Rules by Endpoint

Endpoint detection rules identify malicious actor activity through the logging provided by Rapid7's Insight Agent Endpoint Telemetry records from Windows, Mac and Linux operating systems. The Rapid7 Threat Intelligence team makes frequent updates to our detection rules to adapt to the ever-changing tactics of attackers.

Browse our existing Endpoint detection rules and review newly published detections and actionable recommendations.