Welcome
Welcome to Managed Threat Complete!
What is Managed Threat Complete?
Rapid7's Managed Threat Complete is an integrated product and services offering, which allows you to prepare for, detect, and respond to threats in your environment.
Rapid7 delivers Managed Threat Complete as a collaboration with your team to accelerate your proactive, responsive, and strategic security maturity and extend your security operations. Managed Threat Complete's products and services provide customized security guidance, hands-on continuous monitoring, threat hunting, incident response, and exposure management.
Offerings
Rapid7 offers these subscription tiers for Managed Threat Complete:
Not sure which subscription tier you have?
You can often find this information in your company's written communications with Rapid7. Reach out to Rapid7 for further assistance, if needed.
Compare offerings
Capabilities
Threat detection and response
| Capability | Essential | Advanced | Ultimate |
|---|---|---|---|
| Expert SOC monitoring | X | X | X |
| SOC and incident response experts | X | X | X |
| Forensic investigations and incident reports | X | X | X |
| Unlimited incident and breach response | X | X | X |
| Proactive threat hunting | X | X | X |
| Active Response for remote containment | X | X | X |
| Endpoint detection and response (EDR) | X | X | X |
| Network traffic detection and response | X | X | X |
| Third-party EDR monitoring | X | X | X |
| Third-party cloud alert triage | - | X | X |
| Managed next-generation antivirus (AV) | Add-on | Add-on | Add-on |
Ransomware
| Capability | Essential | Advanced | Ultimate |
|---|---|---|---|
| Hosted Velociraptor for digital forensics and incident response (DFIR) | - | - | X |
| Ransomware prevention | - | - | X |
Vulnerability management
| Capability | Essential | Advanced | Ultimate |
|---|---|---|---|
| Unlimited risk scanning of internal and external networks | X | X | X |
| Vulnerability assessment reports and scorecards | X | X | X |
| Targeted remediation reports | X | X | X |
| Managed infrastructure maintenance | X | X | X |
| Scan configuration and scheduling operations | - | - | X |
| Vulnerability remediation prioritization and guidance | - | - | X |
| Monthly program review and readout | - | - | X |
Managed digital risk protection
| Capability | Essential | Advanced | Ultimate |
|---|---|---|---|
| Phishing protection | Add-on | Add-on | X |
| Data and credential leakage | Add-on | Add-on | X |
| Dark web monitoring | Add-on | Add-on | X |
| Takedowns and dark web purchases | Add-on | Add-on | X |
Cybersecurity program growth
| Capability | Essential | Advanced | Ultimate |
|---|---|---|---|
| Incident response planning workshop | X | X | X |
| Security posture assessment | X | X | X |
| Dedicated Customer Advisor | - | X | X |
| Monthly security posture review meetings | - | X | X |
| Threat briefing and trend reporting | - | X | X |
| Critical security controls assessment | - | X | X |
| Detection and response readiness assessment | - | X | X |
| Vulnerability remediation coaching | - | - | X |
Technology and data
| Capability | Essential | Advanced | Ultimate |
|---|---|---|---|
| Unified Extended Detection and Response (XDR) and Security, Information, and Event Management (SIEM) technology: InsightIDR Ultimate | X | X | X |
| Enhanced Endpoint Telemetry (EET) and Enhanced Network Traffic Analysis (ENTA) | X | X | X |
| Unlimited Security Orchestration, Automation, and Response (SOAR) automation: InsightConnect | X | X | X |
| Unlimited Vendor Risk Management (VRM) tooling: InsightVM | X | X | X |
| Unlimited data ingestion | X | X | X |
| Data retention of 13 months | X | X | X |
Products
| Product | Essential | Advanced | Ultimate |
|---|---|---|---|
| InsightIDR | X | X | X |
| InsightVM | X | X | X |
| InsightConnect | X | X | X |
| Threat Command | - | - | X |
| Velociraptor | - | - | X |
Services
| Service | Essential | Advanced | Ultimate |
|---|---|---|---|
| Customer Advisor Support Center | X | X | X |
| Managed Detection and Response Security Operations Center (MDR SOC) | X | X | X |
| Incident Response Consultants | X | X | X |
| Threat Intelligence Detection and Engineering | X | X | X |
| Rapid7 Labs | X | X | X |
| Dedicated Managed Detection and Response (MDR) Customer Advisor | - | X | X |
