Technology Partners

Active Directory & InsightIDR

Active Directory & InsightIDR Integration Brief

Apply user behavior analytics to your data

With Microsoft Active Directory and Rapid7 InsightIDR

Integration Benefits

  • Automatically map activity on your network to the users and assets behind them to find threats.
  • Gain visibility into user behavior across endpoint, network, and cloud.
  • Detect the top behaviors behind breaches: the use of stolen credentials and malicious lateral movement.

Rapid7 InsightIDR integrates with Microsoft Active Directory and Azure AD, DHCP, and LDAP to apply user behavior analytics to your data. Once you connect these data sources with InsightIDR, activity on your network is automatically mapped to the users and assets behind them to find threats. InsightIDR also integrates with leading cloud services, like Office 365, to show you user activity across on-premises and cloud services.

Combined with our included, cross-product Insight Agent, you have visibility into user behavior across endpoint, network and cloud. The benefit: consistently detect the top behaviors behind breaches: the use of stolen credentials and malicious lateral movement. Get full visibility into who is doing what on the network, at all times, in real time.

Below is a 3-minute video highlighting InsightIDR detecting a compromised user account, the incident investigation, and taking direct action—disabling the affected user account in Active Directory.

InsightIDR also connects to and analyzes logs from Microsoft DNS, Exchange, Outlook Web App/ActiveSync, and VPN (Internet Authentication Service (RADIUS), Network Policy Server, Remote Web Access) against our User and Attacker Behavior Analytics.

Relentlessly Hunt Threats

Find out from the experts how InsightIDR can help you detect intruders earlier in the attack chain.

Watch Demo

Need help with an integration?

Please contact Rapid7 for support or assistance at +1.866.380.8113, or view all of our support options.

Get Support

Deprovisioning Users in InsightIDR

Deprovisioning Users in InsightIDR

In this short video, we show you how to seamlessly deprovision users directly from an investigation in InsightIDR.