When customers launch a spearphishing campaign in Metasploit and they have integrated the tool with InsightIDR, the "User Details" page tracks how the user has performed in the campaign. The tracker will show every action the user took in the campaign including:
- Receiving the email
- Opening the email
- Clicking on the link
- Providing their credentials on the spearphish site
How to Configure the Metasploit Integration
Integration between InsightIDR and Metasploit requires an API Key for the two products to communicate. Before attempting to configure this integration in InsightIDR, you'll need to generate the API Key.
Generate an API Key in Metasploit
To generate an API Key:
- Log in to Metasploit Pro.
- Select the Administration dropdown menu in the top right hand corner.
- Select Global Settings.
- The first tab on display is Global Settings. Select the API Keys tab.
- Select the Create an API Key button.
- Provide a Key name. An authentication token will be automatically generated.
- Select Create.
- Once the Key is created, it is stored in the API Keys table.
You can read more about Metasploit and API Keys here.
Configure the InsightIDR Event Source
To configure the event source:
- Log in to InsightIDR.
- From your dashboard, select Data Collection on the left hand menu.
- At the top right of the page, select the Setup Event Source dropdown and then choose Add Event Source.
- Select the Metasploit Shield icon from the Rapid7 section.
- Optionally, name this event source and choose timezone information.
- Enter the Server URL and the port information about Metasploit. The default port is 3790.
- Add the API token that was created with your API Key in Metasploit.
- Select Save to start integrating these two products.