Forum Discussion

joe's avatar
4 years ago

Rapid7 integration with LogicMonitor

Hello y'all

Has anyone integrated Rapid7 InsightOps alerting with Logic Monitor? When I create my alert on rapid 7, i have an option of providing a webhook to Logic Monitor. I didn't see any integration on the LM exchange portal.

 

Has anyone done this? Tips and Guidance would be most appreciated

  • Hi Joe

    Without knowing exact details of how you are using Rapid7 InsightOps, as another customer of both LM and R7 I can offer a suggestion based on how we use it (which is log ingestion, visualization/presentation of log events and alerting on specific log events):  ask your CSM about doing an eval of LogicMonitor's  LM Logs product and you'll be able to ingest and see all of your log events while alerting on them directly in Logicmonitor instead of having to bounce between multiple platforms to accomplish that or spend effort on the care and feeding of a webhook bridge.

    Functionality-wise it makes a lot of sense to have log analysis and presentation integrated in the same product that accomplishes your other monitoring, and from other perspectives it is wholly justifiable too.  I expect that this is direction we are moving but don't tell the Rapid7 team that ? ?

  • Anonymous's avatar
    Anonymous

    I'd be sure to put in a feature request to be able to push events to LM via a callback URL. Some of the things that are happening behind the scenes might make that an inevitability, but it always helps to have customer support for features.

  • Rapid 7 has a few products.  One is nexpose which is a vulnerability scanner which I don't think would work well with a custom datasource unless you were only interested in something very basic like the risk score for a device.  The event source would probably be the best route to take for integrating the alerts into LM.

  • Anonymous's avatar
    Anonymous

    Ah, ok, sorry, I thought you were trying to egress. We don't have something as easy as a webhook built in, but given some of the things on the roadmap, I wouldn't guess it's very far off.

    For opening alerts in LM, what you need is an EventSource. You'd do this with a Groovy script that would execute on a schedule and go fetch the current list of alerts to open. The most frequently this can be done is every 1 minute. Your Groovy script would hit the Rapid7 API to get the list of alerts that are new since the last fetch and return that list of alerts to LM. Each item in the list would open an alert.

    However, I imagine there's a better opportunity here. What does Rapid7 do for you today? Could this be better accomplished by writing a custom DataSource to pull the raw data into LM?

  • Attached is what i see in Rapid7. I assume if i give it a LM webhook URL than i can pipe alerts to LM.  Everything inside LM custom http delivery looks Egress in nature. I dont want LM to send communication egress. I want Rapid7 to trigger, and send the alert to LM. I want the data in LM. I dont want to alert on data IN LM and send it elsewhere.  Is this possible, and if so how's it done.

     

    Thanks and looking to hear back