It’s a great tool. The solution helps us a lot in threat detection. It’s one of the most updated tools. The UI is very good. We can easily start using the tool and explore it. It also provides features like legacy UBA that other products do not provide. We can customize the rules from the default template in InsightIDR. UBA is a great feature.

When a new user is created in Active Directory, an investigation is created. We can use the default features to create an investigation. The solution has many advanced features and default templates that help protect from attacks without a user’s intervention. It is quite impressive.

I like the tool's user analysis feature. 

The most valuable feature of the solution is the single pane of glass that allows me to see all the information in one spot. I can see at one spot to see all the information from all the logs and everything.

With Rapid7 InsightIDR, you must install the Insight Agent, after which you may get to see some of the risks affecting endpoints.

I like that it's a cloud-based solution. The features of all SIEM solutions are pretty much the same, but Rapid7 is user-friendly, totally cloud-based, and can integrate into the EDR solution whenever a customer wants it. Those are USPs for us.

During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group.  The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint.

It provides user entity behavior analysis and a threat intelligence framework, combining SIEM and EDR for automation. My experience with user behavior analytics is positive and wonderful. It allows fetching logs, managing users, and overseeing endpoints. The capability to conduct investigations and import applications, along with configuring endpoints by collecting data, adds to its functionality. The platform offers a variety of features, including a dashboard for new alerts. This dashboard provides a quick overview of the number of users, endpoints, and noticeable behaviors. 

The solution's most valuable feature is its ability to fetch insights on threats and log activities. 

The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days.

When something is happening, such as there is hacking or something else going on, the information provided is really helpful. It almost tells you what to do. It is enriched with a lot of information.

The solution is easy to use, and the interface is intuitive.

The most valuable feature of the product for managing security events stems from the fact that the product's intelligence part is very good since it offers its own threat intelligence and vulnerability management platform. The tool also has its own cloud security posture management platform. The tool also is a dynamic application security testing platform. The aforementioned tools fall under Rapid7 InsightIDR's kitty. The intelligence and the data that Rapid7 gathers from customers across the globe enrich the quality of its detection capabilities. All other tools in the market depend on third-party solutions for intelligence. Rapid7 InsightIDr has the intelligence part natively available within the product, giving it a good edge over other vendors.

The ability to ingest Office 365 log files, then process them into events and display them on a map. This feature is particularly useful as it allows us to view students who are attempting to bypass our content filters, and it shows us users who have been phished.

InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level, which is very important to me as a one-person security department.

Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network.

InsightIDR helps us investigate an environment to discover information about incidents. 

InsightIDR's dashboard shows you live activity from the threat. 

The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue.

Rapid7's reporting is more robust than Tenable's. 

There are numerous valuable features in this solution. Since it's cloud-based, the configuration is very simple, the collector will automatically sync to the cloud platform. The UEB, the User, Entity, and Behavioral Analytics, has helped us a lot. If there's a slight change in user behavior such as login patterns, my SOX is now able to detect it immediately.

• User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day. 
• Log search allows us to dive deep into aggregated logs and query all event types at once.

The features for user behavior analytics and the rules for attack review are valuable. I also like the honeypot feature. It's easy to integrate and collect data from other solutions. 

The alerting to drive investigations and remediation has been its most valuable feature. Plus the ability to quickly search multiple logs makes investigations easier. Log correlation and alerting are also helpful.

It gives us one place to have everything easily accessible and the ability to alert (including customisation of alerts).

• Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs.
• Great coverage of all systems within our network from endpoint to firewall.
• Integration with threat modeling from the Metasploit and InsightIDR repositories.
• Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns.

It gives all the advantages of a SIEM. However, using clever AI, it looks for patterns of behavior rather than just flooding me with all the alerts.

Rapid7 InsightIDR is a cloud-based solution. Customers don't have to provision storage either internally or externally, and everything is already factored into the cost of the solution. So that takes out the headache.

The solution is very scalable in terms of the licensing model. It's not licensed based on the number of EPS as in a traditional SIEM solution. It's licensed based on the number of assets, and I believe the customers have more control over their assets than their EPS.

The most valuable features have to do with ease-of-use. It is easy to check the events, investigate suspicious activities, and do forensic analysis. The web interface is great — very useful and user-friendly.  

The solution is very intuitive, it's easy to set up, is absolutely stable, and has a lot of integration with other security products.

Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling. 

The most valuable feature is monitoring.

The ease of use of the solution is excellent.

The individual setup is great. You can set it up and get it going in a short amount of time.

They have one agent for Insight where, basically, we can also install agents on Linux and Windows Servers as well as the endpoints. This agent provides for more capabilities in terms of threat detection. Normally, SIEM is more centered around log management and data mining. It's nice to have this extra layer. 

If you look at the agent part, the Insight agent, which is an optional component of InsightIDR, that agent also helps us to detect more threats, due to the fact that the endpoints are also vulnerable to a lot of security breaches. 

If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities.