{"users":[{"id":9,"username":"holly_wilsey","name":"Holly Wilsey","avatar_template":"/user_avatar/discuss.rapid7.com/holly_wilsey/{size}/78_2.png","trust_level":2},{"id":48,"username":"rapid7_bot","name":"Rapid7 Bot","avatar_template":"/user_avatar/discuss.rapid7.com/rapid7_bot/{size}/70_2.png","admin":true,"moderator":true,"trust_level":1},{"id":30311,"username":"mcolford","name":"Matt Colford","avatar_template":"/letter_avatar_proxy/v4/letter/m/5f9b8f/{size}.png","trust_level":1},{"id":7808,"username":"Darrick_Hall","name":"Darrick Hall","avatar_template":"/user_avatar/discuss.rapid7.com/darrick_hall/{size}/2530_2.png","admin":true,"trust_level":2},{"id":32080,"username":"Sean","name":"Sean","avatar_template":"/user_avatar/discuss.rapid7.com/sean/{size}/2224_2.png","trust_level":2},{"id":28582,"username":"orowan","name":"orowan","avatar_template":"/letter_avatar_proxy/v4/letter/o/ea666f/{size}.png","trust_level":1},{"id":45812,"username":"mmarsili","name":"Marco Marsili","avatar_template":"/user_avatar/discuss.rapid7.com/mmarsili/{size}/2694_2.png","trust_level":2},{"id":41304,"username":"jschavemaker","name":"jschavemaker","avatar_template":"/letter_avatar_proxy/v4/letter/j/d78d45/{size}.png","trust_level":1},{"id":13140,"username":"sgroeneveld","name":"sgroeneveld","avatar_template":"/letter_avatar_proxy/v4/letter/s/a8b319/{size}.png","trust_level":2},{"id":52919,"username":"imedina","name":"imedina","avatar_template":"/letter_avatar_proxy/v4/letter/i/4da419/{size}.png","trust_level":1},{"id":40196,"username":"bdroege","name":"bdroege","avatar_template":"/letter_avatar_proxy/v4/letter/b/ecd19e/{size}.png","trust_level":1},{"id":10647,"username":"2tSecurity","name":"Eric Hatt","avatar_template":"/user_avatar/discuss.rapid7.com/2tsecurity/{size}/2724_2.png","trust_level":2},{"id":6199,"username":"matthew_gardiner1","name":"Matthew Gardiner","avatar_template":"/letter_avatar_proxy/v4/letter/m/278dde/{size}.png","trust_level":1},{"id":295,"username":"brandon_mcclure","name":"Brandon McClure","avatar_template":"/user_avatar/discuss.rapid7.com/brandon_mcclure/{size}/182_2.png","trust_level":2},{"id":8146,"username":"Michael-Cochran-Rapid7","name":"Michael Cochran","avatar_template":"/letter_avatar_proxy/v4/letter/m/a9a28c/{size}.png","trust_level":2},{"id":10264,"username":"gfrouin","name":"gfrouin","avatar_template":"/letter_avatar_proxy/v4/letter/g/74df32/{size}.png","trust_level":2},{"id":5994,"username":"wayne_johnstone","name":"Wayne Johnstone","avatar_template":"/letter_avatar_proxy/v4/letter/w/eb8c5e/{size}.png","trust_level":2},{"id":13787,"username":"rwittmers","name":"rwittmers","avatar_template":"/letter_avatar_proxy/v4/letter/r/a183cd/{size}.png","trust_level":1},{"id":6355,"username":"bindu_laxminarayan","name":"Bindu Laxminarayan","avatar_template":"/letter_avatar_proxy/v4/letter/b/c68b51/{size}.png","trust_level":1},{"id":23764,"username":"cmorrison","name":"cmorrison","avatar_template":"/letter_avatar_proxy/v4/letter/c/c89c15/{size}.png","trust_level":1},{"id":18128,"username":"tward1","name":"tward","avatar_template":"/letter_avatar_proxy/v4/letter/t/e9bcb4/{size}.png","trust_level":1},{"id":33684,"username":"esoteric","name":"shaun","avatar_template":"/letter_avatar_proxy/v4/letter/e/a4c791/{size}.png","trust_level":1},{"id":26150,"username":"lturner","name":"lturner","avatar_template":"/letter_avatar_proxy/v4/letter/l/bbe5ce/{size}.png","trust_level":1},{"id":49042,"username":"pkm","name":"pkm","avatar_template":"/letter_avatar_proxy/v4/letter/p/49beb7/{size}.png","trust_level":1},{"id":46142,"username":"pmcneil1","name":"pmcneil","avatar_template":"/letter_avatar_proxy/v4/letter/p/76d3ee/{size}.png","trust_level":1},{"id":10052,"username":"bshaffer1","name":"bshaffer","avatar_template":"/letter_avatar_proxy/v4/letter/b/ee59a6/{size}.png","trust_level":1},{"id":47137,"username":"Dayze36","name":"Jack","avatar_template":"/letter_avatar_proxy/v4/letter/d/3bc359/{size}.png","trust_level":1},{"id":13841,"username":"zanderson","name":"zanderson","avatar_template":"/letter_avatar_proxy/v4/letter/z/13edae/{size}.png","trust_level":1},{"id":1275,"username":"scot_perkins","name":"Scot Perkins","avatar_template":"/letter_avatar_proxy/v4/letter/s/ecccb3/{size}.png","trust_level":2},{"id":51463,"username":"mnicodemus","name":"mnicodemus","avatar_template":"/letter_avatar_proxy/v4/letter/m/58956e/{size}.png","trust_level":1},{"id":13621,"username":"312312","name":"312312","avatar_template":"/letter_avatar_proxy/v4/letter/3/6bbea6/{size}.png","trust_level":2},{"id":7748,"username":"jon_merritt","name":"Jon