Quick Actions

Quick Actions are preconfigured automation actions you can run to get the answers you need fast. You can leverage Quick Actions with no, or very little, configuration required.

Quick Actions are currently available in InsightConnect, InsightIDR, and InsightVM. To gain access to Quick Actions on the Insight Platform, you will need an InsightConnect license, which is included at all tiers of the Managed Threat Complete or Cloud Risk Complete packages.

To learn more about using Quick Actions in InsightIDR please view our InsightIDR documentation. To learn more about using Quick Actions in InsightVM please view our InsightVM documentation.

How to use Quick Actions

Quick Actions can be run from any page within InsightConnect, InsightIDR, or InsightVM using the Quick Actions shortcut that is present in the top navigation bar. To run a Quick Action, select the action from the dropdown list, provide the action input and click the Run button. Each action expects a certain input, such as an IP Address, Email Address, File Hash, Domain, Vulnerability, or some similar indicator.

Available connectionless actions

Quick Actions currently supports the following actions out of the box:

Look Up IP Address with WHOIS
Look Up Domain with WHOIS
Reverse Look Up IP Address with DNS
Forward Look Up Domain with DNS
Look Up IP Address with RDAP
Look Up Domain with RDAP
Look Up File Hash with Team Cymru Malware Hash Repository
Look Up Vulnerability with Rapid7 Vulnerability and Exploit Database
Look Up Exploit with Rapid7 Vulnerability and Exploit Database

To manage your Quick Actions library, navigate to the Quick Actions page in InsightConnect, which can be found on the left hand navigation menu. Quick Actions that are available to run can be found on the Actions tab. To run a Quick Action from this page, select the card of the Quick Action, provide the action input and click the Run button.

Review Quick Action results

When your action completes, the results display within the Quick Action panel. From here, the results can be copied, downloaded, and toggled between formatted and raw JSON views. If you want to take additional actions from here, simply copy any relevant data to your clipboard for use as input in your next action.

To view the results of previously run actions, navigate to the History tab of the Quick Actions page. From here, you can view a record of each action that has been run, the date and time of when it was run, the user who ran the action, and the status of the action. To see the inputs and outputs of the action, click the action name.

Add more Quick Actions

Quick Actions that require connections to run can be added and configured from the Add More tab.

After clicking the tile of the Quick Action that you would like to add, the action will be available on the Your Actions tab. You can choose to configure the action when adding it or you can come back to it at any time. You will also have the options to delete any added Quick Actions and to rename or update the details of any. Once a Quick Action has been configured it will be available to run from the Actions tab and from the spotlight in InsightConnect, InsightIDR, and InsightVM.

Available connection-based actions

Quick Actions currently supports the following actions that require connections:

IP Address Look Up with VirusTotal
Look Up Domain with VirusTotal
Look Up URL with VirusTotal
Look Up File Hash with VirusTotal
Look Up Domain with URL Scan
Look Up URL with URL Scan
Look Up IP Address with Alien Vault OTX
Look Up IPv6 Address with Alien Vault OTX
Look Up Domain with Alien Vault OTX
Look Up URL with Alien Vault OTX
Look Up URL with CheckPhish
Look Up IP Address with Shodan
Look Up IP Address with GreyNoise
Look Up IP Address with AbuseIPDB
Look Up File Hash with Hybrid Analysis
Create Issue with Jira
Create Incident with ServiceNow
Look Up Agent with Rapid7 Insight Agent
Search Vulnerabilities with AttackerKB
Send Message with Microsoft Teams
Get Indicator by Value with Threat Command TIP

Did this page help you?