The Investigation Insights – Rapid7 Insight IDR Integration allows you to easily Query Emails, IP Addresses, Domains, and URLs in Query Logs. The integration supports regular WHERE queries as well as groupby and calculate queries.
Rapid7 is a cybersecurity company that offers a range of security solutions, which provides comprehensive vulnerability management by identifying and prioritizing vulnerabilities across networks, systems, and applications. The Insight Platform(s) integrate multiple security solutions, such as InsightVM, InsightIDR, and others, to offer a unified approach to vulnerability management, threat detection, and incident response, simplifying complex security tasks for organizations
Integrated Dataminr Products
Investigation Insights
Rapid7 InsightIDR with Investigation Insights
Rapid7 AttackerKB with Investigation Insights
Rapid7 AttackerKB provides a forum for the security community to share insights and views that might otherwise get lost in all the hype and chaos, or dismissed as merely anecdotal. The Investigation Insights AttackerKB integration allows for CVEs on the analyst screen to be queried against the “Topic” API.
Rapid7 Nexpose with Investigation Insights
The Investigation Insights – Nexpose integration enables analysts to quickly get an understanding if there are any potential vulnerabilities within their networks. By searching IPs and CVEs to get the Nexpose vulnerabilities reports to see what is vulnerable on a box and how a CVE might affect the network.
Examples
IP Overview
- Summary Tags: When searching for IPs in Nexpose analysts can quickly know if there are any critical vulns or exploits related to the box, see if it is violating any policies set forth and even get a snapshot of the operating system. Enabling analysts to quickly get a snapshot of the IP and see if there could be any potential risk associated with it.
- Asset and Vulnerability Information: When drilling into the details of the IP address, analysts can get more context on the IP’s operating system, its vulnerabilities and services associated. Allowing for a more complete picture of the vulnerabilities associated with the asset.
- Criticality and Tags: Also while looking at the details analysts can see any associated tags and even adjust the criticality of the asset if it does not meet the current threshold it is set to.
CVE Overview
- Summary Tags: When searching CVEs in Nexpose analysts can quickly get a snapshot of the asset(s) that the CVE is related to. Knowing the number of vulnerabilities, exploits and what asset it might affect, allows analysts to quickly triage that box to resolve the issue. If there are multiple assets affected by the CVE then analysts can quickly get an understanding of the depth and breadth of the vulnerability in their network.
- Asset Information: When drilling into the details of the CVE lookup analysts can get an understanding of up to ten assets that the CVE is related to. From there the analysts can quickly pivot out to Nexpose for further analysis.
IntSights with Investigation Insights
The Investigation Insights – IntSights integration queries Intsights Threat Command data set to provide insights into what Intsights ETP suite has found and mitigated. Allowing analysts to have a full complete picture of what is occurring within their network.
The IntSights ETP Suite monitors thousands of sources across the clear, deep, and dark web to identify threats that directly target your unique digital footprint. IntSights Threat Command finds and mitigates external threats that directly target your organization, employees, and customers.
Looking for Integration Not Shown