Merritt","avatar_template":"/letter_avatar_proxy/v4/letter/j/a9adbd/{size}.png","trust_level":1},{"id":6616,"username":"ebennick","name":"ebennick","avatar_template":"/letter_avatar_proxy/v4/letter/e/e19b73/{size}.png","trust_level":2},{"id":33741,"username":"svarghese","name":"svarghese","avatar_template":"/letter_avatar_proxy/v4/letter/s/85f322/{size}.png","trust_level":1},{"id":52269,"username":"rkarkar","name":"rkarkar","avatar_template":"/letter_avatar_proxy/v4/letter/r/919ad9/{size}.png","trust_level":1},{"id":1427,"username":"Eric-Wilson","name":"Eric Wilson","avatar_template":"/user_avatar/discuss.rapid7.com/eric-wilson/{size}/2531_2.png","admin":true,"moderator":true,"trust_level":4},{"id":10479,"username":"talford","name":"talford","avatar_template":"/letter_avatar_proxy/v4/letter/t/58956e/{size}.png","trust_level":1},{"id":8478,"username":"ddellinger","name":"ddellinger","avatar_template":"/letter_avatar_proxy/v4/letter/d/e9c0ed/{size}.png","trust_level":1},{"id":2700,"username":"mason_prince","name":"Mason Prince","avatar_template":"/letter_avatar_proxy/v4/letter/m/97f17d/{size}.png","trust_level":1},{"id":16052,"username":"gtrevena","name":"gtrevena","avatar_template":"/letter_avatar_proxy/v4/letter/g/a88e4f/{size}.png","trust_level":1},{"id":40002,"username":"phazouri","name":"Paul ","avatar_template":"/letter_avatar_proxy/v4/letter/p/d9b06d/{size}.png","trust_level":1},{"id":49973,"username":"ckim","name":"ckim","avatar_template":"/letter_avatar_proxy/v4/letter/c/e79b87/{size}.png","trust_level":1}],"primary_groups":[],"flair_groups":[],"topic_list":{"can_create_topic":false,"more_topics_url":"/c/insightconnect/10?page=1","per_page":30,"top_tags":["InsightConnect","workflow-building","workflows","InsightIDR","InsightVM","insightconnect-updates","plugin-requests","microsoft_teams","servicenow","research","tips-and-tricks","plugin-releases","python_3_script","active_directory_ldap","azure_ad_admin","gmail","crowdstrike_falcon","microsoft_office365_email","sentinelone","fortinet_fortigate","microsoft_office365_email_security","microsoft_sccm","Microsoft_Teams_URL_Analysis","splunk","thehive","timers","advanced_regex","api_trigger","datetime","jira","json"],"topics":[{"fancy_title":"The Ultimate InsightConnect Resource List - Start Here!","id":13922,"title":"The Ultimate InsightConnect Resource List - Start Here!","slug":"the-ultimate-insightconnect-resource-list-start-here","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":null,"created_at":"2022-07-25T18:42:55.755Z","last_posted_at":"2022-07-25T18:43:44.154Z","bumped":true,"bumped_at":"2022-07-25T18:42:55.837Z","archetype":"regular","unseen":false,"pinned":true,"unpinned":null,"excerpt":"Welcome to the ultimate InsightConnect resource thread! :coffee:  :twisted_rightwards_arrows: \nIf you’re looking for some information on how to get started with InsightConnect, or you just want to browse the resources we…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":2552,"like_count":6,"has_summary":false,"last_poster_username":"holly_wilsey","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":9,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"About the InsightConnect category","id":1089,"title":"About the InsightConnect category","slug":"about-the-insightconnect-category","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2020-06-05T21:54:52.113Z","last_posted_at":"2020-06-05T21:54:52.123Z","bumped":true,"bumped_at":"2020-06-05T21:55:11.601Z","archetype":"regular","unseen":false,"pinned":true,"unpinned":null,"excerpt":"Discussions related to InsightConnect and everything that comprises it - plugins, workflows, and even tips on getting started.","visible":true,"closed":true,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":699,"like_count":0,"has_summary":false,"last_poster_username":"rapid7_bot","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":48,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Exception requests through teams leveraging API","id":57106,"title":"Exception requests through teams leveraging API","slug":"exception-requests-through-teams-leveraging-api","posts_count":3,"reply_count":0,"highest_post_number":3,"image_url":null,"created_at":"2026-03-10T19:31:14.443Z","last_posted_at":"2026-03-11T02:17:51.104Z","bumped":true,"bumped_at":"2026-03-11T02:17:51.104Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"I’m trying to work out a way to have a pair of workflows, one to trigger a teams message with an accept/reject link, the second that takes that link (API trigger) and parses it to actually do the approve/reject. \nI have …","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":16,"like_count":0,"has_summary":false,"last_poster_username":"mcolford","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":30311,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":7808,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Updating