InsightConnect SFTP Connections / Plugin

ilee1 · May 17, 2022, 4:45pm

Afternoon Everyone,

I’m trying to discern if InsightConnect (plugins) can handle an SFTP connection for file movements (only download required for now). The only plugin I see is “FTP” which does not look like it has this capability. I believe I could cobble something together with Python but I figured I would ask if anyone else has solved. similar challenge.

Thanks in advance

holly_wilsey · May 20, 2022, 8:26pm

Hey @ilee1! We currently do not have an SFTP plugin (or generic SFTP actions within another existing plugin). We do have the SMB plugin, which can be used to download files from an SMB server, as well as the NFS plugin for use with Linux/Unix systems.

There’s also an option in the FTP plugin under the connection setup that allows you to enable TLS encryption. Would this be an option in your case?

This is a good call out though, and I went ahead and filed a request for an SFTP plugin so our team can track this and look into it some more.

ilee1 · May 30, 2022, 4:11pm

Good Morning Holly. Thanks for following up. We specifically need SFTP. There’s the possibility we could use the existing FTP plugin but we’d need to be able to specify the port as well. There’s no field for that and anything I’ve tried with the Host field has not worked.

Is there any precedent for timing on a new plugin (like SFTP)? My guess is that it would take longer than we can go and may need to look into another solution.

ilee1 · June 28, 2022, 2:47pm

Afternoon @holly_wilsey ! Figured I’d follow up on this for some rough timing on a possible SFTP plugin or possible changes to the FTP plugin to support more options. Thanks!

holly_wilsey · July 8, 2022, 4:27pm

Hey @ilee1, apologies for the delay here. We currently have an official “idea” ticket in place to take a closer look at the notion of building an SFTP plugin, or making some updates to the existing one. It’s in review with the team, so nothing concrete right now, but I can let you know if we have any updates as we do some research around it. Appreciate you following up with us here

wayne_johnstone · July 11, 2022, 7:36pm

Hi @ilee1,
Thanks for following up. Could you possibly add what your use case is and what are you trying to connect to? an internal SFTP site? external cloud solution?

Thanks,
Wayne Johnstone
Integration Product Manager

ilee1 · July 18, 2022, 8:09pm

Afternoon Wayne,

We have an external SaaS application that only makes its audit / security logs available via an SFTP site. The goal was to connect to this site and copy the files to an internal location where they could then be parsed and ingested into InsightIDR.

gfrouin · September 28, 2023, 7:09pm

Is there any update on this? It seems that one year to create an SFTP plugin is really long, especially considering that InsightIDR is already capable of retrieving files via SFTP