Skip to main content

Rapid7 InsightIDR

Download With Dependencies

Rapid7 InsightIDR is a Cloud-Based SIEM that detect and respond to security incidents.

Overview

Rapid7 InsightIDR is a cloud-based SIEM that provides real-time alerting and investigation tools to detect and respond to security incidents.
The Rapid7 InsightIDR integration can significantly improve your organization's incident response capabilities and overall security posture.

This integration was integrated and tested with version 1.0.0 of Rapid7 InsightIDR.

What does this pack do?

  • Fetch investigations automatically from InsightIDR and populate incident fields in Cortex XSOAR.

  • Retrieve and manage investigations, as well as assign users to investigations.

  • Create, update, and delete threat indicators within InsightIDR lists.

  • Execute queries and download logs stored in the InsightIDR instance.

This pack includes the following playbooks:

  • Rapid7 InsightIDR - Indicator Hunting - queries Rapid7 InsightIDR for various indicators and returns the results.

  • Rapid7 InsightIDR - Traffic Indicators Hunting - queries Rapid7 InsightIDR for traffic indicators and returns the results.

  • Rapid7 InsightIDR - HTTP Requests Indicators Hunting - queries Rapid7 InsightIDR for HTTP requests indicators and returns the results.

  • Rapid7 InsightIDR - File Indicators Hunting - queries Rapid7 InsightIDR for file indicators and returns the results.

  • Rapid7 InsightIDR - Execution Flow Indicators Hunting - queries Rapid7 InsightIDR for execution flow indicators and returns the results.

Overview

Rapid7 InsightIDR is a cloud-based SIEM that provides real-time alerting and investigation tools to detect and respond to security incidents.
The Rapid7 InsightIDR integration can significantly improve your organization's incident response capabilities and overall security posture.

This integration was integrated and tested with version 1.0.0 of Rapid7 InsightIDR.

What does this pack do?

  • Fetch investigations automatically from InsightIDR and populate incident fields in Cortex XSIAM.

  • Retrieve and manage investigations, as well as assign users to investigations.

  • Create, update, and delete threat indicators within InsightIDR lists.

  • Execute queries and download logs stored in the InsightIDR instance.

This pack includes the following playbooks:

  • Rapid7 InsightIDR - Indicator Hunting - queries Rapid7 InsightIDR for various indicators and returns the results.

  • Rapid7 InsightIDR - Traffic Indicators Hunting - queries Rapid7 InsightIDR for traffic indicators and returns the results.

  • Rapid7 InsightIDR - HTTP Requests Indicators Hunting - queries Rapid7 InsightIDR for HTTP requests indicators and returns the results.

  • Rapid7 InsightIDR - File Indicators Hunting - queries Rapid7 InsightIDR for file indicators and returns the results.

  • Rapid7 InsightIDR - Execution Flow Indicators Hunting - queries Rapid7 InsightIDR for execution flow indicators and returns the results.

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedDecember 29, 2020
Last ReleaseFebruary 11, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.