Global Artifacts Entries","id":57075,"title":"Updating Global Artifacts Entries","slug":"updating-global-artifacts-entries","posts_count":3,"reply_count":1,"highest_post_number":3,"image_url":null,"created_at":"2026-02-23T20:53:52.167Z","last_posted_at":"2026-03-09T20:19:20.426Z","bumped":true,"bumped_at":"2026-03-09T20:19:20.426Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"I have a workflow that adds entries to a Global Artifact that another workflow uses to schedule scans. The second workflow checks for records that contains a value of INC, and then loops through the returned records. \nOn…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":32,"like_count":0,"has_summary":false,"last_poster_username":"Sean","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":32080,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":7808,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"InsightVM Console plugin credentials","id":57103,"title":"InsightVM Console plugin credentials","slug":"insightvm-console-plugin-credentials","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-03-09T16:15:56.297Z","last_posted_at":"2026-03-09T16:15:56.389Z","bumped":true,"bumped_at":"2026-03-09T16:15:56.389Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Trying to set up a connection for InsightVM console for vulnerability exceptions. I have a console user account made and confirmed I can log in with it. If I use the credentials in the connector it passes, however it nev…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":12,"like_count":0,"has_summary":false,"last_poster_username":"mcolford","category_id":18,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":30311,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"InsightIDR to Microsoft 365 Workflow Only Sending Investigations – Not Alerts or Managed Alerts","id":57074,"title":"InsightIDR to Microsoft 365 Workflow Only Sending Investigations – Not Alerts or Managed Alerts","slug":"insightidr-to-microsoft-365-workflow-only-sending-investigations-not-alerts-or-managed-alerts","posts_count":4,"reply_count":2,"highest_post_number":4,"image_url":"//forum-uploads-hub-prod-1-us-east-1-rapid7-com.s3.dualstack.us-east-1.amazonaws.com/original/2X/7/7ef84f0f2d2cbf590ab02e4e98151ea4a4578b4e.png","created_at":"2026-02-20T11:22:19.307Z","last_posted_at":"2026-02-26T14:25:03.018Z","bumped":true,"bumped_at":"2026-02-26T14:25:03.018Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Hi all, \nWe currently have the Rapid7 InsightIDR to Microsoft 365 workflow set up via InsightConnect, and it is successfully sending email notifications when an Investigation is created. \nHowever, we’ve noticed that it d…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":95,"like_count":0,"has_summary":false,"last_poster_username":"Darrick_Hall","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":28582,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":7808,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"How do folks manage API key rotations on connections before they expire?","id":56971,"title":"How do folks manage API key rotations on connections before they expire?","slug":"how-do-folks-manage-api-key-rotations-on-connections-before-they-expire","posts_count":4,"reply_count":0,"highest_post_number":4,"image_url":null,"created_at":"2025-12-05T11:53:03.261Z","last_posted_at":"2026-02-23T20:46:04.308Z","bumped":true,"bumped_at":"2026-02-23T20:46:04.308Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Hello \nI'm curious how others manage their API Key expiration dates?  I'm not referring to Rapid7 Platform keys (User / Organization) that do not expire, but rather external connection API keys like Jira, Gitlab, etc.  N…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":122,"like_count":2,"has_summary":false,"last_poster_username":"Sean","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":45812,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":41304,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":13140,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":32080,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Rapid 7 sincronizar con Bitdefender alguien lo habrá realizado","id":57072,"title":"Rapid 7 sincronizar con Bitdefender alguien lo habrá realizado","slug":"rapid-7-sincronizar-con-bitdefender-alguien-lo-habra-realizado","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":null,"created_at":"2026-02-12T19:28:07.770Z","last_posted_at":"2026-02-12T19:29:05.155Z","bumped":true,"bumped_at":"2026-02-12T19:29:05.155Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Alguien ha realizo la implementación entre Rapid7 y