The product allows us to make only 30 custom rules. The limit on custom rules must be changed.

Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one. 

Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries. In the future, I would like the tool to offer its uses with a pre-made set of queries.

The integration capabilities of the solution have certain shortcomings where improvements are required.

If possible, it would be great to see AI embedded in all the functionalities offered by the product.

Because Rapid7 was originally a vulnerability management solution, more and more companies are now moving towards their technologies and their existing SIEM applications and converting them to XDR solutions. Though Rapid7 provides its EDR option with SIEM, it has a long way to go to achieve an XDR status.

I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR because every SIEM solution provider is moving their solutions toward XDR.

The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources. 

One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level.

It could have intelligence. It is available as a separate product but not as a part of the platform itself.

Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already.

Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA). So, User Behavior Analytics (UBA) should be added in the new release.

I believe that Rapid7 InsightIDR has moved to a complete cloud-first strategy. The tools offered by Rapid7 InsightIDR are amazing. The product should have provided some capabilities to users who wanted to stay or use the tool's on-premises version, as it would have provided the solution with more acceptance in the market, especially in the Middle East region.

It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required.

They should add more configuration and security features to the solution.

Personally, I feel it would greatly benefit from more supported log sources. Additionally, the ability to tune the collector for custom logs would greatly help.

I would like the ability to adjust the threshold of certain existing alerts.  Currently the only option is to change the notifications or create my own alert. 

The main problem lies in the processes within the client's operating systems. XDR is superior to CMs. Observing how the processes function within the machine is essential if you are monitoring the client or servers, and not only the event with the first or second line but the third line is most important.

InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal. 

InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment. So it's a challenge to get the customer to see the benefits of a cloud-based product in terms of ROI. If they switch to a cloud application, they won't have to pay for hardware maintenance or inventory. So with the next update, the customers want to see how it applies to their environment and its advantages over on-premise solutions. 

The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in.

Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps.

I'd like to be able to get the compliance report within the solution which is currently not possible. For example, the P-Series was around 77001 compliance report of your SIEM solution. That option is unfortunately not available. 

Threat Intelligence: It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.

I'd like to see a better ability to customize the check within the console. Rules can be customized better if the integration is improved. They now have integration with CrowdStrike so maybe they could have some kind of integration with Microsoft.

Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition.

Although the solution has been improving continually in the time I have been using it, there could be areas of improvement. 

The one thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not.

The solution's XDR agents cannot compete with the XDR solutions out there yet. It has to be a stand-alone XDR solution, and I know they are working on that. They have to ensure that it has the full capabilities of an XDR solution.

The only thing I can think of to improve the product is that the interface for doing investigation needs to be enhanced. For example, we can add notes through the interface, but we can not attach files to the investigation. It would be a useful addition. It would give us more flexibility to resolve more complicated situations. 

I'd like to see a mobile application included and some feature related to the generality of segregation for internal users that access the application.

The APIs can be further improved in Rapid7. 

The dashboard is an area that could be simplified.  For management, it should be clear and the files should be there.

Earlier they didn't have a network flow capture product, so they were not able to capture the network flows. We were able to capture the logs but not the network flows. Now, they have acquired a company called NetFort, and now they are also using the capture network flows. This was one of the shortcomings of the product which they have now rectified after acquisition of the company.

Cloud risk assessment is one area where I think they need a lot of improvement.

The solution should have a CIS Benchmark in terms of, I would say, config change detection.