| Dedicated Managed Vulnerability Management (MVM) Customer Advisor | - | - | X |
| Managed Digital Risk Protection (MDRP) Analyst | - | - | X |
Reports
| Report | Essential | Advanced | Ultimate |
|---|---|---|---|
| IR Planning Workshop | X | X | X |
| Security Posture Assessment Report | X | X | X |
| Monthly Service Report | X | X | X |
| Incident Response Reports | X | X | X |
| Detection and Response Readiness Assessment | - | X | X |
| Critical Security Controls Assessment | - | X | X |
| Service Update and Threat Briefing Presentation | - | X | X |
| Top 25 Remediations by Risk Report | X | X | X |
| Vulnerability Risk Scorecard | X | X | X |
| Top 10 Assets by Vulnerabilities | X | X | X |
| Executive Summary Report | - | X | X |
Notifications
All Managed Threat Complete subscription tiers receive the same notifications.
Managed Threat Complete Essential
Managed Threat Complete Essential provides the core functionality needed for you to prepare for, detect, and respond to threats in your environment. The Essential tier is the most foundational subscription available.
Get started with Managed Threat Complete Essential
Read the Essential Quick Start Guide to get started. You can also download the Managed Threat Complete Essential Scope of Service.
These offerings are available with Managed Threat Complete Essential:
Products you can use
Access these Rapid7 products on the Insight Platform:
Core products
| Product | Description | Learn more |
|---|---|---|
| InsightIDR | Detect and respond with InsightIDR, your security information and event management (SIEM) system for incident management, authentication monitoring, and endpoint visibility. All log sources from your environment are ingested into InsightIDR for monitoring. Rapid7's Managed Detection and Response (MDR) service works directly in InsightIDR alongside your business, helping to secure your environment. | InsightIDR documentation |
| InsightVM | Manage vulnerabilities with InsightVM, a data-rich scanning tool that integrates data from Rapid7’s library of Nexpose vulnerability research, exploit knowledge from Metasploit, global attacker behavior, internet-wide scanning data, exposure analytics, and real-time reporting. | InsightVM documentation |
| InsightConnect | Automate IT and security tasks with InsightConnect, a workflow builder that integrates with other Insight products to increase efficiency across your business. InsightConnect enables the integrations necessary for Active Response. | InsightConnect documentation |
Services teams you connect with
Collaborate with these Rapid7 resources to extend your security operations:
Customer Advisor Support Center
All customers can contact the Customer Advisor Support Center to quickly get help with common issues. The Customer Advisor Support Center can help with questions about security best practices and product functionality (for example, setting up Active Response for remote containment).
As a Managed Threat Complete Essential customer, you have access to the Customer Advisor Support Center only. Only Advanced and Ultimate customers have dedicated Customer Advisors.
Managed Detection and Response Security Operations Center (MDR SOC)
The MDR SOC handles routine detection and response on behalf of your company, providing continuous security coverage. Working alongside your team in InsightIDR, the MDR SOC provides extra support for triaging alerts and responding to investigations. Learn more about Managed Detection and Response.
Incident Response Consultants
Rapid7's Incident Response Consultants are a dedicated group that lead incident response for complex or high-impact incidents in your environment. As experienced incident response professionals, this team also provides ongoing training and support to the MDR SOC.
All customers can contact the Incident Response Consultants for help with active incidents.
Threat Intelligence Detection and Engineering
As the first vulnerability management provider to become a CVE Numbering Authority, Rapid7 has a unique understanding of the modern threat landscape, including attackers' ability to compromise your environment. The Threat Intelligence Detection and Engineering team develops the detection mechanisms to uncover vulnerabilities, exploits, and attack campaigns in your environment.
