Welcome to the InsightIDR Detection Library! Browse our existing Attacker Behavior detections (ABA) and review recommendations for responding to alerts generated these detections rules. Attacker Behavior detection rules analyze the stream of endpoint and log events coming from event sources and look for events that might indicate attacker behavior. The Rapid7 Threat Intelligence team makes frequent updates to our detections to adapt to the ever-changing tactics of malicious actors.

More detection content is on the way!

We are working to get all our detections added to the Detection Library, so check back soon for the latest updates. For information about the alerts generated by our User Behavior Analytics (UBA) rules, see built-in alerts.

Attacker Behavior Analytics and User Behavior Analytics in InsightIDR

You can view ABA and UBA detections in InsightIDR by going to the left menu and selecting Settings > Alert Settings.

  • To view your UBA detections, click the User Behavior Analytics tab.
  • For a complete view of your ABA detections, click the Attacker Behavior Analytics tab.