Last updated at Thu, 25 Jul 2024 19:37:08 GMT
Two key ways InsightIDR helps customers tailor reporting, detection, and response — without any headaches
For far too many years, security teams have accepted that with a SIEM comes compromise. You could have highly tailored and custom rule sets, but it meant endless amounts of tuning and configuration to create and manage them. You could have pre-built content, but that meant rigidity and noise. You could have all the dashboard bells and whistles, but that meant finding the unicorn that knew how to navigate them. Too many defenders have carried this slog, accepting this traditional SIEM reality as "it is what it is." No more!
It's possible to have it all — an intuitive interface and sophisticated tuning and customization
With InsightIDR, Rapid7's leading SIEM and XDR, you can have the best of both worlds — an easy-to-use tool that's also incredibly sophisticated. InsightIDR makes it easy and intuitive to tune your detections (without heavy script-writing or configuration required). When it comes to viewing your environment's data and sharing key metrics, our Dashboard Library and reports are readily available and highly customizable for your unique needs.
Filter out the noise with fine-tuned alerts
Every time an analyst creates an alert it takes work. At Rapid7, we want to save you time and advance your security posture — which is where our Detections Library comes in. Curated and managed by our MDR SOC team, you can rest assured that you'll only be alerted to behaviors that are worthy of human review so that you can make the most out of your limited time and focus on the threats that really matter.
While we focus on creating a curated, high-fidelity library of detections, we know each environment has its unique challenges — which is why our attacker behavior analytics (ABA) detections are robustly tuneable. You can also get more granular with your tuning and take the following actions:
- Create custom alerts when your organization calls for niche detections.
- Customize UBA directions so you're in control of which you have turned on to align your alerting with your environment.
- Modify ABA detections by changing the rule action, modifying its priority, and adding exceptions to the rule.
- Stay on top of potential noise with Relative Activity, a new score for ABA detection rules that analyzes and identifies detection rules that might cause frequent investigations or notable events if switched on, as well as determines which rules may benefit from tuning, either by changing the Rule Action or adding exceptions.
Customize dashboards and reports to best suit your team
With InsightIDR, teams have access to over 45 (and counting) dashboards out of the box — from compliance dashboards for frameworks like HIPAA or ISO to Active Directory Admin Activity — to help your team focus on driving faster decision-making.
Analysts can also leverage this pre-built content as a springboard for customizing their own reports. InsightIDR provides multiple query modes and methods for creating data visualizations — so whether you are more comfortable with loose keyword search, working in our intuitive query language, or simply clicking on charts to narrow down results — every analyst can operate as an expert, regardless of their prior SIEM experience.
InsightIDR also makes it easy to share findings and important metrics with anyone in your organization — send an interactive HTML or PDF report of any dashboard with the click of a button.
Check out the other ways InsightIDR can help drive successful detection and response for your team here.
Additional reading:
- Rapid7 MDR Reduced Breaches by 90% via Greater Efficiency to Detect, Investigate, Respond to, and Remediate Breaches
- Today’s SOC Strategies Will Soon Be Inadequate
- What's New in InsightIDR: Q2 2022 in Review
- [The Lost Bots] Season 2, Episode 1: SIEM Deployment in 10 Minutes