Posts tagged InsightIDR

Announcing CyberArk and InsightIDR Integration: Connect CyberArk with InsightIDR to Visualize and Investigate Your Privileged Access

To help companies monitor user behavior, secure privileged access, and identify attacks on passwords, we are teaming up with CyberArk.

2 min SIEM

SIEM Delivery Models: Where Do Today’s Risks and Future Technology Lead Us?

Recently, we partnered with Ultimate IT Security to discuss the current and future state of SIEM technology, and how it’s evolving to address current risks.

3 min InsightIDR

Utilize File Integrity Monitoring to Address Critical Compliance Needs

To help organizations address their compliance auditing needs, we are excited to introduce file integrity monitoring (FIM) for InsightIDR.

3 min Incident Detection

How to Alert on Rogue DHCP Servers

How to alert on rogue DHCP servers using network traffic as a data source. We look at how you can use Wireshark or LANGuardian to detect DHCP servers.

7 min InsightIDR

Windows Event Forwarding: The Best Thing You’ve Never Heard Of

This blog post will discuss how to get logs into your SIEM and create custom alerts to detect certain behaviors in those logs.

7 min Log Management

Rolling with Your Logs, Part 3: Using Regex to Expand Your Search Options

In this final installment of our Log Search series, we’ll look at some simple regular expressions that will greatly expand your Log Search options.

4 min Incident Detection

5 Tips For Monitoring Network Traffic on Your Network

Monitoring traffic on your network is important if you want to keep it secure. These five tips will help you get the most out of your (NTA) tool.

6 min InsightIDR

Rolling with Your Logs, Part 2: Advanced Mode Searches

In the Part 2 of this three-part series on InsightIDR Log Search, we will cover three concepts: parsed logs, groupby function, and log search operations.

4 min InsightIDR

Rolling with Your Logs, Part 1: Your Guide to Log Search in InsightIDR

In the first installment of this series, we'll cover the three most important basics of log search, then run through a few common Simple Mode searches.

17 min InsightIDR

Universal Event Formats in InsightIDR: A Step-by-Step NXLog Guide

Follow this step-by-step walkthrough to use NXLog to transform an ingress authentication log into UEF.

3 min InsightIDR

Detecting Inbound RDP Activity From External Clients

Today, we discuss how to detect inbound RDP activity from external clients.

4 min InsightIDR

How to Set Up Your Security Operations Center (SOC) for Success

Whether you’re looking to add coverage or are experiencing challenges with your existing security operations center (SOC), it's important to consider these factors before making a decision.

4 min Threat Intel

Q&A with Rebekah Brown, Rapid7 Threat Intel Lead, on Attacker Behavior Analytics

Hear from Rebekah Brown, Rapid7’s threat intel lead, on Attacker Behavior Analytics and how Rapid7 is developing next gen threat detections for customers.

2 min Incident Detection

MAC Address Tracker: Generating a Network Inventory Database Using Network Traffic Analysis

Learn how to generate a network inventory database of all MAC addresses in your environment by monitoring your network traffic

2 min InsightIDR

Deception Technology in InsightIDR: Setting Up Honeypots

In order to overcome the adversary, we must first seek to understand. By understanding how attackers operate, and what today’s modern network looks like from an attacker’s perspective, it’s possible to deceive an attacker, or at least have warning around internal network compromise. Today, let’s touch on a classic deception technology [https://www.rapid7.com/solutions/deception-technology/] that continues to evolve: the honeypot. Honeypots [https://www.rapid7.com/fundamentals/honeypots/] are de