Rapid7 Labs
Rapid7 Labs tracks adversaries, shares proprietary, curated intelligence and research, and builds trusted open-source communities. You can leverage the work done by Rapid7 Labs to stay up to date on the latest zero day vulnerabilities.
Reports you can access
Your Rapid7 services teams generate these reports, which you can access through the Services Portal:
Core reports
| Report | Description | Example |
|---|---|---|
| Security Posture Assessment Report | Once the Insight Agent is deployed to at least 80% of the endpoints in your environment, Rapid7 evaluates potential attack paths and performs an overall security an assessment of your environment. This report provides remediation and mitigation recommendations to reduce risks. Rapid7 initiates the incident response process if an active compromise occurs during the assessment, notifying your company. | Security posture assessment report |
| Monthly Service Report | This report provides metrics and context about threat detection and incident response activities conducted during the previous month, along with information about the health of detection and response controls in your environment. | February 2024 Service Report |
| Incident Response Reports | This report details all incident management activities, key findings, the dates of attacker activity, and recommended corrective actions. | Malicious executable incident |
| Top 25 Remediations by Risk Report | This report allows you to assess high-impact remediation solutions, based on how recently the solutions were released and how well they address the vulnerability across your environment. The report shows the percentage of resolved vulnerabilities, vulnerabilities with malware kits and known exploits, and the number of assets impacted after the top remediation solutions are applied. It also shows the number of vulnerabilities that will be remediated, the total risk score, and the reduction of risk after remediation. To review all potential solutions for a vulnerability, refer to the Remediations on the vulnerability details page in InsightVM. | Top 25 remediations by risk |
| Vulnerability Risk Scorecard | This report shows the risk score across segments that you specify, allowing you determine which remediation actions might have the biggest impact. For example, you could use the risk scorecard to compare risk across offices, critical assets, or operating systems. | Risk scorecard |
| Top 10 Assets by Vulnerabilities | This report lists the 10 assets in your environment with the most vulnerabilities. You can use this report to prioritize remediation efforts towards your most vulnerable assets. This report does not account for cumulative risk. | Top 10 assets by vulnerabilities |
Notifications you receive
Rapid7's products and services send you these notifications through email:
Other updates and communications
To receive updates for featured content, blogs, and product updates, adjust your Rapid7 communication preferences. You can also subscribe to the Rapid7 status page for notifications about maintenance and service degradation.
Emergent threat response notifications
| Notification | Description | Email information |
|---|---|---|
| Emergent Threat Response | Rapid7 notifies all Managed Services customers after discovering new Common Vulnerabilities and Exposures (CVEs). This notification includes known information about the CVE, steps to protect your environment, and updates on Rapid7's response. | Subject: Includes the CVE name Sender: emergent_threat_advisory@rapid7.com Recipients: Rapid7's CVE distribution list (contact Rapid7 to make changes) |
MDR SOC notifications
| Notification | Description | Email information |
|---|---|---|
| Incident Notifications | Your action is required. Rapid7's MDR SOC notifies your company when an incident occurs in your environment. These notifications typically include evidence of the incident, impacted assets, remediation actions, a link to the InsightIDR investigation, and questions for your team. For medium and high severity incidents, the MDR SOC also contacts designated contacts at your company by phone. Take the recommended remediation actions and work with Rapid7 throughout the incident. | Subject: Rapid7 MDR [Priority] Incident: [Subject] - [Case Number] Sender: managed@rapid7.com Recipients: Your company's designated contacts for MDR SOC notifications (contact Rapid7 to make changes) |
| Investigation Requests for Information (RFIs) | Your action is required. Rapid7's MDR SOC sends these notifications when your company's input is needed on an investigation, for example, to confirm whether activity is expected. Review the investigation details and respond to the request. | Subject: Rapid7 MDR RFI: [Subject] - [Case Number] Sender: managed@rapid7.com Recipients: Your company's designated contacts for MDR SOC notifications (contact Rapid7 to make changes) |
