Rapid7 Insight

rapid7 insight is a security analytics and threat intelligence platform that enables automated incident detection and response rapid7 insight is a powerful threat intelligence and analytics platform that provides real time visibility into the global threat landscape the rapid7 insight connector for swimlane turbine allows users to seamlessly integrate threat intelligence into their security workflows by leveraging this connector, users can automatically retrieve indicators of compromise (iocs) based on specific values, enhancing incident response and proactive threat hunting the integration streamlines the process of gathering and analyzing threat data, enabling security teams to respond more effectively to potential threats prerequisites to effectively utilize the rapid7 insight connector within swimlane turbine, ensure you have the following prerequisites http basic authentication with the following parameters url the endpoint for the rapid7 insight api account id your unique identifier for accessing rapid7 services api key a secure key generated by rapid7 for api access capabilities this connector provides the following capabilities get ioc by value asset setup you can obtain your account id and api key from the intsights cloud platform ui from the 'subscription' page please note that the api key is the same key used to obtain connectivity between intsights virtual appliance and the cloud platform, so if you have generated it in the past you can re use it for the rest api connectivity configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username intel intsights account id string required password intel intsights api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get ioc by value retrieve indicators of compromise (iocs) from rapid7 insight using a specific value provided as input endpoint url public/v3/iocs/ioc by value method get input argument name type required description iocvalue string required value for the parameter headers object optional http headers for the request content type string optional type of the resource account id string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase value string value for the parameter type string type of the resource status string status value severity string output field severity score number score value lastupdatedate string date value lastseen string output field lastseen firstseen string output field firstseen relatedmalware array output field relatedmalware file name string name of the resource file string output field file relatedcampaigns array output field relatedcampaigns file name string name of the resource file string output field file relatedthreatactors array output field relatedthreatactors file name string name of the resource file string output field file reportedfeeds array output field reportedfeeds id string unique identifier name string name of the resource confidencelevel number unique identifier whitelisted boolean output field whitelisted tags array output field tags example \[ { "status code" 200, "response headers" { "date" "thu, 10 nov 2022 17 53 29 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "set cookie" "env=production apiexternal; path=/; samesite=lax, dash version=6 55 2; path=/; s ", "content security policy" "default src 'self';base uri 'self';block all mixed content;font src 'self' data ", "x dns prefetch control" "off", "expect ct" "max age=0", "x frame options" "sameorigin", "strict transport security" "max age=15724800; includesubdomains", "x download options" "noopen", "x content type options" "nosniff", "x permitted cross domain policies" "none", "referrer policy" "same origin", "x xss protection" "0" }, "reason" "ok", "json body" { "value" "intsiights com", "type" "domains", "status" "active", "severity" "low", "score" 30, "lastupdatedate" "2022 11 10t17 43 52 792z", "lastseen" "2022 11 10t17 43 52 792z", "firstseen" "2018 05 16t09 31 43 000z", "relatedmalware" \[], "relatedcampaigns" \[], "relatedthreatactors" \[], "reportedfeeds" \[], "whitelisted" false, "tags" \[] } } ] response headers header description example cache control directives for caching mechanisms no store, no cache, must revalidate, proxy revalidate cf cache status http response header cf cache status dynamic cf ray http response header cf ray 7680a5d50c230108 gru connection http response header connection keep alive content encoding http response header content encoding gzip content security policy http response header content security policy default