Bitdefender","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":32,"like_count":0,"has_summary":false,"last_poster_username":"imedina","category_id":22,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":52919,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Microsoft Graph API Integration","id":50844,"title":"Microsoft Graph API Integration","slug":"microsoft-graph-api-integration","posts_count":13,"reply_count":10,"highest_post_number":13,"image_url":null,"created_at":"2025-05-05T20:48:08.525Z","last_posted_at":"2026-02-06T13:20:28.533Z","bumped":true,"bumped_at":"2026-02-06T13:20:28.533Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"We’re looking to integrate Microsoft Graph API in our workflows - actions like POSTing to confirm a user as compromised in Azure AD. \nFrom reading what other’s have mentioned, the safest and most flexible option seems to…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":["InsightConnect","workflow-building"],"tags_descriptions":{},"views":308,"like_count":2,"has_summary":false,"last_poster_username":"2tSecurity","category_id":20,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":40196,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":7808,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":10647,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"What have you automated so far?","id":4537,"title":"What have you automated so far?","slug":"what-have-you-automated-so-far","posts_count":35,"reply_count":21,"highest_post_number":35,"image_url":null,"created_at":"2021-04-20T17:46:50.749Z","last_posted_at":"2026-02-05T21:42:17.730Z","bumped":true,"bumped_at":"2026-02-05T21:42:17.730Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"There’s a lot of possibilities in the realm of security and automation, and a lot of different technologies to pair with it. With that in mind, I thought it’d be nice to have a place where we can share how we’ve been usi…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":3743,"like_count":50,"has_summary":false,"last_poster_username":"gfrouin","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":9,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":6199,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":295,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":8146,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":10264,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Manage Engine - Service Desk Plugin Release!","id":15670,"title":"Manage Engine - Service Desk Plugin Release!","slug":"manage-engine-service-desk-plugin-release","posts_count":15,"reply_count":9,"highest_post_number":15,"image_url":"//forum-uploads-hub-prod-1-us-east-1-rapid7-com.s3.dualstack.us-east-1.amazonaws.com/optimized/1X/1a12cf220ffc0837f4a1b68afe98ce0e70a827df_2_1024x535.jpeg","created_at":"2022-09-28T19:28:17.630Z","last_posted_at":"2026-01-29T17:40:02.940Z","bumped":true,"bumped_at":"2026-01-29T17:40:02.940Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Manage Engine - Service Desk\n\n\nManageEngine's Service Desk can centralize and capture reported issues, allowing security/IT admin to track and manage all incidents effortlessly. The numerous help desk tickets raised are …","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":["plugin-releases","Manage-Engine-Service-Desk"],"tags_descriptions":{},"views":1144,"like_count":5,"has_summary":false,"last_poster_username":"Darrick_Hall","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":5994,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":13787,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":6355,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":23764,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":7808,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Formatting Column Names returned from Surface Command Query","id":56600,"title":"Formatting Column Names returned from Surface Command Query","slug":"formatting-column-names-returned-from-surface-command-query","posts_count":19,"reply_count":17,"highest_post_number":19,"image_url":"//forum-uploads-hub-prod-1-us-east-1-rapid7-com.s3.dualstack.us-east-1.amazonaws.com/original/2X/2/26ede92851aca4a2a286574d18789713290858c1.png","created_at":"2025-11-20T17:21:49.861Z","last_posted_at":"2026-01-29T17:27:25.396Z","bumped":true,"bumped_at":"2026-01-29T17:27:25.396Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"hey there, \nI have a surface command query returning not very "safe" column names. The API used returns labels for a column instead of the column name, i.e. CVSS (V3) Score. \nI've added a jq step after the query return