Adding a Threat to InsightIDR

Adding a new threat to InsightIDR only takes a few clicks. Start by adding your indicators either in the textbox or as a CSV or XML file. From there, add a Name and Description, and choose who else can see it. For example, if you don't allow third party file sharing sites, you could put in '' and '' as indicators, and set it as a private threat you're monitoring.

Next, we'll go ahead and add recent Threat Intelligence that our Managed Detection and Response team curated around the Apache Struts Vulnerability.

3 of 9

Support for CSV & STIX XML

You can mass import indicators that are in a CSV or XML. Simply browse to the folder and upload the file.

Flexibly Add Bad Things

InsightIDR accepts standard types of hashes, URLs, and IP addresses.

InsightIDR will match these indicators against any data sources that could contain these four types.

Control Who Sees the Feed

For each Threat that you add, you can choose who sees it.

Private: Only your organization.

Restricted: Orgs can subscribe, but can't see the individual indicators.

Public: Any org with InsightIDR can view and subscribe to the feed.


Contact Us

We're happy to answer any questions you may have about Rapid7