src 'self';base uri 'self';block all mixed content;font src 'self' data fonts gstatic com hotjar com hotjar io;img src 'self' data blob www google analytics com http //www google analytics com pendo io hotjar com hotjar io pendo static 6269273820233728 storage googleapis com pendo eu static 6269273820233728 storage googleapis com res cloudinary com;object src 'none';script src 'self' 'unsafe eval' 'sha256 0/se6m9r9ucpopxn4pujl8a+d5x78/t867+4snzjrie=' 'sha256 i8nx4g/ztbmzhgqfeaqxphct8b5xp6vtkncfzyh/0ry=' 'sha256 c1qwgwjxzn8h7npodut2py31e2fcmmyaml53qb5dg90=' 'sha256 cqf45vy2ubv5fy1zt1o8tppzhpav9gimue74mjnzgh4=' 'sha256 un7fjuth8h237tupzdoqq59vbnjgcttntkrp9uevzw4=' 'sha256 9tti1c5jn4zruq7dbgweqln2xmlyqyf1jshjccbubzi=' 'sha256 3/vkuilpehxv7lhltcv73w5pw3gi3fb1a4+fdwlb1si=' 'sha256 yj7tsl+i+ctrc3llcmum0fagy6xsyyzoguti8tjpzuc=' 'sha256 zopv4k+wf+yy2+iyhjl5lm5ut4cl+0k4bv25bcbuaw0=' www recaptcha net http //www recaptcha net www gstatic com http //www gstatic com www gstatic cn http //www gstatic cn www google analytics com http //www google analytics com pendo io pendo io static storage googleapis com pendo eu static storage googleapis com pendo static 6269273820233728 storage googleapis com pendo eu static 6269273820233728 storage googleapis com hotjar com hotjar io;style src 'self' 'unsafe inline' fonts googleapis com pendo io pendo static 6269273820233728 storage googleapis com pendo eu static 6269273820233728 storage googleapis com https //cdn rawgit com/google/code prettify/master/loader/prettify css https //cdn rawgit com/google/code prettify/master/loader/prettify css https //cdn jsdelivr net/gh/google/code prettify\@master/loader/prettify css https //cdn jsdelivr net/gh/google/code prettify\@master/loader/prettify css https //cdn jsdelivr net/npm/@mdi/font\@latest/css/materialdesignicons min css;frame src https //cdn jsdelivr net/npm/@mdi/font\@latest/css/materialdesignicons min css;frame src 'self' pendo io hotjar com hotjar io www recaptcha net;frame ancestors http //www recaptcha net;frame ancestors 'self' pendo io;child src 'self' pendo io;connect src 'self' blob r7ops com rapid7 com docs google com stats g doubleclick net sentry io hotjar com hotjar io wss\ // hotjar com fonts gstatic com hotjar com hotjar io www google analytics com http //www google analytics com pendo io pendo static 6269273820233728 storage googleapis com pendo eu static 6269273820233728 storage googleapis com res cloudinary com www recaptcha net http //www recaptcha net www gstatic com http //www gstatic com www gstatic cn http //www gstatic cn pendo io static storage googleapis com pendo eu static storage googleapis com fonts googleapis com https //cdn rawgit com/google/code prettify/master/loader/prettify css https //cdn rawgit com/google/code prettify/master/loader/prettify css https //cdn jsdelivr net/gh/google/code prettify\@master/loader/prettify css https //cdn jsdelivr net/gh/google/code prettify\@master/loader/prettify css https //cdn jsdelivr net/npm/@mdi/font\@latest/css/materialdesignicons min css https //cdn jsdelivr net/npm/@mdi/font\@latest/css/materialdesignicons min css content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated thu, 10 nov 2022 17 53 29 gmt etag an identifier for a specific version of a resource w/"255 gfkzl8ha9zegrtj0jxi/f7rqv7y" expect ct http response header expect ct max age=0 expires the date/time after which the response is considered stale 0 pragma http response header pragma no cache referrer policy http response header referrer policy same origin server information about the software used by the origin server cloudflare set cookie http response header set cookie env=production apiexternal; path=/; samesite=lax, dash version=6 55 2; path=/; samesite=lax strict transport security http response header strict transport security max age=15724800; includesubdomains surrogate control http response header surrogate control no store transfer encoding http response header transfer encoding chunked x content type options http response header x content type options nosniff x dns prefetch control http response header x dns prefetch control off x download options http response header x download options noopen x frame options http response header x frame options sameorigin x permitted cross domain policies http response header x permitted cross domain policies none x request account name http response header x request account name swimlane nfr x request route path http response header x request route path /public/v3/iocs/ioc by value