t…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":["workflow-building"],"tags_descriptions":{},"views":111,"like_count":0,"has_summary":false,"last_poster_username":"tward1","category_id":20,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":18128,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":7808,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Workflow for sending InsightIDR investigations to teams","id":57053,"title":"Workflow for sending InsightIDR investigations to teams","slug":"workflow-for-sending-insightidr-investigations-to-teams","posts_count":5,"reply_count":2,"highest_post_number":5,"image_url":null,"created_at":"2026-01-28T01:17:41.353Z","last_posted_at":"2026-01-29T16:56:58.765Z","bumped":true,"bumped_at":"2026-01-29T16:56:58.765Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Anyone have an example workflow for sending InsightIDR investigations to teams? \nStruggling to get this working at the moment I have a workflow setup with the “Insight IDR - Detection Rule” trigger set on certain logsets…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":73,"like_count":0,"has_summary":false,"last_poster_username":"Darrick_Hall","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":33684,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":45812,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":26150,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":7808,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Timers plugin issue","id":57048,"title":"Timers plugin issue","slug":"timers-plugin-issue","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-01-26T13:43:09.451Z","last_posted_at":"2026-01-26T13:43:09.553Z","bumped":true,"bumped_at":"2026-01-26T13:43:09.553Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Hello Everyone, Greetings to all of you! \nSince Saturday, I have observed some changes in the Timer trigger. The plugin doc says, it takes a set of UTC times but, last two days it ran at EST. For instance, I had set up t…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":["InsightConnect","timers"],"tags_descriptions":{},"views":21,"like_count":0,"has_summary":false,"last_poster_username":"pkm","category_id":18,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":49042,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Comparing output results","id":57043,"title":"Comparing output results","slug":"comparing-output-results","posts_count":2,"reply_count":0,"highest_post_number":2,"image_url":null,"created_at":"2026-01-19T21:08:02.589Z","last_posted_at":"2026-01-19T22:13:43.124Z","bumped":true,"bumped_at":"2026-01-19T22:13:43.124Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"I’m working on a workflow, which is meant to look for users who haven’t signed into an application within the last year. The application uses SSO and access is controlled by AD group membership. \nSo I have an action that…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":40,"like_count":0,"has_summary":false,"last_poster_username":"mmarsili","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":46142,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":45812,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Purge Office 365 Emails with Slack","id":57037,"title":"Purge Office 365 Emails with Slack","slug":"purge-office-365-emails-with-slack","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-01-15T14:18:42.432Z","last_posted_at":"2026-01-15T14:18:42.538Z","bumped":true,"bumped_at":"2026-01-15T14:18:42.538Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"We have identified an issue with the Purge Office 365 Emails with Slack extension (version 1.2.0). This extension functioned correctly until sometime late last year. \nThe extension is still able to search for the targete…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":["InsightConnect"],"tags_descriptions":{},"views":34,"like_count":0,"has_summary":false,"last_poster_username":"bshaffer1","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":10052,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Playing with the outputs","id":57035,"title":"Playing with the outputs","slug":"playing-with-the-outputs","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2026-01-14T23:21:36.625Z","last_posted_at":"2026-01-14T23:21:36.701Z","bumped":true,"bumped_at":"2026-01-14T23:21:36.701Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Hi Everyone, \nI have recently been trying to play with outputs. \nI understand the plugins are probably expecting certain criteria. \nA good example, I was using the advanced regex plugin for a data extraction. The output …","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":25,"like_count":0,"has_summary":false,"last_poster_username":"Dayze36","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":47137,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Quarterly