Last updated at Wed, 03 Jan 2024 20:53:30 GMT
What is InsightConnect?
InsightConnect is Rapid7’s Security Orchestration, Automation and Response (SOAR) solution that is purpose-built to accelerate your teams and tools through automation. This SOAR tool helps accelerate and streamline time-intensive processes to free up your team to tackle other challenges. InsightConnect does this by connecting your tools together so that each tool is used to its maximum potential, connecting the dots between them to better inform your security teams and enrich your data and security alerts. This leads to a major improvement in operational efficiency.
What is a plugin in InsightConnect?
Plugins have built-in triggers and actions that you can use out of the box to easily connect your tools together to build effective automated workflows. You can browse the InsightConnect Marketplace to see all of the plugins that we currently offer. Don’t see the plugin or functionality you need? Good news! You can create it yourself or extend an existing plugin.
We’ve recently added new capabilities that will empower you to quickly build your own plugins and import them into InsightConnect to further orchestrate your processes. Our goal is to provide you with the tools to extend the power of InsightConnect.
Benefits of building a plugin
When purchasing a product or tool, you want to min-max its usage wherever possible. There's no better way to do that than having the ability to extend the product. With InsightConnect and icon-plugin, you can develop plugins as well as extend existing plugins, such as the open source plugins available on Github.
There, you can give back to the community, contribute by creating new plugins, add missing functionality, and fix any bugs, enabling you to increase your productivity and take your processes to a new level.
Sharing your plugin
The best way to share your work is through the Rapid7 InsightConnect plugins repo. In the README, we provide a detailed guide on how to contribute as well as how to run plugins locally. When you contribute, you’re adding improvements that not only affect you but can positively impact other users of InsightConnect, which is a meaningful way to give back to the community.
Get started
To get started with extending one of the plugins and get set up with the tooling, head on over to our Plugin development documentation. These documents detail tool usage and provide instructions on how to develop plugins for InsightConnect.
Usage example
Once you install icon-plugin
and have cloned the insightconnect-plugins
repository using git, let’s take a look at the icon-plugin usage with the Base64 plugin.
$ git clone https://github.com/rapid7/insightconnect-plugins/
$ cd insightconnect-plugins/base64
In this example, we will build the base64 plugin and then run the base64 decode action to decode the input string contained in the test file.
Let’s begin by building the plugin:
$ icon-plugin build image
INFO[0000] Building image base64:1.1.1
INFO[0000] Running Command: docker build --pull -t rapid7/base64:1.1.1 .
INFO[0001] Building tag
INFO[0001] Running Command: docker tag rapid7/base64:1.1.1 rapid7/base64:latest
Once the plugin is built, you can run it by executing one of the sample JSON input files in the tests directory.
$ icon-plugin run -R tests/decode.json -j
INFO[0000] Running command: docker run --rm -i rapid7/base64:1.1.1 run < tests/decode.json
INFO[0003] Output:
{
"data": "hello world!\n"
}
You can modify the JSON files with your own input, effectively acting as the user of the plugin would if they were orchestrating in InsightConnnect.
These are just a few capabilities of icon-plugin.