Are you stuck?

If you're unsure how to get started or are stuck in your usage of InsightConnect, this page has resources, support, and knowledge to help you reach your goals.

I don't know how to get started

First, log on to insight.rapid7.com and select the InsightConnect tile. If this tile is missing, you’ll need to talk to an Insight Platform administrator at your company to be granted access to InsightConnect. If you are already a Platform administrator and the tile is still missing, reach out to Rapid7 for assistance.

Once you log in, you’ll see the initial setup wizard that guides you through setting up InsightConnect and establishing your initial workflow with a check-list and video series. In addition, on the InsightConnect Home page, there’s a Discover tab that will help you get started.

Additional resources

In addition to the in-product experience, we have a number of introductory and educational resources available, including instructor-led classes and documentation.

I'm a security professional looking for quick wins from automation

Try the following links:

Orchestrator required

The orchestrator is required to leverage most plugins in InsightConnect. The easiest way to get an orchestrator running is to send instructions to somebody who can install the orchestrator for you. InsightConnect can "automate" this process for you:

  1. Login to InsightConnect
  2. Go to Settings, then Orchestrators
  3. Click on Install Orchestrator and select Send an email to my IT team

See the Orchestrator Installation Documentation for details.

Strategy call

Rapid7 is here to help! If you're unsure on how to get started or would just like some help, please reach out to your Customer Success Manager.

I'm looking to replicate my existing process in InsightConnect

InsightConnect is an extremely flexible automation framework. You can accomplish most automations (workflows in InsightConnect) without any code at all using the workflow builder. After reviewing our Core Concepts Mini-Courses and workflow steps, you should be able to start!

Rapid7 Professional Services

Rapid7 offers professional services tailored to helping you integrate InsightConnect into your security program. For more information, see the InsightConnect Services Page and reach out to your Customer Success Manager or Account Executive.

Many use cases are already built out. You can modify them to meet your unique needs. There are examples in the mini-courses of modifying workflows from the Extension Library. Starting with a pre-built workflow can save considerable time in getting your custom workflow up and running.

If you prefer to start from scratch, you should learn how to organize a workflow to keep it manageable. The Workflow Building Strategies post in the Discuss Forum is a good reference. Don't be shy about posting in the Discuss Forum - there are no dumb questions!

Finally, if you already have automation implemented with Python or PowerShell scripts, you can copy them into InsightConnect and run them as a single step in a workflow using the Python or PowerShell plugin.

Be careful when copying existing scripts

When copying an existing script into InsightConnect, you lose most of the manageability, reporting, and transparency that a fully native workflow provides.

I don't know what I should automate

InsightConnect is capable of a huge range of tasks, so that’s understandable!

Exploring the example workflows in the Extension Library should give you some ideas. Once you've determined what you want to automate, use the resources on this page and elsewhere in the documentation for implementation instructions and troubleshooting information.

Ask yourself this question...

What is the most repetitive and time-consuming task that we do on a regular basis?

  1. Compile a list of tasks.
  2. Determine which systems and services are involved.
  3. Search the Extension Library for pre-built workflows, both by task or use case and by plugin, to determine your quickest win!

I imported a workflow from the Extension Library, but it isn't working

The single most common reason for an Extension Library workflow failing is that it was incorrectly imported and set up. Here are some of the most common issues:

  • The connections for the plugins were not configured during the import wizard.
    • The easiest fix is to delete the workflow and re-import it while ensuring that all connections are configured in the import wizard. Unconfigured connections appear with a yellow dot on them in the workflow import wizard.
  • The workflow is misconfigured.
    • Most workflows require some configuration inside the workflow itself to function. These settings are environment-specific, such as your Active Directory domain or the Slack channel to monitor. Read the documentation for the workflow (available in the Extension Library) and ensure that you have made all the changes indicated.
  • There is a permission or credential issue blocking a plugin from connecting to a system or service.
    • This is a common and unavoidable problem among workflows. The best place to start is in the troubleshooting guide.

