Overview
This article provides a step-by-step guide on how to integrate Druva with Rapid7 InsightIDR using webhooks to collect and analyze Druva event data. This process is beneficial for system administrators, security analysts, and IT professionals who want to centralize their event logs for better monitoring and security posture.
Prerequisites
Access to the Druva Console with permissions to create webhooks.
Access to the Rapid7 InsightIDR Console with permissions to add event sources.
A JSON Events Key for webhook configuration.
Step 1: Configure Event Source in InsightIDR
Log in to InsightIDR.
Navigate to Data Collection > Setup Event Source > Add Event Source.
Click Add Raw Data > Custom Logs.
Alternatively, search for "Custom Logs" or filter by "Rapid7 Product Type," then select Rapid7 Custom Logs.
Set the collection method to Webhook.
Name your event source.
7. Click Copy to copy the Webhook URL. This URL will be used in Druva.
8. (Optional) Click Generate a new Webhook URL to create an additional URL or replace an existing one.
9. Click Save.
Step 2: Configure Webhook in Druva
Log in to the Druva Console.
Navigate to Integration Center > Webhooks.
Click Add New Webhook.
Fill in the following details:
Provider: Select Generic HTTP.
Name: Enter a descriptive name.
Webhook URL: Paste the Webhook URL copied from InsightIDR.
Authorization Type: Enter the API Key (JSON Events Key).
Events: Select the specific Druva events you want to trigger the webhook.
Click Save to finalize the integration.
Step 3: Test the Configuration You can verify the webhook integration using a curl command.
Example 1: JSON Payload
curl --verbose <your-webhook-URL> --header "Content-type:application/json" --data "{\"message\":\"Something else happened\",\"user\":\"jsmith\",\"hostname\":\"server1\"}"
Example 2: Raw Text Message
curl --verbose <your-webhook-URL> --header "Content-type:application/text" --data "Raw text message"
Replace <your-webhook-URL> with the copied URL from InsightIDR.