Use Threat Command to manage alerts, CVEs, IOCs, and assets by accounts and MSSP accounts.

Note: Support for this Pack was moved to Partner starting November 09, 2023. In case of any issues arise, please contact the Partner directly at support@rapid7.com.

Rapid7 Threat Command Pack

Rapid7 Threat Command content pack is designed to help users manage alerts, CVEs, IOCs, and assets by accounts and MSSP accounts.

What does this pack do?

Alert management
Account CVE management.
Account asset management.
Account and public IOC management, including the ability to create and add account IOC sources and IOCs.
Cyber-term retrieval from the Threat Library.
System module information retrieval.

The integration in this pack is designed to facilitate controlled changes to alerts, indicators, assets, and CVEs by accounts and MSSP accounts.

Note: Support for this Pack was moved to Partner starting November 09, 2023. In case of any issues arise, please contact the Partner directly at support@rapid7.com.

Rapid7 Threat Command Pack

Rapid7 Threat Command content pack is designed to help users manage alerts, CVEs, IOCs, and assets by accounts and MSSP accounts.

What does this pack do?

Alert management
Account CVE management.
Account asset management.
Account and public IOC management, including the ability to create and add account IOC sources and IOCs.
Cyber-term retrieval from the Threat Library.
System module information retrieval.

The integration in this pack is designed to facilitate controlled changes to alerts, indicators, assets, and CVEs by accounts and MSSP accounts.

Classifiers

Name	Description
Rapid7 ThreatCommand - Incoming Mapper	Rapid7 ThreatCommand - Incoming Mapper

Incident Fields

Name	Description
Rapid7 ThreatCommand Attachments
Rapid7 ThreatCommand CSV
Rapid7 ThreatCommand Tags
Rapid7 ThreatCommand Source Network Type
Rapid7 ThreatCommand Takedown Status
Rapid7 ThreatCommand Source URL
Rapid7 ThreatCommand Source Type
Rapid7 ThreatCommand Related Threat IDs
Rapid7 ThreatCommand Source Date
Rapid7 ThreatCommand Status
Rapid7 ThreatCommand Related IOCs
Rapid7 ThreatCommand Source Email
Rapid7 ThreatCommand Subtype
Rapid7 ThreatCommand Assets

Incident Types

Name	Description
Rapid7 ThreatCommand Alert

Integrations

Name	Description
IntSights (Deprecated) (Partner Contribution)	Deprecated. Use Rapid7 Threat Command instead.
Rapid7 - Threat Command (IntSights) (Partner Contribution)	Rapid7 Insight - Threat Command allows managing alerts, CVEs, IOCs, and assets by accounts and MSSP accounts.

Layouts

Name	Description
Rapid7 ThreatCommand - Layout	Layout for Rapid7 ThreatCommand

Playbooks

Name	Description
Retrieve Alert Attachments - Rapid7 ThreatCommand	This playbook is used by default for the Rapid7 ThreatCommand alerts being ingested as XSOAR incidents. This playbook retrieves attachments (CSV file and images) using the Alert ID incident field.

Widgets

Name	Description
API Call Results for Rapid7 Threat Command

Classifiers

Name	Description
Rapid7 ThreatCommand - Incoming Mapper	Rapid7 ThreatCommand - Incoming Mapper

Incident Fields

Name	Description
Rapid7 ThreatCommand Takedown Status
Rapid7 ThreatCommand CSV
Rapid7 ThreatCommand Source Date
Rapid7 ThreatCommand Source Email
Rapid7 ThreatCommand Attachments
Rapid7 ThreatCommand Status
Rapid7 ThreatCommand Source Type
Rapid7 ThreatCommand Source Network Type
Rapid7 ThreatCommand Subtype
Rapid7 ThreatCommand Source URL
Rapid7 ThreatCommand Tags
Rapid7 ThreatCommand Related Threat IDs
Rapid7 ThreatCommand Assets
Rapid7 ThreatCommand Related IOCs

Incident Types

Name	Description
Rapid7 ThreatCommand Alert

Integrations

Name	Description
Rapid7 - Threat Command (IntSights) (Partner Contribution)	Rapid7 Insight - Threat Command allows managing alerts, CVEs, IOCs, and assets by accounts and MSSP accounts.
IntSights (Deprecated) (Partner Contribution)	Deprecated. Use Rapid7 Threat Command instead.