trigger","id":21288,"title":"Quarterly trigger","slug":"quarterly-trigger","posts_count":4,"reply_count":1,"highest_post_number":4,"image_url":null,"created_at":"2023-03-27T20:55:49.537Z","last_posted_at":"2025-12-26T17:35:32.403Z","bumped":true,"bumped_at":"2025-12-26T17:35:32.403Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Does anyone know if it’s possible to generate a quarterly trigger? We’d like to create a few tickets at the beginning of each quarter. I have the Timer plugin installed but I don’t think it supports a quarterly trigger. …","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":["InsightConnect","timers"],"tags_descriptions":{},"views":343,"like_count":2,"has_summary":false,"last_poster_username":"mnicodemus","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":13841,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":1275,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":295,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":51463,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Automated Threat Hunting using InsightConnect","id":23019,"title":"Automated Threat Hunting using InsightConnect","slug":"automated-threat-hunting-using-insightconnect","posts_count":7,"reply_count":1,"highest_post_number":7,"image_url":null,"created_at":"2023-05-12T17:28:32.538Z","last_posted_at":"2025-12-22T15:42:25.385Z","bumped":true,"bumped_at":"2025-12-22T15:42:25.385Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Good day! \nWe’d like to develop some threat hunting capabilities in our SOC using InsightConnect as well as InsightIDR. For starters, my plan was to develop a workflow that performs IOC hunting based on known bad hashes …","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":["InsightIDR","InsightConnect"],"tags_descriptions":{},"views":1334,"like_count":2,"has_summary":false,"last_poster_username":"svarghese","category_id":20,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":13621,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":8146,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":7748,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":6616,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":33741,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Unexpected Redirect and Missing Connections in Automation (InsightConnect)","id":57021,"title":"Unexpected Redirect and Missing Connections in Automation (InsightConnect)","slug":"unexpected-redirect-and-missing-connections-in-automation-insightconnect","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":"//forum-uploads-hub-prod-1-us-east-1-rapid7-com.s3.dualstack.us-east-1.amazonaws.com/optimized/2X/a/ad3b9a58bed174b734bbe47e9100861633ebeee8_2_1024x353.png","created_at":"2025-12-10T05:21:27.246Z","last_posted_at":"2025-12-10T05:21:27.332Z","bumped":true,"bumped_at":"2025-12-10T05:21:27.332Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Hi Rapid7 Team, \nI’ve encountered an issue in my trial instance while trying to activate my orchestrator in the Automation (formerly InsightConnect) platform. \nWhen navigating to Settings > Orchestrators, clicking on Orc…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":35,"like_count":0,"has_summary":false,"last_poster_username":"rkarkar","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":52269,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Bi-Directional Sync","id":57018,"title":"Bi-Directional Sync","slug":"bi-directional-sync","posts_count":3,"reply_count":1,"highest_post_number":3,"image_url":null,"created_at":"2025-12-09T13:02:34.274Z","last_posted_at":"2025-12-09T14:25:36.441Z","bumped":true,"bumped_at":"2025-12-09T14:25:36.441Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Hi all. \nI have come up with an idea of syncing both Defender as well as Rapid7 alerts. I mean to say, our organization is maintaining both Defender as well as Rapid7 SIEM for alerts and investigation management. Now the…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":["InsightIDR"],"tags_descriptions":{},"views":67,"like_count":0,"has_summary":false,"last_poster_username":"pkm","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":49042,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":1427,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Cancelling stuck running jobs","id":56812,"title":"Cancelling stuck running jobs","slug":"cancelling-stuck-running-jobs","posts_count":3,"reply_count":1,"highest_post_number":3,"image_url":null,"created_at":"2025-12-01T17:24:29.632Z","last_posted_at":"2025-12-09T14:00:29.033Z","bumped":true,"bumped_at":"2025-12-09T14:00:29.033Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Hi,  Does anybody know of a quick way to cancel a huge amount of stuck running jobs?   