We performed a comparison between Rapid7 InsightIDR and Rapid7 InsightVM based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The machine learning and artificial intelligence on offer are great."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"Features for user behavior analytics and the rules for attack review are good."
"InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly."
"The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."
"The alerting to drive investigations and remediation has been its most valuable feature."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."
"The solution is very scalable in terms of the licensing model."
"Simple configuration and automatically syncs to the cloud platform."
"The solution works well."
"The pricing is reasonable."
"The reports in Rapid7 InsightVM are useful when compared to competitors."
"The most valuable features of Rapid7 InsightVM are the accurate level of scanning and the workflows are good."
"The most valuable feature for us is the different types of reporting it provides."
"I rate InsightVM eight out of 10 for ease of setup. It takes two or three engineers to deploy. The solution requires some maintenance. It's mainly cleaning up data."
"The most valuable feature is the vulnerability scan."
"We can create our own templates."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"The reporting could be more structured."
"The playbook is a bit difficult and could be improved."
"The dashboard is an area that could be simplified."
"The ability to tune the collector for custom logs would greatly help."
"Needs a better ability to customize the check within the console."
"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"The main problem lies in the processes within the client's operating systems."
"Inability to get access to compliance reports within the solution."
"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."
"The reporting is a little bit tricky because it can be difficult to exactly pinpoint some of the assets to filter them and generate a report."
"Their customer support should be improved, and the effectiveness of scans also needs to be improved."
"The InsightVM cannot scan if we connect to our customer by the VPN."
"InsightVM is getting a little stale and is in danger of falling behind its competitors."
"There are certain limitations because of the product being used on a hybrid model. Rapid7 InsightVM doesn't offer a solution purely in the cloud."
"All products have room for increased security and Rapid7 InsightVM is no exception."
"They should improve the cybersecurity feature of the solution."
"There have been instances where technical support takes a long time to update the status of a ticket, which is something that can be improved."
Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews while Rapid7 InsightVM is ranked 4th in Risk-Based Vulnerability Management with 55 reviews. Rapid7 InsightIDR is rated 8.4, while Rapid7 InsightVM is rated 8.0. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of Rapid7 InsightVM writes "You can scan a network, and receive recommendations to address vulnerabilities with the click of a button". Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Identity and CrowdStrike Falcon, whereas Rapid7 InsightVM is most compared with Tenable Nessus, Qualys VMDR, Tenable Security Center, Microsoft Defender Vulnerability Management and Wiz.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.