid7.com).
2. Navigate to your user/account settings and locate API Keys (or equivalent for your organization).
3. Create a new API key with access to InsightIDR and copy it for use in Dropzone.

Your region is typically visible in the InsightIDR or Insight platform URL (e.g. `us` for `us.api.insight.rapid7.com`).

## Enable the integration

To enable the Rapid7 Insight IDR alert source:

1. Navigate to your Dropzone AI tenant (e.g. `https://_mycompany_.dropzone.app`).
2. Go to Settings > Integrations.
3. Click Available and search for Rapid7 Insight IDR.
4. Click Configure.
5. Enter your API Key and Region.
6. Optionally configure Polling filters (priorities, statuses, sources, tags) to limit which investigations are ingested.
7. Adjust Poll interval and Poll lookback if needed.
8. Click Test to verify the connection, then Save.

After saving, Dropzone will poll InsightIDR for new investigations in the configured time window and filters, and create investigations for each.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.dropzone.ai/integrations/alert/rapid7-insight-idr_alert.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.