Rapid7

Supported OS Linux Windows Mac OS

marketplace

Overview

This integration tracks the status of currently open and recently closed Rapid7 investigations. This integration will post to the event stream when an event opens and closes, and aggregates these events around the investigation’s ID.

The log portion of the check (if enabled) uses the Rapid7 REST API to query IDR log streams. The integration returns all logs that are not considered Rapid7 platform-level logs. These logs are submitted to Datadog. Note: Submission of these logs may incur extra fees based on your Datadog pricing plan, as described in the Datadog Log Management pricing structure. These logs are typically composed of Rapid7 endpoint agent summaries and the statuses of their processes at a given time.

Dashboards

  1. This integration comes with an out-of-the-box dashboard that summarizes Rapid 7 Investigations
  2. This integration also includes an example dashboard based on logs. This dashboard is available upon installation of the integration, but it requires creating a facet for the R7 log source in order to begin seeing data flow.

Events

This integration generates Datadog events for new open/closed investigations. The integration tracks the state of an investigation based on its ID and aggregates the open and close events generated together.

Metrics

The count of logs processed per check is reported as a metric.

Log Collection

Log collection is optional and disabled by default. This integration calls to Rapid7 logs API to query all logs available in the last time interval. The default time interval is the last minute. You can specify specific Log Sets as detailed in Rapid7 insightIDR Log Search Documentation to get only those logs.

Support

For support or feature requests, contact RapDev.io through the following channels:


Made with ❤️ in Boston

This isn’t the integration you’re looking for? Missing a critical feature for your organization? Drop RapDev a note, and we’ll build it!!


This application is made available through the Datadog Marketplace and is supported by a Datadog Technology Partner. To use it, purchase this application in the Marketplace.

PREVIEWING: mcretzman/DOCS-9337-add-cloud-info-byoti