• Getting Started with SIEM (InsightIDR)
    • SIEM (InsightIDR) Overview
    • Essential | Quick Start Guide
    • Advanced | Quick Start Guide
    • Ultimate | Quick Start Guide
  • Setup and Deployment
    • System Requirements
      • Setting Up a Service Account
    • Network and Environment Audit
      • Core Event Sources
      • Log Data Collection and Storage
      • Data Archiving
      • Non-Admin Domain Controller Account
      • Read-Only Domain Controllers
    • Ports Used by SIEM (InsightIDR)
    • Collector Overview
      • Collector Requirements
      • Collector Installation and Deployment
      • Collector Troubleshooting
      • Collector Proxy Configuration
    • Insight Agent
      • Configure the Insight Agent to Send Additional Logs
      • Microsoft Windows Defender Antivirus
      • Velociraptor Integration
    • FIM Recommendations
    • Other Deployment Options
  • Automation
    • Get Started with Automation
    • Get Started with Automation for Legacy Detection Rules and Basic Detection Rules
      • Triggers for Legacy Detection Rules and Basic Detection Rules
    • Insight Orchestrator Overview
      • Configure Connections For Automation
      • Automation Workflow Templates
    • Automation Workflows
      • Kill a Process
      • Suspend or Disable a User
      • Quarantine an Asset
      • Create a ServiceNow or JIRA Ticket
    • Automated Enrichment Workflows
      • Enrich Alert Data with Open Source Plugins
    • Get Started with On Demand Response Actions
    • Automation Troubleshooting
    • Send Automation (InsightConnect) Events to SIEM (InsightIDR)
  • How To
    • Manage Credentials
    • Search Your Logs
    • Transform Logs to Universal Event Format
    • Delete and Reinstall a Collector
    • Deploy Deception Technology
    • Investigate an Asset or User
    • Manage Event Sources
      • Edit Event Sources
      • Copy Event Sources to a New Collector
    • Export Data
    • Access AWS Resources with EC2 IAM Roles
    • Monitor Your Security Operations Activities
  • Concepts and Usage
    • Rapid7 Resource Names
    • Detection Rules
      • Modify Detection Rules
      • Modify Legacy Detection Rules
      • Custom Detection Rules
      • Custom Detection Rules FAQ
      • Detection Library
      • Detection Rule Exceptions
      • Create and Manage Basic Detection Rules
      • Basic Detection Rule Details
      • Basic Detection Rules and Automation (InsightConnect)
    • Notable Events
    • Alerts
      • Take Action on an Alert
      • Anatomy of an Alert
    • Investigations
      • Create an investigation
      • Analyze an investigation
      • Schedule endpoint queries
      • Close an investigation
      • Multi-Customer Investigations
    • Investigate Digital Risk Protection (Threat Command) Alerts
    • Velociraptor
    • Assets on Your Domain
      • Mark an asset as restricted
      • Manage your Processes and Hashes
      • Exploitable Vulnerabilities
      • Lateral Movement
    • Dashboards and Reports
      • R7 Managed: Endpoint Visibility Validation Dashboard
    • Deception Technology
      • Honeypot
      • Honey Users
      • Honey Files
      • Honey Credentials
      • Honey Alerts
      • Troubleshooting Honeypots
      • AWS Honeypots
    • File Access Activity Monitoring
    • File Integrity Monitoring
      • File Integrity Monitoring for Linux
      • Search Logs for FIM Events
    • Log Search
      • Log Sets You Can Search
      • Components for Building a Query
      • Keys to Use in Your Queries
      • Example Queries
      • Use Variables in Queries
      • Tips and Tricks for Building Queries
      • Leverage Enhanced Endpoint Telemetry Data
      • Create Custom Parsing Rules
      • Legacy Log Search
      • Glossary
    • Network Rules
      • Network zones and policies
      • Owned and Ignored Domains
      • Firewall Rules
      • IP Addresses
    • Network Traffic Analysis
    • Threats
      • Utilize Existing Threats
      • Add and Manage Threats
    • Users and Accounts
      • Admin Users
      • Non-Expiring and Service Accounts
      • Shared and Linked Accounts
      • Watchlist and Risky Users
