Between Metasploit, penetration tests, and our 24/7 Managed Detection and Response service, we're investigating a constant stream of attacker behavior. As part of the investigative process, our analysts directly contribute Attacker Behavior Analytics (ABA) detections into InsightIDR, paired with recommendations and adversary context. These detections leverage the real-time user and endpoint data collected by InsightIDR. The result: the alert fidelity you want, filled with the context you need.
Fileless malware. Spear phishing. Crypto-jacking. Attackers' techniques for persistence shift, but they remain finite. As our analysts contribute Attacker Behavior Analytics, these detections are tested against the Rapid7 Insight platform to ensure you only get high-fidelity alerts in InsightIDR.
We understand that if an alert doesn't explain why the observed behavior is dangerous, it's worthless. Our threat intel and SOC analysts continually add context on where these malicious techniques are being used, along with exactly what you should do to stop it.
Our analyst teams are able to build detections against the rich tapestry of data collected by InsightIDR—this includes network, cloud application, and directly from the endpoint. We are identifying malicious underlying behaviors, not matching against aging open source threat intelligence.
In addition to the evolving Attacker Behavior Analytics library, you can manage and share threat intelligence with the InsightIDR customer community. Any threat intel you manage with InsightIDR will automatically match against your data; generated alerts come with automatic user and asset context.