3 min
InsightIDR
Utilize File Integrity Monitoring to Address Critical Compliance Needs
To help organizations address their compliance auditing needs, we are excited to introduce file integrity monitoring (FIM) for InsightIDR.
3 min
Incident Detection
How to Alert on Rogue DHCP Servers
How to alert on rogue DHCP servers using network traffic as a data source. We look at how you can use Wireshark or LANGuardian to detect DHCP servers.
3 min
Incident Detection
5 Tips For Monitoring Network Traffic on Your Network
Monitoring traffic on your network is important if you want to keep it secure. These five tips will help you get the most out of your (NTA) tool.
3 min
InsightIDR
Detecting Inbound RDP Activity From External Clients
Today, we discuss how to detect inbound RDP activity from external clients.
4 min
Threat Intel
Q&A with Rebekah Brown, Rapid7 Threat Intel Lead, on Attacker Behavior Analytics
Hear from Rebekah Brown, Rapid7’s threat intel lead, on Attacker Behavior Analytics and how Rapid7 is developing next gen threat detections for customers.
2 min
Incident Detection
MAC Address Tracker: Generating a Network Inventory Database Using Network Traffic Analysis
Learn how to generate a network inventory database of all MAC addresses in your environment by monitoring your network traffic
2 min
User Behavior Analytics
Deception Technology in InsightIDR: Setting Up Honey Users
Having the ability to detect and respond to user authentication attempts is a
key feature of InsightIDR [https://www.rapid7.com/products/insightidr/],
Rapid7’s threat detection and incident response solution
[https://www.rapid7.com/solutions/incident-detection-and-response/]. Users can
take this ability one step further by deploying deception technology, like honey
users, which come built into the product. A honey user is a dummy user not
associated with a real person within your organization. B
2 min
InsightIDR
How to detect SMBv1 scanning and SMBv1 established connections
How to use network traffic analysis (NTA) to detect SMBv1 scanning and SMBv1 established connections.
2 min
InsightIDR
Rapid7 Quarterly Threat Report: 2018 Q1
Spring is here, and along with the flowers and the birds, the pollen and the
never-ending allergies, we bring you 2018’s first Quarterly Threat Report
[https://www.rapid7.com/info/threat-report/2018-q1-threat-report/]! For the
year’s inaugural report, we pulled an additional data set: significant events.
While we like to look at trends in alerts over time, there is almost never a
one-alert-per-incident correlation. Adversary actions involve multiple steps,
which generate multiple alerts, and aft
4 min
InsightIDR
How to detect weak SSL/TLS encryption on your network
In this blog, we break down how to detect SSL/TLS encryption on your network.
2 min
InsightIDR
How to detect new server ports in use on your network
In this blog, we discuss how to detect new server ports in use on your network.
3 min
InsightIDR
How To Detect Unauthorized DNS Servers On Your Network
DNS was never designed as a very secure protocol, and it is a popular target for attackers. Here is how you can detect unauthorized DNS servers on your network
2 min
InsightIDR
2017 Gartner Magic Quadrant for SIEM: Rapid7 Named a Visionary
If you’re currently tackling an active SIEM project, it’s not easy to dig
through libraries of product briefs and outlandish marketing claims. You can
turn to trusted peers, but that’s challenging in a world where most leaders
aren’t satisfied with their SIEM [https://www.rapid7.com/fundamentals/siem/],
even after generous amounts of professional services and third-party management.
Luckily, Gartner is no stranger to putting vendors to the test, especially for
SIEM, where since 2005 they’ve rele
5 min
SIEM
SIEM Market Evolution And The Future of SIEM Tools
There’s a lot to be learned by watching a market like SIEM adapt as technology evolves, both for the attackers and the analysis.
3 min
InsightIDR
InsightIDR Now Supports Multi-Factor Auth and Data Archiving
InsightIDR is now part of the Rapid7 platform. Learn more about our platform vision and how it enables you to have the SIEM solution you've always wanted.