Rapid7 Insight IDR
The Dropzone AI Platform integrates with Rapid7 Insight IDR (InsightIDR), a cloud-native SIEM and XDR solution. Dropzone can poll InsightIDR investigations as alert sources, enrich them with associated alerts and evidence (Attacker Behavior Analytics and User Behavior Analytics), and run AI-driven investigations.
This integration is currently available as a beta alert source. It may be hidden in the UI unless beta integrations are enabled for your tenant. Contact your administrator or Dropzone support if you do not see it.
Obtain credentials
InsightIDR uses the Insight platform API for authentication. You need:
API Key – An Insight platform (organization) API key with access to InsightIDR.
Region – The data storage region for your InsightIDR instance (e.g.
us,us2,eu,ca,ap,au).
To obtain an API key:
Log in to the Rapid7 Insight platform.
Navigate to your user/account settings and locate API Keys (or equivalent for your organization).
Create a new API key with access to InsightIDR and copy it for use in Dropzone.
Your region is typically visible in the InsightIDR or Insight platform URL (e.g. us for us.api.insight.rapid7.com).
Enable the integration
To enable the Rapid7 Insight IDR alert source:
Navigate to your Dropzone AI tenant (e.g.
https://_mycompany_.dropzone.app).Go to Settings > Integrations.
Click Available and search for Rapid7 Insight IDR.
Click Configure.
Enter your API Key and Region.
Optionally configure Polling filters (priorities, statuses, sources, tags) to limit which investigations are ingested.
Adjust Poll interval and Poll lookback if needed.
Click Test to verify the connection, then Save.
After saving, Dropzone will poll InsightIDR for new investigations in the configured time window and filters, and create investigations for each.
Last updated
Was this helpful?