And also, is there any way to alert us if the number of stuck running jobs exceed a certain count or something similar? \nI do have a …","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":88,"like_count":1,"has_summary":false,"last_poster_username":"ddellinger","category_id":20,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":10479,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":13140,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":8478,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Returns specific fields from jira plugin find issues?","id":56981,"title":"Returns specific fields from jira plugin find issues?","slug":"returns-specific-fields-from-jira-plugin-find-issues","posts_count":3,"reply_count":1,"highest_post_number":3,"image_url":"//forum-uploads-hub-prod-1-us-east-1-rapid7-com.s3.dualstack.us-east-1.amazonaws.com/original/2X/5/512624557abb060d567cc965bd28330bb186d992.png","created_at":"2025-12-05T21:48:37.294Z","last_posted_at":"2025-12-08T16:26:29.624Z","bumped":true,"bumped_at":"2025-12-08T17:20:17.698Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"i am using the jira plugin v 6.5.3 and the find issues function. i read somewhere there should be a fields input where i can list the fields, but I'm not seeing one. so it may have been wrong. How can i specify fields to…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":["insightappsec_jira_ticketing"],"tags_descriptions":{},"views":34,"like_count":0,"has_summary":false,"last_poster_username":"tward1","category_id":18,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":18128,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":1427,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Connection set up issue","id":56944,"title":"Connection set up issue","slug":"connection-set-up-issue","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2025-12-04T16:26:53.016Z","last_posted_at":"2025-12-04T16:26:53.083Z","bumped":true,"bumped_at":"2025-12-04T16:26:53.083Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Hey all, How yall are doing? \nI am facing an issue setting up the MS Defender for Endpoint plugin in Rapid7. We checked with the API Permissions, secret key value, tenant id, and application id. All seems to be fine but,…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":36,"like_count":0,"has_summary":false,"last_poster_username":"pkm","category_id":18,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":49042,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Python Step - Inputs and TypeError: Object of type set is not JSON serializable","id":56521,"title":"Python Step - Inputs and TypeError: Object of type set is not JSON serializable","slug":"python-step-inputs-and-typeerror-object-of-type-set-is-not-json-serializable","posts_count":8,"reply_count":6,"highest_post_number":9,"image_url":null,"created_at":"2025-11-18T20:04:27.349Z","last_posted_at":"2025-11-19T20:14:26.368Z","bumped":true,"bumped_at":"2025-11-19T20:14:26.368Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Hey there, \nThe error I am getting is TypeError: Object of type set is not JSON serializable \nI have a step where I am passing 2 json arrays into a python step where i need to join the \nMy input - \n{“solutions”:“["Conver…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":158,"like_count":0,"has_summary":false,"last_poster_username":"tward1","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":18128,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":1427,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"API Permissions","id":56538,"title":"API Permissions","slug":"api-permissions","posts_count":3,"reply_count":1,"highest_post_number":3,"image_url":null,"created_at":"2025-11-19T10:22:58.341Z","last_posted_at":"2025-11-19T16:08:32.513Z","bumped":true,"bumped_at":"2025-11-19T16:08:32.513Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Hello folks, Greetings! \nDoes anybody know what are those API permissions we need to provide while registering the MS Defender Hunting App in Entra ID, so that we can access all the functionalities of this Plugin in ICON…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":["InsightConnect"],"tags_descriptions":{},"views":54,"like_count":0,"has_summary":false,"last_poster_username":"pkm","category_id":18,"pinned_globally":false,"featured_link":null,"has_accepted_answer":true,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":49042,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster, Accepted Answer","user_id":1427,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Plugin Request: Google