Playbooks

Name	Description
Retrieve Alert Attachments - Rapid7 ThreatCommand	This playbook is used by default for the Rapid7 ThreatCommand alerts being ingested as XSOAR alerts. This playbook retrieves attachments (CSV file and images) using the Alert ID alert field.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (5)

Pack Name	Pack By
Aggregated Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

3.1.9 - 7827247 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43566

Download

3.1.8 - R7448282 (March 5, 2026)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

3.1.7 - 4770511 (September 4, 2025)

Integrations

Rapid7 - Threat Command (IntSights)

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41158

Download

3.1.6 - R3980324 (June 26, 2025)

Integrations

Rapid7 - Threat Command (IntSights)

Metadata and documentation improvements.

Related pull requests:
- 39078

Download

3.1.5 - R2988527 (March 26, 2025)

Integrations

Rapid7 - Threat Command (IntSights)

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37164

Download

3.1.4 - R1324639 (August 29, 2024)

Integrations

Rapid7 - Threat Command (IntSights)

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.11.9.103066.

Related pull requests:
- 35455

Download

3.1.3 - 1142826 (July 2, 2024)

Integrations

Rapid7 - Threat Command (IntSights)

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.10.14.99865.

Related pull requests:
- 35045

Download

3.1.2 - 767481 (January 17, 2024)

Integrations

Rapid7 - Threat Command (IntSights)

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32259

Download

3.1.1 - 743135 (January 4, 2024)

Integrations

Rapid7 - Threat Command (IntSights)

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31967

Download

3.1.0 - 7001088 (November 27, 2023)

Incident Fields

Rapid7 ThreatCommand CSV
- Updated the incident field to include more columns.

Incident Types

Rapid7 ThreatCommand Alert
- Updated the default playbook for the incident type.

Integrations

Rapid7 - Threat Command (IntSights)

Added the network_type parameter for fetch incidents to filter on the network type of alert.
Added the retry mechanism for 429 and 5xx errors.
Updated the incident fetching mechanism to exclude attachment retrieval during polling. Instead, a new playbook has been introduced specifically for handling attachment retrieval. This implementation is expected to significantly enhance the overall performance of the incident fetching mechanism.
Updated the help README for setting up the integration instance.
Updated the test connectivity module to include more checks on the integration parameters.
Added the loggers at the required places.
Updated the threat-command-alert-csv-get command to return CSV data in the form of JSON.
Added the tooltip for multiple integration parameters.
Updated the Docker image to: demisto/python3:3.10.13.80593.

Layouts

Rapid7 ThreatCommand - Layout
Updated the layout for the changes related to alert attachments in the form of war room entries.

Mappers

Rapid7 ThreatCommand - Incoming Mapper

Updated the mapper for the changes related to alert attachments.

Playbooks

New: Retrieve Alert Attachments - Rapid7 ThreatCommand

New: This playbook is used by default for the Rapid7 ThreatCommand alerts being ingested as XSOAR incidents. This playbook retrieves attachments (CSV file and images) using the Alert ID incident field. (Available from Cortex XSOAR 6.8.0).

Related pull requests:
- 30954
- 31133

Download

3.0.7 - 6850782 (November 10, 2023)

Rapid7 - Threat Command (IntSights)

Completed adoption process.

Related pull requests:
- 30770
- 30771

Download

3.1.9 - 7827247 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43566

Download

3.1.8 - R7448282 (March 5, 2026)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

3.1.7 - 4761438 (September 4, 2025)

Integrations

Rapid7 - Threat Command (IntSights)

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41158

Download

3.1.6 - R3980324 (June 26, 2025)

Integrations

Rapid7 - Threat Command (IntSights)

Metadata and documentation improvements.

