Endpoint Detection Rules

On September 16, 2021, we released 526 new detection rules

What was added: We have expanded our coverage of Windows, Mac and Linux suspicious process threats, covering a wide variety of techniques on the MITRE ATT&CK matrix.

What to expect: These rules are preconfigured to automatically create investigations, so you may see a temporary increase in investigations. You can tune these detection rules by creating exceptions and modifying the rule actions to only create investigations for the rules most important to your environment.

Endpoint detection rules identify malicious actor activity through the logging provided by Rapid7's Insight Agent Endpoint Telemetry records from Windows, Mac and Linux operating systems. The Rapid7 Threat Intelligence team makes frequent updates to our detection rules to adapt to the ever-changing tactics of attackers.

Browse our existing Endpoint detection rules and review newly published detections and actionable recommendations.