Hey @paul_deasy,
So, it really depends. Our research team will add some IOCs to IDR as they discover them, however often times our customers have either a paid list/tool (i.e. RecordedFuture) or they want to be really mindful of specific threats.
What you are looking yo do can pretty much be done using our API, using OTX IOCs.
https://docs.rapid7.com/insightidr/insightidr-rest-api/#insightidr-rest-api
Here’s a post I made about something similar but using RecordedFuture.
Using the API to upload Recorded Future IOCs to an IDR Custom Threat Feed.
Let me know if this answered your question.
Regards,
Felipe