Rapid7 InsightIDR Reviews

Rapid7 InsightIDR is the #5 ranked solution of our top User Behavior Analytics - UEBA tools. It's rated 4.4 out of 5 stars, and is most commonly compared to Splunk - Rapid7 InsightIDR vs Splunk

Filter by:
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Real User
Director at a tech vendor with 11-50 employees
Jul 22 2020

What is most valuable?

The ease of use of the solution is excellent. The individual setup is great. You can set it up and get it going in a short amount of time. They have one agent for Insight where, basically, we can also install agents on Linux and Windows… more »

What needs improvement?

Earlier they didn't have a network flow capture product, so they were not able to capture the network flows. We were able to capture the logs but not the network flows. Now, they have acquired a company called NetFort, and now they are also… more »

What's my experience with pricing, setup cost, and licensing?

If you look at any other SIEM solution, the license is based on events per second or EPS based licensing. Here, the licensing is the number of assets, and the number of days the log would be retained on their cloud. That is one of the huge… more »

Which solution did I use previously and why did I switch?

I've used other products such as QRadar and other SIEM solutions and I find this solution is much more simplified and user-friendly. Their DNA is also really in security, which they can feed quite effectively into their SIEM. They… more »

What other advice do I have?

We are solution partners. The solution has a console with everything on the cloud, however, only the centers, the log collectors, are on-premise. This solution is actually cloud-based. People who want a solution, a very simplified and easy… more »
Real User
Information Security Manager at a tech vendor with 51-200 employees
Oct 05 2018

What is most valuable?

The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort… more »

How has it helped my organization?

The focus on users/endpoints gives us so much more understanding of the events going on across the network, allowing us to step back from looking at logs only to see the… more »

What needs improvement?

The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user… more »

What's my experience with pricing, setup cost, and licensing?

Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's… more »

Which solution did I use previously and why did I switch?

A private ELK stack was used originally. We moved off of it as we wanted to ensure that we were focusing on the security of the company, and not writing log parsing rules… more »

What other advice do I have?

Have a plan going forward (Syslog exports, agent-based collection, etc.) and ensure WMI is available if using Windows Servers. It was very easy to set up, but… more »

Which other solutions did I evaluate?

AlienVault, LogRhythm, Qualys.
Find out what your peers are saying about Rapid7, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: August 2020.
438,246 professionals have used our research since 2012.
Real User
Security Manager
Sep 26 2018

What is most valuable?

The alerting to drive investigations and remediation has been its most valuable feature. Plus the ability to quickly search multiple logs makes investigations easier. Log… more »

How has it helped my organization?

The tool has improved my organization by: * Building a security alerting program; * IDR-driven improved patching; * Implementing IVM.

What needs improvement?

Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing are competitive. Licensing is simple and straightforward.

Which solution did I use previously and why did I switch?

We did not previously use a different solution.

What other advice do I have?

You should use it to drive change within your IT from a security point of view. Run a PoC and see exactly what it can do for you. The simple setup means it will be running… more »

Which other solutions did I evaluate?

We did not evaluate any other solution in the market.
Real User
IT Engineer Security Operation Team at a tech services company with 201-500 employees
Jan 08 2020

What is most valuable?

The most valuable features have to do with ease-of-use. It is easy to check the events, investigate suspicious activities, and do forensic analysis. The web interface is great — very useful and user-friendly.

What needs improvement?

The only thing I can think of to improve the product is that the interface for doing investigation needs to be enhanced. For example, we can add notes through the interface, but we can not attach files to the investigation. It would be a useful addition. It would give us more flexibility to resolve more complicated situations.

What other advice do I have?

On a scale from one to ten where one is the worst and ten is the best, I would rate this product as a nine-out-of-ten. It is very good but it could be better with a few details that would improve the utility of the investigations interface.

What is Rapid7 InsightIDR?

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Also known as
InsightIDR
Rapid7 InsightIDR customers

Liberty Wines, Pioneer Telephone, Visier

Read Archived Reviews
BUYER'S GUIDE
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Rapid7, Splunk, IBM, and more!