Rapid7 InsightIDR integrates with Microsoft Active Directory and Azure AD, DHCP, and LDAP to apply user behavior analytics to your data. Once you connect these data sources with InsightIDR, activity on your network is automatically mapped to the users and assets behind them to find threats. InsightIDR also integrates with leading cloud services, like Office 365, to show you user activity across on-premises and cloud services.
Combined with our included, cross-product Insight Agent, you have visibility into user behavior across endpoint, network and cloud. The benefit: consistently detect the top behaviors behind breaches: the use of stolen credentials and malicious lateral movement. Get full visibility into who is doing what on the network, at all times, in real time.
Below is a 3-minute video highlighting InsightIDR detecting a compromised user account, the incident investigation, and taking direct action—disabling the affected user account in Active Directory.
InsightIDR also connects to and analyzes logs from Microsoft DNS, Exchange, Outlook Web App/ActiveSync, and VPN (Internet Authentication Service (RADIUS), Network Policy Server, Remote Web Access) against our User and Attacker Behavior Analytics.