Set Up an Insight Platform Trigger

InsightConnect makes it easy to work with your existing Insight platform tools. Any activated workflow with an Insight platform trigger will automatically appear in the list of available workflows in your other Insight products.

Set Up an Insight Platform Trigger

When you start creating a new workflow:

  1. When prompted, choose the trigger type from the "From Insight Platform" section.
    • InsightConnect currently supports InsightIDR and InsightVM notifications as triggers.
  2. Name the trigger.
  3. Add a description.
  4. Click Continue.

Why don't I have to configure output for Insight platform triggers?

We configure all Insight platform output for you! Adding an Insight trigger to a workflow makes the workflow available within the respective product.

These workflows only run when you activate them within the Insight product.

Platform Trigger Input Schema

Insight platform triggers ingest certain alert variables from the corresponding Insight product. Learn more about what alert data InsightConnect receives with the following input schema descriptions.

InsightIDR Trigger Input Schema

InsightConnect ingests the following variables when an InsightIDR alert trigger starts a workflow. Nested variables are indented under the parent.

actors - object containing the following variables

  • assets - array of objects containing the following variables
  • assetID - string
  • fqdn - string
  • shortname - string
  • users - array of objects containing the following variables
  • distinguishedName - string
  • emails - array of strings
  • name -string

contents - object containing the following variables

  • domains - array of strings
  • ipAddresses -- array of objects containing the following variables
  • ip - string
  • type - string
  • processes - array of objects
  • assetID - string
  • cmdline - string
  • hashes - array of objects containing string variables hash and type
  • name - string
  • processID - integer
  • urls - array of strings

description - string investigation ID - string link - string name - string timestamp - string type - string

InsightVM Trigger Input Schema

InsightConnect ingests the following variables when an InsightVM trigger starts a workflow. Nested variables are indented under the parent.

automationID - string description - string entities - object

  • cves - array of strings
  • policy - string
  • softwareupdates - array of strings
  • targets - array of objects containing the following variables
  • altHostnames - array of strings
  • altlps - array of strings
  • assetID - string
  • hostname - string
  • ip - string
  • timeout - integer

link - string name - string timestamp - string type - string