Overview

Welcome to the InsightIDR Detection Library! Browse our existing Attacker Behavior detections (ABA) and review recommendations for responding to alerts generated these detections rules. Attacker Behavior detection rules analyze the stream of endpoint and log events coming from event sources and look for events that might indicate attacker behavior. The Rapid7 Threat Detection and Response team makes frequent updates to our detections to adapt to the ever-changing tactics of malicious actors, and we are working to get all our detections added to the Detection Library, so check back often for the latest updates. For information about the alerts generated by our User Behavior Analytics (UBA) rules, see built-in alerts.

Rapid7’s response to recent security breaches

View the detections that were deployed in response to the North Korean-state sponsored social engineering campaign and the Solarwinds breach on the Detection Library. Threat Detection and Respone Engineering team is continuing to update our detections as needed based on the latest publicly available information. For recent changes see the attacker tool section of the library or view the latest detections in InsightIDR by clicking Settings > Alert Settings, and selecting Attacker Behavior Analytics.

View ABA and UBA Detections in InsightIDR

You can view ABA and UBA detections in InsightIDR by going to the left menu and selecting Settings > Alert Settings.

  • To view your UBA detections, click the User Behavior Analytics tab.
  • For a complete view of your ABA detections, click the Attacker Behavior Analytics tab.