Configure Connections For Automation
After you install and activate the Insight Orchestrator, you can configure connections to third party plugins in order to execute automatic actions.
You can configure connections for the following plugins:
In order to configure this connection, ensure the account you use to set up the connection has permissions to disable users in Active Directory.
You also need the following information to configure Active Directory with the Insight Orchestrator:
Port of server. By default, the port is 389.
Username and password
Credentials in a DOMAIN\username format.
You need the following information to configure Okta with the Insight Orchestrator:
The URL of your Okta Domain. For example,
Okta API Key
The Okta API key
Carbon Black Response
In order to access and isolate an asset, the account that has the API Key must be an Administrator.
You need the following information to configure Carbon Black Response with the Insight Orchestrator:
- Server API URL
- If you need to enable SSL Verify
- Carbon Black Response API Key
Server API URL
The URL of your Carbon Black Server API.
CB Response API Key.
API token in your Carbon Black profile.
In order to configure this connection, the account you use to set up the connection must have permissions to create tickets in JIRA.
You need the following information to configure JIRA with the Insight Orchestrator:
The URL of your JIRA instance.
The account must be assigned to the following default JIRA group: jira-software-users
Username and password
The credentials for JIRA account.
To configure this connection, the account you use to set up the connection must have permissions to create tickets in ServiceNow.
Additionally, the connection to a ServiceNow data instance requires an external client registered to use the REST API through an OAUTH endpoint and a user with both
itil_admin roles. You can read more about these requirements on the ServiceNow documentation pages: https://docs.servicenow.com/bundle/jakarta-platform-administration/page/administer/roles/concept/c_UserAdministration.html?title=User_Administration
You also need the following information to configure ServiceNow with the Insight Orchestrator:
The instance-specific part of the host URL. For example,
The ID of the OAuth API endpoint established for the instance.
The secret of the OAuth API endpoint established for the instance.
The name of the ServiceNow user of the OAuth API endpoint. This user role must have
The password of the ServiceNow user of the OAuth API endpoint.
After you gather information for your connections, you can configure the connections for your workflows.
To configure connections in InsightIDR:
- From your InsightIDR dashboard, select Data Collection on the left navigation menu.
- Go to the Automation Connections tab and click Create New Connection.
- Name your connection, select the location of the connection, and select the third party application you are connecting to, such as Okta.
- Choose your existing application credentials, or click Create a New Credential from within the dropdown.
- Enter any other required parameters to setup the connection, such as application URLs or keys.
- Click the Save button to add the connection.
The connection appears in the list of available Automation Connections.
You can view, edit, or delete a connection by selecting the three dots menu on the right side of the connection.