7 min
Research
Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader
In part one of our blog series, we discussed how a Rust based application was used to download and execute the IDAT Loader. In part two of this series, we will be providing analysis of how an MSIX installer led to the download and execution of the IDAT Loader.
3 min
Detection and Response
Sharpen Your IR Capabilities With Rapid7’s Detection and Response Workshop
Rapid7's Detection and Response Workshop helps you determine if your tools can immediately detect and respond to threats.
3 min
Detection and Response
Cybersecurity as Digital Detective Work: DFIR and Its 3 Key Components
We highlight 3 elements of a well-formulated digital forensics and incident response (DFIR) strategy.
4 min
Detection and Response
Attack vs. Data: What You Need to Know About Threat Hunting
While the definition of threat hunting may be straightforward—proactively hunting for threats—the reality of implementing a threat-hunting program is a bit more complicated, as there are different threat-hunting methodologies to choose from.
1 min
Detection and Response
InsightIDR’s NTA Capabilities Expanded to AWS
We’re excited to announce we have expanded the Network Traffic Analysis (NTA) capabilities in InsightIDR to support Amazon Web Services (AWS) environments.
2 min
InsightIDR
How to Combat Alert Fatigue With Cloud-Based SIEM Tools
Fortunately, there’s a way to get the visibility your team needs and streamline alerts: leveraging a cloud-based SIEM.
2 min
InsightIDR
Monitor Google Cloud Platform (GCP) Data With InsightIDR
Today, more and more organizations are adopting multi-cloud or hybrid environments, creating increasingly more dispersed security environments
11 min
Security Operations (SOC)
Talkin’ SMAC: Alert Labeling and Why It Matters
This blog post will demonstrate some common pitfalls of alert labeling, and offers a new framework for SOCs to use.
6 min
InsightIDR
InsightIDR: 2020 Highlights and What’s Ahead in 2021
As we kick off the New Year, we wanted to highlight some key InsightIDR product investments and take a look ahead at detection and response in 2021.
5 min
InsightIDR
Visualizing Network Traffic Data to Drive Action
In this blog, we cover the top five multi-groupby queries that can be used to visualize network sensor data with the Insight Network Sensor.
3 min
Detection and Response
2021 Detection and Response Planning, Part 3: Why 2021 Is the Year for SOC Automation
In this third installment of our series around 2021 security planning, we’re focused on SOC automation.
3 min
InsightIDR
Introducing Enhanced Endpoint Telemetry (EET) in InsightIDR
Rapid7 is excited to announce Enhanced Endpoint Telemetry (EET) in our SIEM, InsightIDR.
5 min
Detection and Response
2021 Detection and Response Planning, Part 2: Driving SOC Efficiency With a Detections-First Approach to SIEM
In this installment of our security planning series, we’ll explore the importance of reliable detections to drive an efficient security program forward.
4 min
InsightIDR
What’s New in InsightIDR: Q3 2020 in Review
This post offers a closer look at some of the recent updates and releases in InsightIDR from Q3 2020.
6 min
Detection and Response
Rapid7 Introduces “Active Response” for End-to-End Detection and Response
We are excited to announce the launch of our new Active Response capability as a part of our MDR Elite service