Incident Response Services
Penetration Testing Services
IoT Security Services
Training & Certification
Managed Vulnerability Management
Managed Application Security
Managed Detection & Response
Find a Partner
Rapid7 Insight is your home for SecOps, equipping you with the visibility, analytics, and automation you need to unite your teams and amplify efficiency.
Insight Platform Overview Try Now
User Behavior Analytics & SIEM
Orchestration & Automation
Need a hand with your security program? From planning and strategy to full service support, our experts have you covered.
Need immediate help with a breach?
Automation has come to the Rapid7 Insight platform, bringing new incident detection and response capabilities to InsightIDR. In this short video, we show you how to seamlessly disable users directly from an investigation in InsightIDR.
Want to learn more? Start your free trial today.
For years, Rapid7 InsightIDR has been providing best-of-breed detection capabilities to security operations centers and professionals. Whenever you get an alert, notable user and asset behavior is shown on a visual investigation timeline.
For example, this alert fired because Levi Allison authenticated to an asset tagged as ‘restricted’ in InsightIDR. From our User Behavior Analytics, which baseline normal authentications, we know that “l-allison’s” login is anomalous. Since the user’s credentials have also authenticated to new assets, it’s a sign the password might be compromised.
Now, not only do you have the necessary context to make a decision regarding “l-allison”, but you can take action directly from an investigation to contain the threat. In this case, let’s look at deprovisioning Levi’s accounts from within InsightIDR. Choose from our list of supported vendors, which include Active Directory and Okta for user-level containment.
Setup is simple. Test the connection with the integration partner once, and you’re off to the races. Set up a response workflow, and use the Take Action feature to select which user accounts to suspend. You’ll receive real-time updates as the containment progresses.
InsightIDR doesn’t stop there. Designate decision points to let your team weigh in when it’s most critical. You’ll receive notifications when workflows have been paused and need input, ensuring you stay on top of critical processes.
When taking action, you’ll see the real-time progress of the ongoing workflow, including an audit log of all tasks involved with automation. You’ll also receive a notification letting you know that the action successfully completed.
The Automation module shows a lifetime history of all automated workflows and actions that have run on behalf of your team directly within InsightIDR, and it will notify you as plugin updates are released.
In addition to taking action on user accounts, InsightIDR supports workflows for endpoint containment through Carbon Black Response and VLAN quarantine with Cisco ISE. Looking for further customization? Any custom workflows created in Rapid7 InsightConnect can also be triggered from InsightIDR.
Bring your existing security tools together, so your team can respond to incidents faster. See what other incident detection and response tasks you can automate. Start a free trial of InsightIDR today.
See what other incident detection and response capabilities you can automate.