This article explains how to configure a webhook in Druva and integrate it with Rapid7 InsightIDR (SIEM) to collect and analyze Druva event data.
Prerequisites
Access to the Druva Console with permission to create webhooks.
Access to the Rapid7 InsightIDR Console with permission to add event sources.
JSON Events Key (to be configured in the webhook).
Step 1: Configure Event Source in InsightIDR
Log in to InsightIDR.
From the left menu, navigate to:
β Data Collection > Setup Event Source > Add Event Source.Click Add Raw Data > Custom Logs.
Alternatively, search for Custom Logs or filter by Rapid7 Product Type, then select Rapid7 Custom Logs.
Set the collection method to Webhook.
Configure Webhook Collection in InsightIDR
Name your event source.
Click Copy to copy the Webhook URL. This will be used in Druva.
(Optional) Click Generate a new Webhook URL to create an additional URL or replace an existing one.
Configure the JSON Events Key.
Click Save.
Step 2: Configure Webhook in Druva
Log in to the Druva Console.
Navigate to Integration Center > Webhooks.
Click Add New Webhook.
Fill in the following details:
Provider: Select Generic HTTP.
Name: Enter a descriptive name.
Webhook URL: Paste the Webhook URL copied from InsightIDR.
Authorization Type: Enter the API Key (JSON Events Key).
Events: Select the specific Druva events you want to trigger the webhook.
Click Save to finalize the integration.
Step 3: Test the Configuration
You can verify the webhook integration using a curl command from any system (Windows, Mac, Linux):
Example 1: JSON Payload
curl --verbose <your-webhook-URL> \
--header "Content-type:application/json" \
--data "{\"message\":\"Something else happened\",\"user\":\"jsmith\",\"hostname\":\"server1\"}"
Example 2: Raw Text Message
curl --verbose <your-webhook-URL> \
--header "Content-type:application/text" \
--data "Raw text message"
Replace <your-webhook-URL> with the copied URL from InsightIDR.