Rapid7 InsightIDR Reviews
Mar 13 2018
What is most valuable?InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the… more»
How has it helped my organization?With the full suite of Rapid7 products, I am able to provide effective oversight to the information security program with measurable progress. This is a very difficult… more»
What needs improvement?I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert.
What's my experience with pricing, setup cost, and licensing?Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help.
Which solution did I use previously and why did I switch?I actually purchased the predecessor, InsightUBA, which quickly changed into the insightIDR that we have today. There was no other previous solution.
What other advice do I have?In the past I have made several requests and have had the opportunity to work with developers and user-interface specialists to add enhancements to the product. The effort… more»
Which other solutions did I evaluate?I did not consider any other options in depth. Most other options I saw required one or more full-time employees to maintain.
Oct 05 2018
Users/endpoints focus gives us more understanding of network events, allowing us to see behavior patterns
What is most valuable?The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort… more»
How has it helped my organization?The focus on users/endpoints gives us so much more understanding of the events going on across the network, allowing us to step back from looking at logs only to see the… more»
What needs improvement?The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user… more»
What's my experience with pricing, setup cost, and licensing?Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's… more»
Which solution did I use previously and why did I switch?A private ELK stack was used originally. We moved off of it as we wanted to ensure that we were focusing on the security of the company, and not writing log parsing rules… more»
What other advice do I have?Have a plan going forward (Syslog exports, agent-based collection, etc.) and ensure WMI is available if using Windows Servers. It was very easy to set up, but… more»
Which other solutions did I evaluate?AlienVault, LogRhythm, Qualys.
Find out what your peers are saying about Rapid7, Splunk, AT&T and others in Security Information and Event Management (SIEM). Updated: January 2020.
391,616 professionals have used our research since 2012.
Mar 13 2018
What is most valuable?* Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs. * Great coverage of all systems within our network from endpoint to… more»
How has it helped my organization?We were able to identify criminals attempting to login from China and put a stop on their IP locations.
What needs improvement?Although the solution has been improving continually in the time I have been using it, there could be areas of improvement. The one thing that springs to mind is easier… more»
What's my experience with pricing, setup cost, and licensing?I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.
Which solution did I use previously and why did I switch?This was our first look at a security as a single entity. After creating a threat register, we were able to mitigate over two-thirds of the threats with this one product.
What other advice do I have?Use it. The setup is minimal, but the payback is phenomenal.
Which other solutions did I evaluate?At the time, there was no other product that came close to InsightIDR feature set coupled with Rapid7's world leading security position producing other products, such as… more»
Sep 26 2018
What is most valuable?The alerting to drive investigations and remediation has been its most valuable feature. Plus the ability to quickly search multiple logs makes investigations easier. Log… more»
How has it helped my organization?The tool has improved my organization by: * Building a security alerting program; * IDR-driven improved patching; * Implementing IVM.
What needs improvement?Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition.
What's my experience with pricing, setup cost, and licensing?The pricing and licensing are competitive. Licensing is simple and straightforward.
Which solution did I use previously and why did I switch?We did not previously use a different solution.
What other advice do I have?You should use it to drive change within your IT from a security point of view. Run a PoC and see exactly what it can do for you. The simple setup means it will be running… more»
Which other solutions did I evaluate?We did not evaluate any other solution in the market.
Jan 08 2020
What is most valuable?The most valuable features have to do with ease-of-use. It is easy to check the events, investigate suspicious activities, and do forensic analysis. The web interface is great — very useful and user-friendly.
What needs improvement?The only thing I can think of to improve the product is that the interface for doing investigation needs to be enhanced. For example, we can add notes through the interface, but we can not attach files to the investigation. It would be a useful addition. It would give us more flexibility to resolve more complicated situations.
What other advice do I have?On a scale from one to ten where one is the worst and ten is the best, I would rate this product as a nine-out-of-ten. It is very good but it could be better with a few details that would improve the utility of the investigations interface.
Mar 14 2018
User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day
What is most valuable?* User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day. * Log search allows us to dive deep into aggregated… more»
How has it helped my organization?InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly.
What needs improvement?Threat Intelligence: It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.
What's my experience with pricing, setup cost, and licensing?Accurately predict your licensing counts as this is a subscription based product.
Which solution did I use previously and why did I switch?We did not use a previous solution.
What other advice do I have?The product is a shift in paradigm being cloud-based with cloud storage. Be prepared to set up several virtual collector servers within your network, if you have a large… more»
Which other solutions did I evaluate?We evaluated FireEye Helix, LogRhythm, Splunk, and IBM QRadar.
Mar 13 2018
What is most valuable?The ability to ingest Office 365 log files, then process them into events and display them on a map. This feature is particularly useful as it allows us to view students who are attempting to bypass our content filters, and it shows us… more»
How has it helped my organization?I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters.
What needs improvement?Personally, I feel it would greatly benefit from more supported log sources. Additionally, the ability to tune the collector for custom logs would greatly help.
What's my experience with pricing, setup cost, and licensing?This is a great product. The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.
Which other solutions did I evaluate?We did PoC with a couple of other products. However, Rapid7 InsightIDR was the best product for our needs and budget. We evaluated LogRhythm and AlienVault. Both were inferior in regards to pricing or performance.
User Assessments By Topic About Rapid7 InsightIDR
Rapid7 InsightIDR Questions
What is Rapid7 InsightIDR?
Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.
Also known asInsightIDR
Rapid7 InsightIDR customers
Liberty Wines, Pioneer Telephone, Visier