Detect Attacks Automatically

Detect stealthy intruder movement

Attackers don't need malware to compromise organizations, and they frequently rely on stolen credentials and lateral movement because they are harder to detect. UserInsight alerts on credential abuse across your network, applications, endpoints, mobile devices, and cloud services. It detects lateral movement leveraging domain and local accounts by collecting both endpoint and Active Directory logs.

Eliminate alert fatigue

It's easy to get overwhelmed by thousands of alerts per day, when you can't investigate even a fraction. As part of our research, we simulate attacks and discover valuable intelligence others have missed. Adding these sources to the mix increases UserInsight's alert quality. On average, a company of 10,000 users sees about 10 UserInsight alerts per day, making your workload more manageable.

5-Minute Demo Video:
Detect Stealthy Attacks using Behavior Analytics

I can see incidents in UserInsight if our user accounts have been dumped in large data breaches. If there’s an employee that used their email at a large site or software site, and their email address winds up in a breach list, I get an alert. That happened to be one of the eye-opening occurences that started my higher-ups to say, ‘How much does that product cost?

Bob Jones
Information Security Manager
City of Corpus Christi

Get endpoint visibility without "yet another agent"

A majority of respondents see lack of endpoint visibility as an obstacle to efficient incident response, according to a SANS study. UserInsight scans your endpoints without requiring an agent, giving you full coverage without the headaches.

Set traps for intruders

Early steps in the attack chain include network scans and enumerating user accounts for password testing. UserInsight enables you to set traps for these intruder activities so you catch attacks early.

Make sense of malware alerts

Advanced malware solutions can be noisy and are not always actionable. UserInsight integrates with traditional anti–virus and advanced malware solutions to identify which user is being targeted. Through its endpoint monitoring, it detects suspicious and malicious processes through intruder analytics and threat intelligence.

Put your threat intelligence to work

UserInsight makes threat intelligence actionable by spotting users at risk from leaked passwords or connecting to known malicious hosts. UserInsight is set up with several threat feeds out of the box, and you can add your own.

Move at the speed of the attacker

Detecting new attacker methodologies is a race against time. Rapid7 constantly develops and refines behavior patterns so you don't have to write rules yourself. Thanks to UserInsight's cloud deployment model, we can quickly prototype and test new detection methods before we deploy them to you, ensuring instant protection and low false positive rates.

Investigate Quickly

Investigate 20x faster

You don't want to waste time when an intruder is on your network. UserInsight helps you pair down the data set you're investigating to the users, machines, and timeframe you're interested in. As a result, Acosta Sales & Marketing was able to shorten their incident response time by 20x.

See user context for all activities

Tracking a user through all systems for a single day likely takes you several hours of painful, manual searches. UserInsight gives you an instant snapshot of a user's activity across local and domain accounts, cloud services, applications, and mobile devices.

5-Minute Demo Video:
Investigate Incidents Faster with User Context
Enable all team members to investigate an incident

Analysis and investigation often require sophisticated search queries and knowledge of the data structure. UserInsight makes investigation data highly accessible so that even junior team members can get answers quickly.

Keep years of data immediately available for analysis:

You likely keep only a few months of data readily searchable for analysis because your solution's licensing costs would otherwise go through the roof and the solution would be hard to scale. UserInsight's flexible cloud architecture keeps years of data available for investigations at no extra cost and without the headaches of on–premise solutions.

Pin your findings on a timeline:

When you are investigating an active attack, you don't have time to write a long report to communicate to the business. UserInsight enables you pin your findings on a timeline that you can easily share with your colleagues to coordinate a response – all without having to interrupt your incident investigation.

Investigate phishing attempts:

UserInsight detects users receiving and clicking on bad URLs and IPs, helps investigate other users who received the same phish, and integrates with Metasploit to train your users with simulated phishing emails.

I have connected as much as possible to it, including our antivirus solution for endpoint protection. The endpoint monitoring features in UserInsight are what I personally find to the be most valuable, because it encapsulates so many machines and scales to cover every endpoint, not just ones in the ‘PCI zone.

Nick Hidalgo
Director of IT
Redner’s Markets

Monitor Behavior from Endpoint to Cloud

Discover user behavior across your entire ecosystem

Getting a handle into domain user accounts is hard enough, let alone monitoring your entire ecosystem. UserInsight gives you visibility into activity across local and domain accounts, cloud services, applications, and mobile devices with user behavior analytics.

Bring analytics to your SIEM

You may already have a SIEM in place that serves as your central log repository and alerting platform. UserInsight integrates with leading SIEM solutions to consume log data, add user context, and provide high–quality alerts back to the system. If you don't have a SIEM, UserInsight can also consume logs directly from the source.

5-Minute Demo Video:
Expose Risky User Behavior from Endpoint to Cloud
Add user context to monitoring solutions

Intrusion detection systems, SIEMs and sandboxing solutions are typically IP–based, lacking user context. UserInsight enables you to identify which user was infected by malware or to reduce thousands of IPS alerts to a single user, so you can respond more timely.

Identify risky user behavior

Many breaches happen because bad practices went undetected. UserInsight ranks the users with the most risky behavior in your organization, outlining how they put the company at risk. It highlights risks such as employees sharing passwords or using unapproved cloud services so you can improve corporate security hygiene.

Discover cloud usage and monitor strategic cloud services

Cloud solutions such as,, and Amazon Web Services are essential to productivity but are often not monitored by your current security program. UserInsight integrates with dozens of cloud services to alert you of a compromise. It tells you what other cloud services your employees are accessing that you may not know about yet.

Watch application transactions

Intruders target databases and intranet systems that contain juicy data. UserInsight alerts if it detects suspicious transactions in applications such as MS SQL and Confluence.

Get value in days, not months:

Monitoring solutions take months to set up. Rapid7’s Quick Start Services help you set up in two days, on average, and ensures you experience continuous value.

Request a UserInsight Demo

Learn how to automatically detect and quickly investigate compromised credentials and other security incidents.

Request A Demo

Customer Story

Learn how the City of Corpus Christi uses UserInsight to secure their environment.


View Technology Integrations

See what Integration Partners we have for UserInsight