      • User Tags
      • Audit Logging
      • User Attribution
    • Quick Actions
    • Data Storage and Retention FAQs
  • Detection Library
    • Overview
    • Rules by Rule Set
      • Agrius
      • Antlion
      • APT Groups
      • BAHAMUT
      • Balikbayan Foxes
      • Bax 026 of Iran
      • BlackOasis
      • Blackshadow
      • BlackTech
      • Blind Eagle
      • BRONZE BUTLER
      • CactusPete APT
      • Carbanak
      • Chamelgang
      • Cloud Service Activity
      • Cobalt Group
      • Cosmic Lynx
      • CrouchingYeti
      • Current Events
      • Dark Basin
      • Dark Caracal
      • Darkhotel
      • DarkHydrus
      • Deep Panda
      • Desert Falcons
      • Domestic Kitten
      • DragonOK
      • DustSquad
      • Dust Storm
      • Elderwood
      • Elephant Beetle
      • Energetic Bear
      • Epic Manchego
      • Evil Corp
      • Evilnum
      • FIN Groups
      • FunnyDream
      • Gallmaker
      • Gamaredon Group
      • Gaza Hacker Team
      • GCMAN
      • GhostEmperor
      • Gorgon Group
      • Greenbug
      • Group 5
      • Group 72
      • Hafnium
      • Harvester
      • Hexane
      • Hidden Lynx
      • Hive Ransomware
      • Honeybee
      • Indra
      • IronHusky
      • KeyBoy
      • KilllSomeOne
      • Kimsuky
      • Lazarus Group
      • Leafminer
      • Lebanese Cedar
      • Lotus Blossom
      • Machete
      • Magnat
      • Malsmoke
      • Migrated Legacy Rules
      • ModifiedElephant
      • Mofang
      • Molerats
      • Moses Staff
      • Muddywater
      • Mustang Panda
      • Mythic Leopard
      • Naikon
      • NEODYMIUM
      • Network Traffic Analysis
      • Night Dragon
      • North Korean State-Sponsored Actor
      • OldGremlin
      • Orangeworm
      • Patchwork
      • PLATINUM
      • Poseidon Group
      • Promethium
      • Pyxie
      • Rancor
      • RedCurl
      • Roaming Mantis
      • Rocke
      • RTM
      • Rocket Kitten
      • Sandworm Team
      • SCADAfence
      • Scarlet Mimic
      • SideCopy
      • Silence
      • Silent Librarian
      • SilverTerrier
      • Soft Cell
      • Sowbug
      • Spring Dragon APT
      • Stealth Falcon
      • Stolen Pencil
      • Strider
      • StrongPity
      • Suckfly
      • Suspicious Ingress Authentications
      • Suspicious Network Activity
      • Suspicious Network Connections
      • Suspicious Process Access
      • Suspicious Registry Events
      • Suspicious User Behavior
      • Suspicious Web Requests
      • SWEED
      • TA459
      • TA505
      • Taidoor
      • TeamTNT
      • The Mabna Hackers
      • The White Company
      • Threat Group-1314
      • Thrip
      • Tropic Tropper
      • Turbine Panda
      • Turla
      • UAC-0056
      • UNC1151
      • UNC1945
      • Velvet Chollima
      • Whitefly
      • Windshift
      • WIRTE
      • Wizard Spider
      • XDSpy
      • Yalishanda
    • Rules by Endpoint
      • Windows Suspicious Process
      • Windows Suspicious Services
      • Mac Suspicious Process
      • Linux Suspicious Process
      • Visibility Monitoring
      • Velociraptor
    • Legacy Detection Rules
  • SIEM (InsightIDR) REST APIs
    • SIEM (InsightIDR) REST APIs
  • Event Source Configuration
    • SIEM (InsightIDR) Event Sources
    • Data Collection Methods
    • Advanced Event Source Settings
    • Monitor Event Source Health
    • Event Source Troubleshooting
    • Auto Configure
    • Rapid7 Products
      • Vulnerability Management (InsightVM)
      • Metasploit
    • Active Directory
      • Microsoft Active Directory Security Logs
      • Troubleshooting Active Directory
    • Advanced Malware
      • FireEye NX
    • Cloud Services
      • 1Password
      • Auth0
      • Amazon Security Lake
      • AWS AppFabric
      • AWS CloudTrail API
      • AWS CloudTrail SQS
      • Box.com
      • Centrify
      • Cisco AMP
      • Cloudflare
      • Duo Security
      • Google Apps
      • Google Cloud Platform
      • Idaptive
      • Imperva WAF
      • Microsoft Azure
      • Mimecast API 2.0
      • Office 365 (plus GCC and GCC High)
      • Okta.com
      • OneLogin
