Hi Rapid7 Support,
We’d like to generate a dashboard or report that includes the same data as the Security Operations Activity page, along with incident severity details. Specifically, we need a way to generate reports covering a specific timeframe, such as all incidents for February.
Is there an existing feature or recommended method to achieve this?
Thanks!!
Hi,
there is no native capability to run a report or create your own dashboard that would mic the SOA Dashboard. The closest thing we can offer today would be the InsightIDR REST API for investigations, which would allow you to export data and feed it into a report of some kind.
https://help.rapid7.com/insightidr/en-us/api/v2/docs.html
David
Hi David, thanks for the clarification. I’ll take a look at leveraging the InsightIDR REST API to pull the necessary data into a report. I appreciate the guidance!
Tom.
I actually had an IDEA submitted for exactly this - there are some metrics that just can’t be pulled based on InsightIDR logging. I will say some items I’ve pulled from the Audit logs were possible by grouping by investigation_rrn and then calculating off of that, but this is also based on the action value and the keys defined aligning based on your needs.
Personally, I really wanted to display the MITRE table but I also can go on a tangent about that not being applicable for custom rules.
Hi,
Actually, there is an issue regarding the InsightIDR REST API as it keeps giving the “unauthorized action” error. Rapid7 currently doesn’t offer a proper reporting capability for InsightIDR, especially the one that enables to get the useful stats for the IDR investigations. We have already a pending ticket regarding that.
Elvin.
@eabbasli can you share more details about what API call you are making? And how you are making the request?
Hi @tbosworth, Hi @vard2Trad,
I also created an IDEA to achieve something similar (IDEA-13242), but it was closed with the following reason:
Ticket as is will not be worked on:
Hopefully this means that his has been submitted in numbers!