Overview

Welcome to the InsightIDR Detection Library! Browse our existing Attacker Behavior detection rules (ABA) and review recommendations for responding to alerts generated these detections rules. Attacker Behavior detection rules analyze the stream of endpoint and log events coming from event sources and look for events that might indicate attacker behavior. The Rapid7 Threat Detection and Response team makes frequent updates to our detection rules to adapt to the ever-changing tactics of malicious actors, so check back often for the latest updates. For information about the alerts generated by our User Behavior Analytics (UBA) rules, see built-in alerts.

View ABA and UBA Detection Rules in InsightIDR

You can view Attacker Behavior Analytics and User Behavior Analytics detection rules in InsightIDR by going to the left menu and selecting Detection Rules.

  • View your ABA detection rules under the Attacker Behavior Analytics tab.
  • View your UBA detection rules under the User Behavior Analytics tab.