Are you stuck?
If you're unsure how to get started or are stuck in your usage of InsightConnect, this page has resources, support, and knowledge to help you reach your goals.
- I don't know how to get started
- I'm a security professional looking for quick wins from automation
- I don't know what I should automate
- I imported a workflow from the Extension Library, but it isn't working
- My workflow is failing
- I'm having trouble with my orchestrator
- I'm having trouble with a plugin
I don't know how to get started
First, log on to insight.rapid7.com and select the InsightConnect tile. If this tile is missing, you’ll need to talk to an Insight Platform administrator at your company to be granted access to InsightConnect. If you are already a Platform administrator and the tile is still missing, reach out to Rapid7 for assistance.
Once you log in, you’ll see the initial setup wizard that guides you through setting up InsightConnect and establishing your initial workflow with a check-list and video series. In addition, on the InsightConnect Home page, there’s a Discover tab that will help you get started.
I'm a security professional looking for quick wins from automation
Try the following links:
- When you log in to InsightConnect for the first time, you'll see the onboarding wizard. Video content from the wizard is also available from the documentation.
- Explore the Extension Library to see all the pre-built workflows available to you:
- Explore the Discuss Forums
The orchestrator is required to leverage most plugins in InsightConnect. The easiest way to get an orchestrator running is to send instructions to somebody who can install the orchestrator for you. InsightConnect can "automate" this process for you:
- Login to InsightConnect
- Go to Settings, then Orchestrators
- Click on Install Orchestrator and select Send an email to my IT team
See the Orchestrator Installation Documentation for details.
Rapid7 is here to help! If you're unsure on how to get started or would just like some help, please reach out to your Customer Success Manager.
I'm looking to replicate my existing process in InsightConnect
InsightConnect is an extremely flexible automation framework. You can accomplish most automations (workflows in InsightConnect) without any code at all using the workflow builder. After reviewing our Core Concepts Mini-Courses and workflow steps, you should be able to start!
Rapid7 Professional Services
Rapid7 offers professional services tailored to helping you integrate InsightConnect into your security program. For more information, see the InsightConnect Services Page and reach out to your Customer Success Manager or Account Executive.
Many use cases are already built out. You can modify them to meet your unique needs. There are examples in the mini-courses of modifying workflows from the Extension Library. Starting with a pre-built workflow can save considerable time in getting your custom workflow up and running.
If you prefer to start from scratch, you should learn how to organize a workflow to keep it manageable. The Workflow Building Strategies post in the Discuss Forum is a good reference. Don't be shy about posting in the Discuss Forum - there are no dumb questions!
Finally, if you already have automation implemented with Python or PowerShell scripts, you can copy them into InsightConnect and run them as a single step in a workflow using the Python or PowerShell plugin.
Be careful when copying existing scripts
When copying an existing script into InsightConnect, you lose most of the manageability, reporting, and transparency that a fully native workflow provides.
I don't know what I should automate
InsightConnect is capable of a huge range of tasks, so that’s understandable!
Exploring the example workflows in the Extension Library should give you some ideas. Once you've determined what you want to automate, use the resources on this page and elsewhere in the documentation for implementation instructions and troubleshooting information.
Ask yourself this question...
What is the most repetitive and time-consuming task that we do on a regular basis?
- Compile a list of tasks.
- Determine which systems and services are involved.
- Search the Extension Library for pre-built workflows, both by task or use case and by plugin, to determine your quickest win!
I imported a workflow from the Extension Library, but it isn't working
The single most common reason for an Extension Library workflow failing is that it was incorrectly imported and set up. Here are some of the most common issues:
- The connections for the plugins were not configured during the import wizard.
- The easiest fix is to delete the workflow and re-import it while ensuring that all connections are configured in the import wizard. Unconfigured connections appear with a yellow dot on them in the workflow import wizard.
- The workflow is misconfigured.
- Most workflows require some configuration inside the workflow itself to function. These settings are environment-specific, such as your Active Directory domain or the Slack channel to monitor. Read the documentation for the workflow (available in the Extension Library) and ensure that you have made all the changes indicated.
- There is a permission or credential issue blocking a plugin from connecting to a system or service.
- This is a common and unavoidable problem among workflows. The best place to start is in the troubleshooting guide.
A note on credential tests
A successful connection test only checks the credentials. There could be a permission issue preventing the configured account from performing a desired action. For example, a read-only domain account will pass the Active Directory LDAP connection test, but will fail to disable a user account.
If none of these match your issue, please review the discussion topics around the workflow in the Extension Library:
- Browse to the workflow in the Extension Library.
- Select the Discussion tab (next to Documentation).
- Look for a matching topic.
- If one doesn't exist, please start a new one.
Support is always available to you. Feel free to open a ticket for any issue you may encounter, and we'll take a look at it.
My workflow is failing
A failing workflow can be the result of many things - incorrect input, incorrect assumptions, a bug, a bad connection configuration, or a service outage. Identifying the cause of a failure starts with identifying which type of issue you're encountering.
Refer to the dedicated workflow troubleshooting guide for detailed guidance and step-by-step instructions.
I'm having trouble with my orchestrator
The Orchestrator Documentation is your go-to resource for all things orchestrator related.
Only reset as a last resort!
While the documentation mentions resetting an orchestrator, this is a last resort and should only be performed if directed by Rapid7. Resetting an orchestrator gives it a new identity while leaving the old identity paired to InsightConnect. The result is all your workflows and connections need to be updated to use the new orchestrator.
If you are unable to resolve your issues using the orchestrator documentation, please create a support ticket and we'll take a look at it.
Let us know about problems
We want to know about any problems you encounter so we can make the orchestrator as easy to work with as possible. Opening a support ticket allows us to identify where we can enhance the orchestrator.
I'm having trouble with a plugin
Plugin issues generally fall into 4 categories:
- Connection configuration errors
- Permission issues
- Incorrect input in the workflow
- A bug in the plugin
While we work to ensure as smooth an experience as possible, we don't use these plugins on a daily basis. Each plugin has a dedicated discussion page associated with it and our Discuss Forum has a dedicated Plugins category. This is a great place to look for answers and ask questions about a plugin, or plugins in general. The Discuss Forum also allows you to leverage the experience of other security practitioners in addition to the Rapid7 InsightConnect team.
I'm having trouble with the Microsoft Teams plugin
The Microsoft Teams plugin requires a very specific configuration. Unfortunately, because of the restrictions on the Microsoft Teams API InsightConnect uses, the user account must not be federated or have multi-factor authorization enabled.
Microsoft Teams Account Domain
Many Microsoft Teams issues are caused by account authentication requirements.
- Create the account for Microsoft Teams on the
- Ensure that the account has a Microsoft Teams license.
- Double-check the Graph API permissions and pay special attention to Delegated vs Application permissions.