Welcome to the InsightIDR Detection Library! Browse our existing Attacker Behavior Analytics detection rules (ABA) and review recommendations for responding to alerts generated by these detections rules. ABA detection rules analyze the stream of endpoint and log events coming from event sources and look for events that might indicate attacker behavior. The Rapid7 Threat Detection and Response team makes frequent updates to our detection rules to adapt to the ever-changing tactics of malicious actors, so check back often for the latest updates. For information about the alerts generated by our User Behavior Analytics (UBA) detection engine, see UBA Detection Rules.

View ABA and UBA Detection Rules in InsightIDR

You can view Attacker Behavior Analytics and User Behavior Analytics detection rules in InsightIDR by going to the left menu and selecting Detection Rules.

  • View your ABA detection rules under the Attacker Behavior Analytics tab. You can use the filter panel to show either our Log and Process Rules, which source data from endpoints and logs, or our Network Sensor Rules, which use network traffic as a source.
  • View your UBA detection rules under the User Behavior Analytics tab.