Investigate Digital Risk Protection (Threat Command) Alerts

Digital Risk Protection (Threat Command) finds and mitigates external threats that target your organization. You can ingest and investigate Digital Risk Protection (Threat Command) alerts in SIEM (InsightIDR) to gain visibility across your attack surface and accelerate prioritization and response.

ℹ️

Enabling Digital Risk Protection (Threat Command) alerts as an MDR customer

If you are a managed detection and response (MDR) customer, you can enable Digital Risk Protection (Threat Command) to send alerts to SIEM (InsightIDR). These Digital Risk Protection (Threat Command) alerts will not be managed by the MDR SOC team.

Requirements

To access Digital Risk Protection (Threat Command) Alerts in SIEM (InsightIDR), you’ll need:

An SIEM (InsightIDR) Ultimate or SIEM (InsightIDR) Advanced license
A Digital Risk Protection (Threat Command) license

Send Digital Risk Protection (Threat Command) alerts to SIEM (InsightIDR)

To get started, you will first need to enable Digital Risk Protection (Threat Command) to send alerts to SIEM (InsightIDR).

In SIEM (InsightIDR), navigate to Settings from the left menu.
Under the Account section, click Digital Risk Protection (Threat Command) Alerts.
Switch the toggle on to start sending Digital Risk Protection (Threat Command) Alerts to SIEM (InsightIDR).

Manage Digital Risk Protection (Threat Command) detection rules

Once you have enabled Digital Risk Protection (Threat Command) to send alerts to SIEM (InsightIDR), you can manage your Digital Risk Protection (Threat Command) rules on the Detection Rules page.

In SIEM (InsightIDR), navigate to Detection Rules from the left menu.
In the filter panel, click the button to Show Digital Risk Protection (Threat Command) rules.
From here, you can manage Digital Risk Protection (Threat Command) detection rules by changing the Rule Action and Rule Priority and adding exceptions.

Manage Digital Risk Protection (Threat Command) investigations

Investigations created by Digital Risk Protection (Threat Command) rules will automatically appear on the Investigations page of SIEM (InsightIDR). Here, you can inspect the evidence sent from Digital Risk Protection (Threat Command), and use SIEM (InsightIDR) functionality to [manage investigations

⚠️

Some fields will not be reflected in Digital Risk Protection (Threat Command)

When managing Digital Risk Protection (Threat Command) investigations in SIEM (InsightIDR), you have the option to change the disposition, priority and assignee. These fields are SIEM (InsightIDR)-only features and will not be reflected in Digital Risk Protection (Threat Command).

Closing an investigation

When you close a Digital Risk Protection (Threat Command) investigation in SIEM (InsightIDR), you will be prompted to select a Reason for closing from the dropdown menu. Once closed, the Closed status and reason will be also be reflected in Digital Risk Protection (Threat Command).