| Alert RFIs | Your action is required. Rapid7's MDR SOC sends these notifications to request your input on account management activity, authentication activity, cloud service activity, and third-party account leak alerts occurring in your environment. These alerts don't have the Rapid7 Managed label in InsightIDR, but the MDR SOC prioritizes them because of their high fidelity. Review the alert details and open a case on the Customer Portal if MDR SOC investigation is required. Rapid7 sends these notifications hourly, except for account leak alerts, which are sent daily. | Subject: MDR Notification: [Alert Type] - [Customer Name] Sender: mdr_notifications@rapid7.com Recipients: Your company's designated contacts for MDR SOC notifications (contact Rapid7 to make changes) |
| Services Portal Reports | Rapid7 sends these notifications after adding a new document to your Services Portal, such as a report or announcement. | Subject: Includes the report or announcement details Sender: insight_noreply@rapid7.com Recipients: Insight Platform users with access to the Services Portal and Services Portal Account Team users |
InsightIDR product notifications
| Notification | Description | Email information |
|---|---|---|
| Basic Detection Rules | InsightIDR sends these notifications when a basic detection rule (formerly known as a custom alert), triggers a detection in your environment. The MDR SOC does not monitor basic detection rules. | Subject: [InsightIDR Basic Detection Rule Type and Name] Sender: insight_noreply@rapid7.com Recipients: Insight Platform users that you specify when configuring the basic detection rule |
Managed Threat Complete Advanced
Managed Threat Complete Advanced builds on the Essential offering with additional services and reports to bring you more robust capabilities and partnership. The Advanced tier provides extra services offerings to enhance your experience with Rapid7.
Get started with Managed Threat Complete Advanced
Read the Advanced Quick Start Guide to get started. You can also download the Managed Threat Complete Advanced Scope of Service.
These offerings are available with Managed Threat Complete Advanced:
Products you can use
Access these Rapid7 products on the Insight Platform:
Core products
| Product | Description | Learn more |
|---|---|---|
| InsightIDR | Detect and respond with InsightIDR, your security information and event management (SIEM) system for incident management, authentication monitoring, and endpoint visibility. All log sources from your environment are ingested into InsightIDR for monitoring. Rapid7's Managed Detection and Response (MDR) service works directly in InsightIDR alongside your business, helping to secure your environment. | InsightIDR documentation |
| InsightVM | Manage vulnerabilities with InsightVM, a data-rich scanning tool that integrates data from Rapid7’s library of Nexpose vulnerability research, exploit knowledge from Metasploit, global attacker behavior, internet-wide scanning data, exposure analytics, and real-time reporting. | InsightVM documentation |
| InsightConnect | Automate IT and security tasks with InsightConnect, a workflow builder that integrates with other Insight products to increase efficiency across your business. InsightConnect enables the integrations necessary for Active Response. | InsightConnect documentation |
Services teams you connect with
Collaborate with these Rapid7 resources to extend your security operations:
Customer Advisor Support Center
All customers can contact the Customer Advisor Support Center to quickly get help with common issues. The Customer Advisor Support Center can help with questions about security best practices and product functionality (for example, setting up Active Response for remote containment).
Managed Detection and Response Security Operations Center (MDR SOC)
The MDR SOC handles routine detection and response on behalf of your company, providing continuous security coverage. Working alongside your team in InsightIDR, the MDR SOC provides extra support for triaging alerts and responding to investigations. Learn more about Managed Detection and Response.
Incident Response Consultants
Rapid7's Incident Response Consultants are a dedicated group that lead incident response for complex or high-impact incidents in your environment. As experienced incident response professionals, this team also provides ongoing training and support to the MDR SOC.
All customers can contact the Incident Response Consultants for help with active incidents.
Threat Intelligence Detection and Engineering
As the first vulnerability management provider to become a CVE Numbering Authority, Rapid7 has a unique understanding of the modern threat landscape, including attackers' ability to compromise your environment. The Threat Intelligence Detection and Engineering team develops the detection mechanisms to uncover vulnerabilities, exploits, and attack campaigns in your environment.
