insightIDR

Integrations

Unify and detect across network, endpoint, and cloud

Try Now

To relentlessly hunt threats, you need to see everything that’s happening in your environment. InsightIDR provides visibility across your entire ecosystem—including areas difficult to monitor, such as endpoints and cloud services—via integrations with your existing network and security stack.

By correlating the millions of daily events in your environment directly to the users and assets behind them, InsightIDR highlights risk across your organization and prioritizes where to search. Even better? It can be up and running in hours. Let’s see a traditional SIEM tool do that.

See the full list of Rapid7 technology partners

InsightIDR supported event sources

InsightIDR and Microsoft

As Office 365 and other cloud services dissolve the security perimeter to improve user productivity, identifying intruders using stolen credentials gets more challenging. Rapid7 is proud to be an early access partner with Microsoft®. Integrating its Office 365 Management Activity API with InsightIDR feeds our tool with visibility into user authentications and admin activity, exposing suspicious behavior and the use of compromised credentials. InsightIDR also integrates with Microsoft Active Directory and Azure AD, DHCP, and LDAP to apply user behavior analytics to your data.

Learn more about the Microsoft integrations >

 

InsightIDR and Amazon Web Services (AWS) CloudTrail

InsightIDR, an AWS advanced technology partner, makes it easy to find threats across your on-premises network, endpoints, cloud services, and IaaS from a central console. Both Amazon CloudTrail and GuardDuty logs can be forwarded to InsightIDR for log search, reporting, and automatic matching against community and Rapid7 MDR threat intelligence.

Download the AWS integrations brief >

 


InsightIDR and Splunk

Already using a log aggregator or SIEM solution for compliance and reporting? Get even more out of it. InsightIDR integrates with either tool, applying User Behavior Analytics to the data to detect stealthy attacker behavior such as the use of stolen credentials and lateral movement. Further, InsightIDR combines data from your SIEM with our endpoint detection and monitoring and cloud service behavior for fast incident investigations and a complete view of your network. Best of all, you don’t need a data degree to find value: InsightIDR prioritizes risk across your organization and shows you exactly where to look.

Learn more about the Splunk integration >

 


InsightIDR and FireEye

Most monitoring solutions report findings by IP address, yet the intruders behind the malware often blend in to network noise by masquerading as legitimate users on the network. Knowing the user context of an alert is often critical to understanding an attack’s impact and responding to the incident quickly. This integration allows you to map findings from FireEye Network Security (NX) and Threat Analytics Platform (TAP) to the user context provided in InsightIDR to help you monitor the attack and identify which users are impacted and whose credentials were compromised.

Learn more about the FireEye integration >

 

InsightIDR and CyberArk

Rapid7’s cloud SIEM, InsightIDR, along with the CyberArk Core Privileged Access Security Solution, provides visibility, protection, and automated workflows to help any organization detect and take action against attacks on its users and administrators. The combined solutions also make life easier for the Security Operations Center: Critical alerts and behavior are prioritized by risk and leverage data across your modern network—on-premise, remote workers, SaaS, and IaaS.

Learn more about the CyberArk integration >

 


InsightIDR and Cisco IOS DHCP

Add User Behavior Analytics (UBA), Endpoint Detection and Response (EDR), and Deception technology to your Cisco security infrastructure with Rapid7 InsightIDR. Once you connect these event sources to InsightIDR, activity on your network is automatically correlated to the users and assets behind them. InsightIDR natively ingests data from Cisco ASA Firewall & VPN, Meraki, Sourcefire, and IronPort for log search, reporting, data visualization, and to power our prebuilt threat detections.

Learn more about the Cisco integration >

 


InsightIDR and Carbon Black CB Response

Rapid7 InsightIDR integrates with Carbon Black CB Response to give you time-saving user and network context for your malware alerts. In addition to ingesting and helping you take action across CB Response, Active Directory, and cloud services from a single console, InsightIDR helps you detect malicious behavior off the endpoint. This includes attackers using stolen credentials, compromsied cloud accounts, and lateral movement.

Learn more about the Carbon Black integration >

Ready to take InsightIDR for a spin?

Free 30-Day Trial