Configure Connections For Automation | InsightIDR Documentation

After you install and activate the Insight Orchestrator, you can configure connections to third party plugins in order to execute automatic actions.

You can configure connections for the following plugins:

After you configure these connections, you must activate workflow templates before you can start using automated workflows.

Active Directory

In order to configure this connection, ensure the account you use to set up the connection has permissions to disable users in Active Directory.

You also need the following information to configure Active Directory with the Insight Orchestrator:

RequirementParameters
Server host * IP address with a URI prefix of ldap:// (unencrypted connection) or ldaps:// (encrypted connection) if using SSL.
* For example, ldap://192.5.5.5.
SSLTrue
PortPort of server. By default, the port is 389.
Username and passwordCredentials in a DOMAIN\username format.

Okta

You need the following information to configure Okta with the Insight Orchestrator:

RequirementParameters
Okta URLThe URL of your Okta Domain. For example, dev-12345-admin.oktapreview.com.
Okta API KeyThe Okta API key

Carbon Black Response

In order to access and isolate an asset, the account that has the API Key must be an Administrator.

You need the following information to configure Carbon Black Response with the Insight Orchestrator:

  • Server API URL
  • If you need to enable SSL Verify
  • Carbon Black Response API Key
RequirementParameters
Server API URLThe URL of your Carbon Black Server API.
SSL VerifyTrue. SSL certificate verification.
CB Response API Key.API token in your Carbon Black profile.

JIRA

In order to configure this connection, the account you use to set up the connection must have permissions to create tickets in JIRA.

You need the following information to configure JIRA with the Insight Orchestrator:

RequirementParameters
JIRA URLThe URL of your JIRA instance.
ProjectProject ID.
JIRA groupThe account must be assigned to the following default JIRA group: jira-software-users
Username and passwordThe credentials for JIRA account.

ServiceNow

To configure this connection, the account you use to set up the connection must have permissions to create tickets in ServiceNow.

Additionally, the connection to a ServiceNow data instance requires an external client registered to use the REST API through an OAUTH endpoint and a user with both itil and itil_admin roles. You can read more about these requirements on the ServiceNow documentation pages: https://docs.servicenow.com/bundle/jakarta-platform-administration/page/administer/roles/concept/c_UserAdministration.html?title=User_Administration

You also need the following information to configure ServiceNow with the Insight Orchestrator:

RequirementParameters
Instance NameThe instance-specific part of the host URL. For example, dev12345.
Client IDThe ID of the OAuth API endpoint established for the instance.
Client SecretThe secret of the OAuth API endpoint established for the instance.
Client UsernameThe name of the ServiceNow user of the OAuth API endpoint. This user role must have itil and itil_admin` or the equivalent.
Client PasswordThe password of the ServiceNow user of the OAuth API endpoint.

Now you can configure connections and activate workflow templates to start using automated workflows.

Configure Connections

After you gather information for your connections, you can configure the connections for your workflows.

To configure connections in InsightIDR:

  1. From your InsightIDR dashboard, select Data Collection on the left navigation menu.
  2. Go to the Automation Connections tab and click Create New Connection.
Screen Shot 2018-09-28 at 1.26.41 PM.png
  1. Name your connection, select the location of the connection, and select the third party application you are connecting to, such as Okta.
  2. Choose your existing application credentials, or click Create a New Credential from within the dropdown.
  3. Enter any other required parameters to setup the connection, such as application URLs or keys.
Screen Shot 2018-09-28 at 1.33.23 PM.png
  1. Click the Save button to add the connection.

The connection appears in the list of available Automation Connections.

Manage Connections

You can view, edit, or delete a connection by selecting the three dots menu on the right side of the connection.

Screen Shot 2018-09-28 at 1.39.31 PM.png