Posts tagged InsightIDR

Utilize File Integrity Monitoring to Address Critical Compliance Needs

To help organizations address their compliance auditing needs, we are excited to introduce file integrity monitoring (FIM) for InsightIDR.

3 min Incident Detection

How to Alert on Rogue DHCP Servers

How to alert on rogue DHCP servers using network traffic as a data source. We look at how you can use Wireshark or LANGuardian to detect DHCP servers.

7 min InsightIDR

Windows Event Forwarding: The Best Thing You’ve Never Heard Of

This blog post will discuss how to get logs into your SIEM and create custom alerts to detect certain behaviors in those logs.

7 min Log Management

Rolling with Your Logs, Part 3: Using Regex to Expand Your Search Options

In this final installment of our Log Search series, we’ll look at some simple regular expressions that will greatly expand your Log Search options.

4 min Incident Detection

5 Tips For Monitoring Network Traffic on Your Network

Monitoring traffic on your network is important if you want to keep it secure. These five tips will help you get the most out of your (NTA) tool.

6 min InsightIDR

Rolling with Your Logs, Part 2: Advanced Mode Searches

In the Part 2 of this three-part series on InsightIDR Log Search, we will cover three concepts: parsed logs, groupby function, and log search operations.

4 min InsightIDR

Rolling with Your Logs, Part 1: Your Guide to Log Search in InsightIDR

In the first installment of this series, we'll cover the three most important basics of log search, then run through a few common Simple Mode searches.

17 min InsightIDR

Universal Event Formats in InsightIDR: A Step-by-Step NXLog Guide

Follow this step-by-step walkthrough to use NXLog to transform an ingress authentication log into UEF.

3 min InsightIDR

Detecting Inbound RDP Activity From External Clients

Today, we discuss how to detect inbound RDP activity from external clients.

4 min InsightIDR

How to Set Up Your Security Operations Center (SOC) for Success

Whether you’re looking to add coverage or are experiencing challenges with your existing security operations center (SOC), it's important to consider these factors before making a decision.

4 min Threat Intel

Q&A with Rebekah Brown, Rapid7 Threat Intel Lead, on Attacker Behavior Analytics

Hear from Rebekah Brown, Rapid7’s threat intel lead, on Attacker Behavior Analytics and how Rapid7 is developing next gen threat detections for customers.

2 min Incident Detection

MAC Address Tracker: Generating a Network Inventory Database Using Network Traffic Analysis

Learn how to generate a network inventory database of all MAC addresses in your environment by monitoring your network traffic

2 min InsightIDR

Deception Technology in InsightIDR: Setting Up Honeypots

In order to overcome the adversary, we must first seek to understand. By understanding how attackers operate, and what today’s modern network looks like from an attacker’s perspective, it’s possible to deceive an attacker, or at least have warning around internal network compromise. Today, let’s touch on a classic deception technology [https://www.rapid7.com/solutions/deception-technology/] that continues to evolve: the honeypot. Honeypots [https://www.rapid7.com/fundamentals/honeypots/] are de

2 min User Behavior Analytics

Deception Technology in InsightIDR: Setting Up Honey Users

Having the ability to detect and respond to user authentication attempts is a key feature of InsightIDR [https://www.rapid7.com/products/insightidr/], Rapid7’s threat detection and incident response solution [https://www.rapid7.com/solutions/incident-detection-and-response/]. Users can take this ability one step further by deploying deception technology, like honey users, which come built into the product. A honey user is a dummy user not associated with a real person within your organization. B