# Rapid7 Insight IDR {% hint style="info" %} This alert source integration is in **beta**. It is not visible in the Dropzone UI until it has been explicitly enabled for your tenant. Contact your Dropzone AI Support Representative to request enablement. {% endhint %} The Dropzone AI Platform integrates with [Rapid7 Insight IDR](https://www.rapid7.com/products/insightidr/), a cloud-native SIEM and XDR solution. Dropzone can poll InsightIDR investigations as alert sources, enrich them with associated alerts and evidence (Attacker Behavior Analytics and User Behavior Analytics), and run AI-driven investigations. ## Obtain credentials Rapid7 Insight IDR uses the [Insight platform API](https://help.rapid7.com/insightidr/en-us/api/v2/docs.html) for authentication. You need: * API Key – An Insight platform (organization) API key with access to Rapid7 Insight IDR * Region – The data storage region for your tenant (e.g. `us`, `us2`, `eu`, `ca`, `ap`, `au`). See [Identify your data region](#identify-your-data-region) below To obtain an API key: 1. Log in to the [Rapid7 Insight platform](https://insight.rapid7.com) 2. Navigate to your user/account settings and locate API Keys (or equivalent for your organization) 3. Create a new API key with access to InsightIDR and copy it for use in Dropzone ## Identify your data region Dropzone needs the **region code** for your InsightIDR data storage region (for example `us`, not a full hostname). Use either method below. ### From the product URL 1. Open any Rapid7 product you have access to (for example InsightIDR) 2. Look at the browser URL subdomain **prefix** before `.idr.insight.rapid7.com` (or a similar Rapid7 product hostname) 3. Enter that prefix in Dropzone as the Region value For example, if your URL is `https://us.idr.insight.rapid7.com`, enter `us` in Dropzone. Rapid7 API hosts for your tenant follow the same prefix: | API | Example hostname | | ------------------------- | ----------------------------------------- | | Insight platform (IDR v2) | `https://us.api.insight.rapid7.com` | | Log Search (LEQL) | `https://us.rest.logs.insight.rapid7.com` | For more detail, see Rapid7's [Check your data region](https://docs.rapid7.com/insight/navigate-the-insight-platform/#check-your-data-region) documentation. ### From Organization Settings 1. In the Rapid7 Command Platform, go to Administration > Settings > Organization Settings 2. Find **Data Storage Region** (the display name for your tenant) 3. Map that label to the Region value for Dropzone using the table below | Data Storage Region (Rapid7 UI) | Dropzone Region value | | ------------------------------- | --------------------- | | United States - 1 | `us` | | United States - 2 | `us2` | | Canada | `ca` | | Europe | `eu` | | Australia | `au` | | Japan / Asia-Pacific | `ap` | For the full list of supported regions and API base URLs, see Rapid7's [Supported regions](https://docs.rapid7.com/insight/product-apis/#supported-regions) documentation. ### If the connection test fails When you click **Test** on the alert source, Dropzone verifies connectivity by calling the InsightIDR **investigations** API on the platform host (`{region}.api.insight.rapid7.com`). This is not the Log Search API used by the [Rapid7 Insight IDR data source](/integrations/data/rapid7-insight-idr_data.md). A wrong Region or API key can produce errors like: ``` Invalid API key or unauthorized ``` or: ``` Connection test failed: 403 ... ``` {% hint style="warning" %} If you see these errors, re-check your **Region** using the steps above before assuming the API key is wrong. The same symptoms can appear when either value is incorrect. {% endhint %} 1. Confirm the Region matches your Rapid7 URL prefix or the Organization Settings table (enter `us`, not `us.api.insight.rapid7.com`) 2. Re-open InsightIDR and verify the subdomain prefix (for example `us2` vs `us`) 3. If Region is correct, verify the API key is an organization key with InsightIDR access and was copied without extra spaces For log-set or LEQL connection errors while configuring the data source, see [If the connection test fails](/integrations/data/rapid7-insight-idr_data.md#if-the-connection-test-fails) on the Rapid7 Insight IDR data source page. If both Region and API key look correct, engage your Dropzone AI support representative. ## Enable the integration To enable the Rapid7 Insight IDR alert source: 1. Navigate to your Dropzone AI tenant (e.g. `https://_mycompany_.dropzone.app`) 2. Go to Settings > Integrations 3. Click Available and search for Rapid7 Insight IDR 4. Click Configure 5. Enter your API Key and Region 6. Optionally configure Polling filters (priorities, statuses, sources, tags) to limit which investigations are ingested 7. Adjust Poll interval and Poll lookback if needed 8. Click Test to verify the connection, then Save After saving, Dropzone will poll InsightIDR for new investigations in the configured time window and filters, and create investigations for each. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.dropzone.ai/integrations/alert/rapid7-insight-idr_alert.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.