Rapid7 Labs
Rapid7 Labs tracks adversaries, shares proprietary, curated intelligence and research, and builds trusted open-source communities. You can leverage the work done by Rapid7 Labs to stay up to date on the latest zero day vulnerabilities.
Dedicated Managed Detection and Response (MDR) Customer Advisor
The Customer Advisory team is your strategic partner who works with you—from initial technology deployment through incident response and ongoing security consultation—to guide your organization's security maturity. Throughout your Managed Threat Complete service term, your Customer Advisor (CA) will frequently communicate with your team to provide updates on service delivery, reporting, metrics, technology health, and to ensure Rapid7 is helping you address your security goals. Additionally, your CA will work closely with Rapid7’s MDR SOC team to understand and convey information relevant to any investigations and incidents.
Reports you can access
Your Rapid7 services teams generate these reports, which you can access through the Services Portal:
Core reports
| Report | Description | Example |
|---|---|---|
| Security Posture Assessment Report | Once the Insight Agent is deployed to at least 80% of the endpoints in your environment, Rapid7 evaluates potential attack paths and performs an overall security an assessment of your environment. This report provides remediation and mitigation recommendations to reduce risks. Rapid7 initiates the incident response process if an active compromise occurs during the assessment, notifying your company. | Security posture assessment report |
| Monthly Service Report | This report provides metrics and context about threat detection and incident response activities conducted during the previous month, along with information about the health of detection and response controls in your environment. | February 2024 Service Report |
| Incident Response Reports | This report details all incident management activities, key findings, the dates of attacker activity, and recommended corrective actions. | Malicious executable incident |
| Top 25 Remediations by Risk Report | This report allows you to assess high-impact remediation solutions, based on how recently the solutions were released and how well they address the vulnerability across your environment. The report shows the percentage of resolved vulnerabilities, vulnerabilities with malware kits and known exploits, and the number of assets impacted after the top remediation solutions are applied. It also shows the number of vulnerabilities that will be remediated, the total risk score, and the reduction of risk after remediation. To review all potential solutions for a vulnerability, refer to the Remediations on the vulnerability details page in InsightVM. | Top 25 remediations by risk |
| Vulnerability Risk Scorecard | This report shows the risk score across segments that you specify, allowing you determine which remediation actions might have the biggest impact. For example, you could use the risk scorecard to compare risk across offices, critical assets, or operating systems. | Risk scorecard |
| Top 10 Assets by Vulnerabilities | This report lists the 10 assets in your environment with the most vulnerabilities. You can use this report to prioritize remediation efforts towards your most vulnerable assets. This report does not account for cumulative risk. | Top 10 assets by vulnerabilities |
Advanced and Ultimate reports
| Report | Description | Example |
|---|---|---|
| Detection and Response Readiness Assessment | For this assessment, Rapid7 works with your team to enhance your existing incident response plan, improving collaboration with Rapid7's Incident Response team during a security event. Rapid7 might also recommend overall plan improvements to defend against today's cyber attacks. | - |
| Critical Security Controls Assessment | For this assessment, your MDR Customer Advisor works with you to create a roadmap towards improving your overall security program, based on the Center for Internet Security (CIS) - Critical Security Controls v8. The CIS Critical Security Controls is a prioritized set of best practices designed to mitigate the most prevalent system and network attacks and is often referenced by legal, regulatory, and policy frameworks. This roadmap acts as a guide for monthly security posture review meetings and presents an opportunity for Rapid7's experts to collaborate with your team, strategically improving detection visibility and response capabilities. | Critical security controls assessment report |
| Service Update and Threat Briefing Presentation | As a Managed Threat Complete Advanced or Ultimate customer, you meet with your MDR Customer Advisor monthly. With your Customer Advisor, you'll review security activities and key metrics and identify actions that strengthen your security posture. Together, you'll also review your security program against Rapid7's critical controls framework to strategically improve your security maturity and your Customer Advisor will advise on future security projects, if requested. This review might also offer measurements of security improvements you've made so far while collaborating with Rapid7, allowing you to demonstrate the value of Rapid7's Managed Threat Complete to executives. | Threat briefing and trend reporting presentation |
| Executive Summary Report | Designed with executives in mind, the Executive Summary Report provides a monthly, curated assessment of your company's vulnerability management program. This report allows you to easily see your remediation efforts in one place, so that you can compare data from current and previous reporting periods. The report includes easy-to-read visuals, graphs, and explanations. This is a report generated in the VM Platform. | - |
Notifications you receive
Rapid7's products and services send you these notifications through email:
Other updates and communications
To receive updates for featured content, blogs, and product updates, adjust your Rapid7 communication preferences. You can also subscribe to the Rapid7 status page for notifications about maintenance and service degradation.
