Rapid7’s vast library of curated detections and attacker behaviors is mapped in detail to the MITRE ATT&CK® framework, an open, globally-accessible knowledge base of real-world adversary tactics and techniques. We believe in MITRE’s openness and community collaboration. In fact, we practice it ourselves.
With unified SIEM and XDR, InsightIDR enables customers to collect all the data they need across user activity logs, network traffic, endpoint telemetry, and cloud infrastructure. This robust data fuels detections coverage across the entire modern environment.
In the detections library, InsightIDR attacker behavior analytics (ABA) and user behavior analytics (UBA) detections are mapped to the MITRE framework to show our customers which tactics, techniques, and procedures (TTPs) are the most commonly used by threat actors in their environment. No guessing games about what an attacker might do next. This work gives insight into the attack patterns and common playbooks in real time.
During an attack, alongside recommendations informed by our MDR SOC, InsightIDR gives you mitigation recommendations provided by MITRE ATT&CK. You’ll see MITRE ATT&CK insights provided in the evidence panel to inform the decision-makers on the best way to proceed. This additional detail, alongside highly correlated investigation timelines, helps analysts accelerate decision making and response time. Access all the relevant information necessary to triage an attack - without ever leaving InsightIDR.
The 2022 MITRE evaluation examined InsightIDR’s endpoint detection and response (EDR) capabilities powered by our native Insight Agent against simulated advanced attacks – this time, Wizard Spider and Sandworm APT groups – aiming to encrypt data for disruption, destruction, or ransomware.
The results of this exercise highlighted InsightIDR’s ability to catch advanced attacks early, provide relevant context across the cyber kill chain, and deliver a strong signal-to-noise to drive more efficient detection and response. Learn more about our evaluation here.
MITRE has long worked in our collective interest, building a safer world. That’s been Rapid7’s mission for decades. And like MITRE we engage in public work that advances security: from research projects like like Sonar, Heisenberg, and Doppler, to open security communities like Metasploit, Attacker KB, and Velociraptor.