Rapid7 InsightIDR

Webhook Integration Setup

Step 1: Configure InsightIDR Event Source

https://docs.rapid7.com/insightidr/custom-logs/

1. Navigate to Data Collection → Add Event Source → Custom Logs

2. Select Webhook as the collection method

3. Name your event source: "PreCrime Intelligence Indicators"

4. Copy the generated webhook URL - this will be used in PreCrime Intelligence configuration.

5. Click Save

Step 2: Share webhook url with your technical point of contact at BforeAI

1. Share the webhook URL with your technical point of contact at BforeAI

2. BforeAI will configure PreCrime Intelligence to send hourly indicator batches to your webhook URL.

Step 3: Data Format

PreCrime Intelligence start pushing indicators on an hourly basis in this format:

{
"type": "indicator",
  "created": "2025-06-30T12:58:35Z",
  "modified": "2025-06-30T12:58:35Z",
  "description": "Malicious Domain",
  "name": "ekwdbr.info",
  "valid_from": "2025-06-30T12:58:35Z",
  "confidence": 97
}

Data Field Reference

Using PreCrime Intelligence Data in InsightIDR

Log Search Queries

Make sure that ‘Raw Log’ is selected in the Log Sources section and that the time period covers at least one hour.

Search for specific indicators and patterns, for example:

All PreCrime Intelligence indicators

where("confidence">80 AND name CONTAINS "vip")

High confidence indicators

where("confidence">80 AND type = "indicator")

Indicators containing the string “vip”

where("confidence">80 AND name CONTAINS "vip")

Detection Rules

Create custom detection rules to:

• Alert on high-confidence indicators (confidence ≥ 80)

• Monitor for network connections to flagged domains

• Correlate PreCrime Intelligence indicators with existing security events

• Track indicator trends and patterns