insightIDR

Attacker Behavior Analytics

Threat intelligence from Rapid7 SOCs

Attacks are a human problem. They're caused by humans, and they can only be truly defeated by humans. The expert analysts working in our SOCs live and breathe attacker behavior every day. As they identify new threats, they're looking for signs that can help detect such activity in the future, even earlier in the attack chain. We're constantly turning their knowledge into useful, actionable detections known as Attacker Behavior Analytics. The best part? ABA is available in InsightIDR.

Detections based on real-world attacks

At Rapid7, we see attacks first-hand via the Metasploit project, our pen tests and incident response engagements, and our Managed Detection and Response customers. Our analysts craft new detections to catch attacker behavior based on their findings, and this evolving library comes in InsightIDR.

Threat intelligence without the false positives

Static indicators such as bad hashes and domain names are useful and easy to manage with InsightIDR, but you also need to source relevant, accurate intel to back them up. ABA helps you hunt underlying behavior behind breaches, so you're not chasing stale malware or parsing through false-positives.

Alerts with context

An alert without context is essentially useless. Each ABA detection helps you understand why the alert is firing, along with how to respond to it. You'll also be shown recent adversary groups using the technique, helping you predict likely targets for the attacker.

Deception technology, included

We understand how attackers work—and the traces they leave behind. InsightIDR goes beyond log analysis and comes with multiple intruder traps, ranging from easy-to-deploy honeypots for network scans to honey credentials to catch attackers exploiting your endpoints, to expose attackers early.

Ready to take InsightIDR for a spin?