Related pull requests:
- 39078

Download

3.1.5 - R2988527 (March 26, 2025)

Integrations

Rapid7 - Threat Command (IntSights)

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37164

Download

3.1.4 - R1324639 (August 29, 2024)

Integrations

Rapid7 - Threat Command (IntSights)

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.11.9.103066.

Related pull requests:
- 35455

Download

3.1.3 - 1142826 (July 2, 2024)

Integrations

Rapid7 - Threat Command (IntSights)

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.10.14.99865.

Related pull requests:
- 35045

Download

3.1.2 - 767481 (January 17, 2024)

Integrations

Rapid7 - Threat Command (IntSights)

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32259

Download

3.1.1 - 743135 (January 4, 2024)

Integrations

Rapid7 - Threat Command (IntSights)

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31967

Download

3.1.0 - 7001088 (November 27, 2023)

Incident Fields

Rapid7 ThreatCommand CSV
- Updated the incident field to include more columns.

Incident Types

Rapid7 ThreatCommand Alert
- Updated the default playbook for the incident type.

Integrations

Rapid7 - Threat Command (IntSights)

Added the network_type parameter for fetch incidents to filter on the network type of alert.
Added the retry mechanism for 429 and 5xx errors.
Updated the incident fetching mechanism to exclude attachment retrieval during polling. Instead, a new playbook has been introduced specifically for handling attachment retrieval. This implementation is expected to significantly enhance the overall performance of the incident fetching mechanism.
Updated the help README for setting up the integration instance.
Updated the test connectivity module to include more checks on the integration parameters.
Added the loggers at the required places.
Updated the threat-command-alert-csv-get command to return CSV data in the form of JSON.
Added the tooltip for multiple integration parameters.
Updated the Docker image to: demisto/python3:3.10.13.80593.

Mappers

Rapid7 ThreatCommand - Incoming Mapper

Updated the mapper for the changes related to alert attachments.

Playbooks

New: Retrieve Alert Attachments - Rapid7 ThreatCommand

New: This playbook is used by default for the Rapid7 ThreatCommand alerts being ingested as XSOAR incidents. This playbook retrieves attachments (CSV file and images) using the Alert ID incident field. (Available from Cortex XSOAR 6.8.0).

Related pull requests:
- 30954
- 31133

Download

3.0.7 - 6850782 (November 10, 2023)

Rapid7 - Threat Command (IntSights)

Completed adoption process.

Related pull requests:
- 30770
- 30771

Download

Certification	Certified	Read more
Supported By	Partner
Created	November 9, 2020
Last Release	March 22, 2026

Rapid7 - Threat Command (IntSights)

Rapid7 Threat Command Pack

What does this pack do?

Rapid7 Threat Command Pack

What does this pack do?

Integrations

Rapid7 - Threat Command (IntSights)

Integrations

Rapid7 - Threat Command (IntSights)

Integrations

Rapid7 - Threat Command (IntSights)

Integrations

Rapid7 - Threat Command (IntSights)

Integrations

Rapid7 - Threat Command (IntSights)

Integrations

Rapid7 - Threat Command (IntSights)

Integrations

Rapid7 - Threat Command (IntSights)

Incident Fields

Incident Types

Integrations

Rapid7 - Threat Command (IntSights)

Layouts

Mappers

Rapid7 ThreatCommand - Incoming Mapper

Playbooks

New: Retrieve Alert Attachments - Rapid7 ThreatCommand

Rapid7 - Threat Command (IntSights)

Integrations

Rapid7 - Threat Command (IntSights)

Integrations

Rapid7 - Threat Command (IntSights)

Integrations

Rapid7 - Threat Command (IntSights)

Integrations

Rapid7 - Threat Command (IntSights)

Integrations

Rapid7 - Threat Command (IntSights)

Integrations

Rapid7 - Threat Command (IntSights)

Integrations

Rapid7 - Threat Command (IntSights)

Incident Fields

Incident Types

Integrations

Rapid7 - Threat Command (IntSights)

Mappers

Rapid7 ThreatCommand - Incoming Mapper

Playbooks

New: Retrieve Alert Attachments - Rapid7 ThreatCommand

Rapid7 - Threat Command (IntSights)

PUBLISHER

PLATFORMS

INFO

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER