F-Secure AV integration


I was looking at the event sources for InsightIDR and noticed that F-Secure AV is listed but there is no link to the page:


I can’t find anything else except the extensions page:
Rapid7 Extensions - F-Secure

Is there any documentation on the integration between F-Secure/InsightIDR?


Hi Neil,

We haven’t got any docs on this just yet but you should be able to use this guide for setting it up on the F-secure side:


Some things to note about configuring this in F-Secure:

  • It’s recommended you specify a custom port for log transmission (don’t use the default UDP or TCP port)
  • We accept F-Secure logs in RFC 3164 format

On the IDR side you must go to Data Collection > Event Sources. Add a Virus Scan event source and select F-Secure from the product dropdown menu. For the data collection method select Listen on Network Port and specify the port number and protocol that you configured in F-Secure.

Note: Make sure that the collector host firewall, or any physical firewall between the two servers allow traffic through that port.

Good luck!


That’s great Tony. I’ll look into it. Thanks for your help.

Best Regards,