Chat","id":10753,"title":"Plugin Request: Google Chat","slug":"plugin-request-google-chat","posts_count":4,"reply_count":1,"highest_post_number":4,"image_url":null,"created_at":"2022-03-11T21:46:28.893Z","last_posted_at":"2025-11-19T10:57:29.854Z","bumped":true,"bumped_at":"2025-11-19T10:57:29.854Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Hello, \nI’d like to request a plugin for Google Chat, in the same way that there is functionality for Slack and MS Teams. We use Google Chat for company-wide comms so it would be necessary to have that functionality for …","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":["InsightConnect","plugin-requests"],"tags_descriptions":{},"views":532,"like_count":4,"has_summary":false,"last_poster_username":"gtrevena","category_id":18,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":2700,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":8146,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster","user_id":16052,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"ChatOps Automation issue","id":56495,"title":"ChatOps Automation issue","slug":"chatops-automation-issue","posts_count":4,"reply_count":2,"highest_post_number":4,"image_url":"//forum-uploads-hub-prod-1-us-east-1-rapid7-com.s3.dualstack.us-east-1.amazonaws.com/original/2X/b/b7a7fd375c6a72185801af4ae19ec3bdd14906ec.png","created_at":"2025-11-18T10:47:58.973Z","last_posted_at":"2025-11-18T17:31:42.067Z","bumped":true,"bumped_at":"2025-11-18T17:31:42.067Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Hi, \nI’ve recently been experiencing issues with two of my workflows. They are very simple — just three steps: a trigger, a Python code step, and a ChatOps Slack action. The problem is that the ChatOps action takes a lon…","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":["InsightConnect","workflows"],"tags_descriptions":{},"views":62,"like_count":0,"has_summary":false,"last_poster_username":"Darrick_Hall","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":true,"can_vote":false,"posters":[{"extras":null,"description":"Original Poster","user_id":40002,"primary_group_id":null,"flair_group_id":null},{"extras":"latest","description":"Most Recent Poster, Accepted Answer","user_id":7808,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Executing IVM query and return json","id":56269,"title":"Executing IVM query and return json","slug":"executing-ivm-query-and-return-json","posts_count":5,"reply_count":3,"highest_post_number":5,"image_url":"//forum-uploads-hub-prod-1-us-east-1-rapid7-com.s3.dualstack.us-east-1.amazonaws.com/original/2X/5/5e29092f18457ed0df03b443a8846be70c84c14c.png","created_at":"2025-11-07T21:11:59.689Z","last_posted_at":"2025-11-13T21:09:26.217Z","bumped":true,"bumped_at":"2025-11-13T21:28:48.766Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"Good afternoon, I need to pass into a R7 Solution step a list of vuln ids to execute a IVM query. I added the step and it completes successfully, however it creats a csv. I looked at the templates and there doesn’t seem …","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":58,"like_count":1,"has_summary":false,"last_poster_username":"tward1","category_id":20,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest","description":"Original Poster, Most Recent Poster","user_id":18128,"primary_group_id":null,"flair_group_id":null},{"extras":null,"description":"Frequent Poster","user_id":1427,"primary_group_id":null,"flair_group_id":null}]},{"fancy_title":"Looping Through Large JSON IOC Objects (ThreatFox get_iocs) Stored as File (>8KB)","id":56331,"title":"Looping Through Large JSON IOC Objects (ThreatFox get_iocs) Stored as File (>8KB)","slug":"looping-through-large-json-ioc-objects-threatfox-get-iocs-stored-as-file-8kb","posts_count":1,"reply_count":0,"highest_post_number":1,"image_url":null,"created_at":"2025-11-11T19:39:45.980Z","last_posted_at":"2025-11-11T19:39:46.045Z","bumped":true,"bumped_at":"2025-11-11T19:39:46.045Z","archetype":"regular","unseen":false,"pinned":false,"unpinned":null,"excerpt":"I’m pulling data from the ThreatFox get_iocs endpoint using an HTTP request plugin. The response returns a list of IOC objects, and one field, "body_objects", contains file-related data. \nWhen I create a loop to iterate …","visible":true,"closed":false,"archived":false,"bookmarked":null,"liked":null,"tags":[],"tags_descriptions":{},"views":34,"like_count":0,"has_summary":false,"last_poster_username":"ckim","category_id":10,"pinned_globally":false,"featured_link":null,"has_accepted_answer":false,"can_vote":false,"posters":[{"extras":"latest single","description":"Original Poster, Most Recent Poster","user_id":49973,"primary_group_id":null,"flair_group_id":null}]}]}}