A note on credential tests

A successful connection test only checks the credentials. There could be a permission issue preventing the configured account from performing a desired action. For example, a read-only domain account will pass the Active Directory LDAP connection test, but will fail to disable a user account.

If none of these match your issue, please review the discussion topics around the workflow in the Extension Library:

  1. Browse to the workflow in the Extension Library.
  2. Select the Discussion tab (next to Documentation).
  3. Look for a matching topic.
  4. If one doesn't exist, please start a new one.

Support is always available to you. Feel free to open a ticket for any issue you may encounter, and we'll take a look at it.

My workflow is failing

A failing workflow can be the result of many things - incorrect input, incorrect assumptions, a bug, a bad connection configuration, or a service outage. Identifying the cause of a failure starts with identifying which type of issue you're encountering.

Refer to the dedicated workflow troubleshooting guide for detailed guidance and step-by-step instructions.

I'm having trouble with my orchestrator

The Orchestrator Documentation is your go-to resource for all things orchestrator related.

Only reset as a last resort!

While the documentation mentions resetting an orchestrator, this is a last resort and should only be performed if directed by Rapid7. Resetting an orchestrator gives it a new identity while leaving the old identity paired to InsightConnect. The result is all your workflows and connections need to be updated to use the new orchestrator.

If you are unable to resolve your issues using the orchestrator documentation, please create a support ticket and we'll take a look at it.

Let us know about problems

We want to know about any problems you encounter so we can make the orchestrator as easy to work with as possible. Opening a support ticket allows us to identify where we can enhance the orchestrator.

I'm having trouble with a plugin

Plugin issues generally fall into 4 categories:

  1. Connection configuration errors
  2. Permission issues
  3. Incorrect input in the workflow
  4. A bug in the plugin

Discuss Forum

While we work to ensure as smooth an experience as possible, we don't use these plugins on a daily basis. Each plugin has a dedicated discussion page associated with it and our Discuss Forum has a dedicated Plugins category. This is a great place to look for answers and ask questions about a plugin, or plugins in general. The Discuss Forum also allows you to leverage the experience of other security practitioners in addition to the Rapid7 InsightConnect team.

I'm having trouble with the Microsoft Teams plugin

The Microsoft Teams plugin requires a very specific configuration. Unfortunately, because of the restrictions on the Microsoft Teams API InsightConnect uses, the user account must not be federated or have multi-factor authorization enabled.

Microsoft Teams Account Domain

Many Microsoft Teams issues are caused by account authentication requirements.

  1. Create the account for Microsoft Teams on the <yourdomain>.onmicrosoft.com domain.
  2. Ensure that the account has a Microsoft Teams license.
  3. Double-check the Graph API permissions and pay special attention to Delegated vs Application permissions.

I imported a workflow from the Extension Library and I'm being asked to set up my connections again

This is a common occurrence that is caused by your connection being set up for a different version of the plugin. While connection information may remain the same, the connection configuration could change between versions of a plugin. For example, one version of a plugin may contain a configurable connection retry while a previous version may have this configuration hard-coded.

While the connection may need to be duplicated, in most cases your credentials can be reused. When configuring the new connection, select the same credential from the drop-down list you are utilizing in your existing connection.

I imported a workflow from the Extension Library and it's telling me the plugins are out of date

Workflows in the extension library are created at a point in time. If a plugin used in a workflow has been updated since the workflow was released, the workflow will be using the old version of the plugin. You can update the plugins, but it is not necessary. The plugins are self-contained and isolated on the orchestrator. They can't accept inbound connections.

Plugins are updated primarily to implement new features and to change their behavior. The workflow you imported doesn't use these new features and it expects the behavior of that specific version of the plugin. If you update the plugins in a workflow, especially between major versions, the workflow may require some modification to function with the new version of the plugin.