      • Palo Alto Cortex Data Lake
      • Ping Identity PingOne
      • Proofpoint Targeted Attack Protection
      • Salesforce.com
      • Workday
      • Zoom
    • Data Exporter
      • HP ArcSight
      • Splunk
      • ServiceNow
      • Universal Webhook
      • Resilient Systems
    • Database
      • Microsoft SQL Database Audit Logs
    • DHCP
      • Microsoft DHCP
      • Cisco IOS
      • Infoblox Trinzic
      • ISC dhcpd
      • DHCP Troubleshooting
    • DNS
      • Microsoft DNS
      • Cisco Umbrella
      • ISC Bind9
      • DNS Troubleshooting
    • Email and ActiveSync
      • Microsoft ActiveSync and Outlook Web Access
    • Firewall
      • Arista Next Generation Firewall
      • Cato Networks
      • Barracuda Firewall
      • Check Point
      • Cisco ASA
      • Cisco FirePower Threat Defense
      • Cisco Meraki Firewall/VPN
      • Forcepoint Firewall
      • Fortinet Firewall
      • Juniper Networks ScreenOS
      • Palo Alto Networks Firewall and VPN (plus Wildfire)
      • pfSense Firewall
      • SilverPeak SD WAN
      • SonicWALL Firewall
      • Sophos UTM
      • Sophos XG Firewall
      • Versa Networks
      • WatchGuard XTM
    • IDS
      • Cisco Firepower (Sourcefire IDS, Cisco FireSIGHT)
      • F5 Networks BIG-IP Local Traffic Manager
      • McAfee IDS
      • Security Onion
      • Sentinel IPS
      • Snort
      • Network Sensor
    • Ingress Authentication
      • Zscaler LSS
    • LDAP
      • LDAP Troubleshooting
      • AWS Managed Microsoft AD
    • Universal Event Sources
      • Rapid7 Universal DHCP
      • Rapid7 Universal Antivirus
      • Rapid7 Universal Ingress Authentication
      • Rapid7 Universal VPN
    • Raw Data
      • Generic Windows Event Log
      • Custom Logs
      • AWS SQS
      • NXLog
      • Syslog Logging
    • Log Aggregators
      • LogRhythm
      • Splunk
      • IBM QRadar
    • Third Party Alerts
      • AWS GuardDuty
      • Carbon Black EDR
      • Claroty xDome
      • Code42
      • Crowdstrike Falcon
      • CyberArk Vault
      • Cybereason
      • CylancePROTECT Cloud
      • Darktrace
      • Google Cloud Platform Security Command Center
      • Microsoft Defender for Endpoint
      • Microsoft Security
      • Netskope
      • Palo Alto Networks Cortex XDR
      • Palo Alto Networks Traps ESM
      • Salesforce Threat Detection
      • SCADAfence
      • Varonis DatAdvantage
      • Vectra Networks
    • Virus Scan
      • BitDefender
      • Carbon Black Cloud
      • CylancePROTECT
      • ESET Antivirus
      • Kaspersky Anti-Virus
      • MalwareBytes Endpoint Protection
      • McAfee ePO
      • Palo Alto Networks Traps TSM
      • SentinelOne Endpoint Detection and Response
      • Sophos Central
      • Sophos Enduser Protection
      • Sophos Intercept X
      • Symantec Endpoint Protection
      • Trend Micro Apex One
      • Trend Micro Deep Security
      • Trend Micro OfficeScan
    • VPN
      • Barracuda SSL VPN
      • Cisco ACS
      • Cisco ISE
      • Microsoft IAS (RADIUS)
      • Microsoft Remote Web Access
      • NetScaler VPN
      • Pulse Connect Secure
      • OpenVPN
    • Web Proxy
      • Barracuda Web Security Gateway
      • Blue Coat Proxy
      • McAfee Web Gateway
      • Sophos Secure Web Gateway
      • Websense
      • Zscaler NSS
    • Web Server Access
      • Microsoft IIS
  • Administration
    • Monthly Data Usage
    • Browser Settings
    • Email Notifications
    • User Management
    • Single Sign-On
  • Release Notes
    • Command Platform Release Notes
  • Support
    • Contact the Rapid7 Support team
    • Share an idea with Rapid7
    • Rapid7 IDR AI Usage

Automation Troubleshooting
Copy link

If you are experiencing issues with the Insight Orchestrator, you can use one of the solutions below to try and resolve the problems:

  • Orchestrator Troubleshooting 
  • Workflow Troubleshooting 
  • Step Connection Troubleshooting 
  • Failed Job Troubleshooting 
ℹ️

If these solutions don’t seem to work, you can always Contact Rapid7 Support  for additional help.

  • © Rapid7
    • Legal Terms
    • Privacy Policy
    • Export Notice
    • Trust