InsightIDR’s Log Search interface allows you to easily query and visualize your log data from within the product, but sometimes you may want to query your log data from outside the application.
For example, if you want to run a query to pull down log data from InsightIDR, you could use Rapid7’s security orchestration and automation tool, InsightConnect, to create a workflow that queries your log data and carries out automation scripts. Or, you could use a script that runs locally within your environment to retrieve a daily total of invalid logons. This is where the Log Search REST API can be used.
The example below is going to show you how to do the following:
Get a list of logs in your account
Build a request to run a query against a specific log within your account
Execute the log search query and extract the results
1. Getting a platform API key
First, you will need to obtain an API key to authenticate the requests you make. You can access this from the API keys page in the Rapid7 Platform home page after you log in. You’ll need to be a Platform Admin in order to generate an API key, so if you have not been assigned this role, you will need to request the key from someone in your organization who is a Platform Admin.
2. Getting a list of your logs
To query your log data, you will need the ID of the log(s) in order to bui ..
Support the originator by clicking the read the rest link below.
