Metasploit

The InsightIDR integration with Metasploit is tied to the Metasploit spearphishing campaign feature.

When customers launch a spearphishing campaign in Metasploit and they have integrated the tool with InsightIDR, the "User Details" page tracks how the user has performed in the campaign. The tracker will show every action the user took in the campaign including:

• Receiving the email
• Opening the email
• Clicking on the link
• Providing their credentials on the spearphish site

How to configure the Metasploit integration

Integration between InsightIDR and Metasploit requires an API Key for the two products to communicate. Before attempting to configure this integration in InsightIDR, you'll need to generate the API Key.

Generate an API Key in Metasploit

To generate an API Key:

1. Log in to Metasploit Pro.
2. Select the Administration dropdown menu in the top right hand corner.
3. Select Global Settings.

4. The first tab on display is Global Settings. Select the API Keys tab.
5. Select the Create an API Key button.
6. Provide a Key name. An authentication token will be automatically generated.
7. Select Create.

8. Once the Key is created, it is stored in the API Keys table.

You can read more about Metasploit and API Keys here.

Configure InsightIDR to collect data from the event source

After you generate an API Key, you must add the Metasploit event source in InsightIDR.

To configure the new event source in InsightIDR:

1. From the left menu, go to Data Collection and click Setup Event Source > Add Event Source.
2. Do one of the following:
   • Search for Metasploit in the event sources search bar.
   • In the Product Type filter, select Rapid7.
3. Select the Metasploit event source tile.
4. Optionally, name this event source and choose timezone information.
5. Enter the Server URL and the port information about Metasploit. The default port is 3790.
6. Add the API token that was created with your API Key in Metasploit.
7. Select Save to start integrating these two products.