InsightIDR REST API

Here, you can view the APIs that are available in InsightIDR, along with their capabilities. For all other Rapid7 APIs, view the Insight Platform API overview.

Accounts & Users

The Accounts and Users API allows you to search for and find InsightIDR accounts. A user is a container with all the associated account information from InsightIDR. An account is what that user logs into, such as Active Directory or an Office 365 user token.

Capabilities

Assets

The Assets API allows you to find and search InsightIDR assets. An asset is a single device that is connected to your network or under your management, such as a server, laptop, or virtual machine. When you feed data to InsightIDR, you are able to see a variety of metrics about your assets, such as data collection issues, the number of assets monitored with the Insight Agent, restricted assets, and unique processes that are happening on assets.

Capabilities

Attachments

The Attachments API allows you to upload, list, download, and delete attachments.

Capabilities

Comments

The Comments APIs allows you to create, list, and delete comments.

Capabilities

Community Threats

These threat APIs allow you to add or replace indicators for Community Threats.

Capabilities

Detection Rules

The Detection Rules REST API allows you to programmatically perform the actions available in the InsightIDR Detection Rules UI. Read more about Detection Rules.

Investigations

The Investigations APIs allows you to view any existing investigations, modify or close investigations, and set the investigation status.

With Version 1 of the API, you can pull data from InsightIDR investigations into your preferred security and case tracking tools. The API can be used to:

  • Retrieve a list of investigations
  • Close investigations in bulk
  • Assign a user to an investigation
  • Set the status of an investigation

In addition to all of the tasks you can perform with Version 1 of the API, Version 2 can be used to:

  • Create investigations
  • Search investigations
  • List alerts associated with the specified investigation
  • Update an investigation
  • Set the disposition
  • Set the status or set the priority
  • Get a list of Rapid7 product alerts associated with the specified investigation

Version 2

Capabilities

Version 1

Capabilities

The Log Search REST API allows you to perform the majority of the actions available through the IDR Log Search UI, and has some additional functionality that is not available through the UI. You may use this API to automate common tasks (for example, via shell scripts), and to generally interact with InsightOps programmatically.