Rapid7 Insight Threat Command

introduction this guide explains how to authenticate the rapid7 insight threat command connector in swimlane using http basic authentication prerequisites before configuring the connector, ensure you have a valid rapid7 insight threat command account access to the rapid7 threat command portal permission to generate and manage api credentials access to the rapid7 insight threat command api endpoint required credentials during setup, you will collect credential description url rapid7 insight threat command api url username rapid7 insight threat command username api key / password api key generated in rapid7 verify ssl optional ssl verification setting http proxy optional proxy configuration rapid7 insight threat command setup log in to rapid7 insight platform open the rapid7 insight platform https //insight rapid7 com/ https //insight rapid7 com/ log in using your rapid7 credentials access threat command from the rapid7 dashboard, open threat command navigate to settings → api access or user settings → api keys (the exact menu may vary depending on your tenant configuration ) generate an api key click create api key or generate key enter api key name description (optional) select the required permissions for api access click save or generate copy and securely store the generated api key the api key will be used as the password value in swimlane identify the api url the default api endpoint format is typically https //api insight rapid7 com or the tenant specific threat command api url provided by rapid7 record this value for swimlane configuration connector configuration in swimlane log in to turbine from the left hand navigation pane, click orchestration click assets asset homepage opens click the plus (+) icon to open the configure your connector asset window select rapid7 insight threat command from the asset type list fill in the asset settings and asset input as shown field description required/optional url rapid7 insight threat command api url required username rapid7 insight threat command username required password rapid7 api key (automatically encoded by connector) required verify ssl enable/disable ssl verification optional http proxy optional proxy configuration optional fields marked with are required click create the connector uses http basic authentication the api key should be entered directly into the password field do not manually base64 encode the api key swimlane automatically handles authentication encoding troubleshooting authentication failed (401 unauthorized) verify username is correct api key is valid api key has not expired api url is correct user has sufficient api permissions ssl errors if ssl verification fails verify the server certificate chain confirm proxy/firewall inspection settings temporarily disable verify ssl for testing if permitted by your organization connection timeout verify firewall rules allow outbound https traffic proxy configuration is correct rapid7 api endpoint is reachable from swimlane you have successfully authenticated the rapid7 insight threat command connector in swimlane sources rapid7 insight threat command connector documentation https //docs swimlane com/connectors/rapid7 insight threat command https //docs swimlane com/connectors/rapid7 insight threat command rapid7 threat command documentation https //docs rapid7 com/threat command/ https //docs rapid7 com/threat command/ rapid7 insight platform https //insight rapid7 com/ https //insight rapid7 com/