diff --git a/common/console.go b/common/console.go
index f581f3e..337e3ce 100644
--- a/common/console.go
+++ b/common/console.go
@@ -63,6 +63,7 @@ var Vendors = map[string]string{
 	"Tanium":                          "\033[31mTanium\033[0m",
 	"Nextron Aurora":                  "\033[36mNextron\033[0m \033[90mAurora\033[0m",
 	"Trend Micro":                     "\033[31mTrend\033[0m \033[1mMicro\033[0m",
+	"Rapid7 InsightIDR":               "\033[97mRapid\033[0m\033[91m7\033[0m \033[97mInsightIDR\033[0m",
 }
 
 func Success(msg string) {
diff --git a/common/ref.go b/common/ref.go
index 595527e..f527293 100644
--- a/common/ref.go
+++ b/common/ref.go
@@ -293,4 +293,35 @@ var Domains = map[string]DomInfo{
 	"ddd53-threatconnect.trendmicro.com":  DomInfo{Vendor: "Trend Micro", TTL: 1800},
 	"licenseupdate.trendmicro.com":        DomInfo{Vendor: "Trend Micro", TTL: 1800},
 	"xdr.trendmicro.com":                  DomInfo{Vendor: "Trend Micro", TTL: 60},
+
+	// Rapid7 InsightIDR
+	// https://docs.rapid7.com/insightidr/ports-used-by-insightidr
+	"data.insight.rapid7.com":                   DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 60},
+	"us2.data.insight.rapid7.com":               DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
+	"us3.data.insight.rapid7.com":               DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
+	"eu.data.insight.rapid7.com":                DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
+	"ca.data.insight.rapid7.com":                DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
+	"au.data.insight.rapid7.com":                DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
+	"ap.data.insight.rapid7.com":                DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 30},
+	"endpoint.ingress.rapid7.com":               DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
+	"us2.endpoint.ingress.rapid7.com":           DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
+	"us3.endpoint.ingress.rapid7.com":           DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
+	"eu.endpoint.ingress.rapid7.com":            DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
+	"ca.endpoint.ingress.rapid7.com":            DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
+	"au.endpoint.ingress.rapid7.com":            DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
+	"ap.endpoint.ingress.rapid7.com":            DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 300},
+	"us.storage.endpoint.ingress.rapid7.com":    DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
+	"us.bootstrap.endpoint.ingress.rapid7.com":  DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
+	"us2.storage.endpoint.ingress.rapid7.com":   DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
+	"us2.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
+	"us3.storage.endpoint.ingress.rapid7.com":   DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
+	"us3.bootstrap.endpoint.ingress.rapid7.com": DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
+	"eu.storage.endpoint.ingress.rapid7.com":    DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
+	"eu.bootstrap.endpoint.ingress.rapid7.com":  DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
+	"ca.storage.endpoint.ingress.rapid7.com":    DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
+	"ca.bootstrap.endpoint.ingress.rapid7.com":  DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
+	"au.storage.endpoint.ingress.rapid7.com":    DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
+	"au.bootstrap.endpoint.ingress.rapid7.com":  DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
+	"ap.storage.endpoint.ingress.rapid7.com":    DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
+	"ap.bootstrap.endpoint.ingress.rapid7.com":  DomInfo{Vendor: "Rapid7 InsightIDR", TTL: 86400},
 }