Emergent threat response notifications
| Notification | Description | Email information |
|---|---|---|
| Emergent Threat Response | Rapid7 notifies all Managed Services customers after discovering new Common Vulnerabilities and Exposures (CVEs). This notification includes known information about the CVE, steps to protect your environment, and updates on Rapid7's response. | Subject: Includes the CVE name Sender: emergent_threat_advisory@rapid7.com Recipients: Rapid7's CVE distribution list (contact Rapid7 to make changes) |
MDR SOC notifications
| Notification | Description | Email information |
|---|---|---|
| Incident Notifications | Your action is required. Rapid7's MDR SOC notifies your company when an incident occurs in your environment. These notifications typically include evidence of the incident, impacted assets, remediation actions, a link to the InsightIDR investigation, and questions for your team. For medium and high severity incidents, the MDR SOC also contacts designated contacts at your company by phone. Take the recommended remediation actions and work with Rapid7 throughout the incident. | Subject: Rapid7 MDR [Priority] Incident: [Subject] - [Case Number] Sender: managed@rapid7.com Recipients: Your company's designated contacts for MDR SOC notifications (contact Rapid7 to make changes) |
| Investigation Requests for Information (RFIs) | Your action is required. Rapid7's MDR SOC sends these notifications when your company's input is needed on an investigation, for example, to confirm whether activity is expected. Review the investigation details and respond to the request. | Subject: Rapid7 MDR RFI: [Subject] - [Case Number] Sender: managed@rapid7.com Recipients: Your company's designated contacts for MDR SOC notifications (contact Rapid7 to make changes) |
| Alert RFIs | Your action is required. Rapid7's MDR SOC sends these notifications to request your input on account management activity, authentication activity, cloud service activity, and third-party account leak alerts occurring in your environment. These alerts don't have the Rapid7 Managed label in InsightIDR, but the MDR SOC prioritizes them because of their high fidelity. Review the alert details and open a case on the Customer Portal if MDR SOC investigation is required. Rapid7 sends these notifications hourly, except for account leak alerts, which are sent daily. | Subject: MDR Notification: [Alert Type] - [Customer Name] Sender: mdr_notifications@rapid7.com Recipients: Your company's designated contacts for MDR SOC notifications (contact Rapid7 to make changes) |
| Services Portal Reports | Rapid7 sends these notifications after adding a new document to your Services Portal, such as a report or announcement. | Subject: Includes the report or announcement details Sender: insight_noreply@rapid7.com Recipients: Insight Platform users with access to the Services Portal and Services Portal Account Team users |
InsightIDR product notifications
| Notification | Description | Email information |
|---|---|---|
| Basic Detection Rules | InsightIDR sends these notifications when a basic detection rule (formerly known as a custom alert), triggers a detection in your environment. The MDR SOC does not monitor basic detection rules. | Subject: [InsightIDR Basic Detection Rule Type and Name] Sender: insight_noreply@rapid7.com Recipients: Insight Platform users that you specify when configuring the basic detection rule |
Managed Threat Complete Ultimate
Ultimate is Rapid7's most robust Managed Threat Complete offering. The Ultimate tier provides the features of Advanced and Essential, plus exclusive capabilities that give you everything Managed Threat Complete has to offer.
Get started with Managed Threat Complete Ultimate
Read the Ultimate Quick Start Guide to get started. You can also download the Managed Threat Complete Ultimate Scope of Service.
These offerings are available with Managed Threat Complete Ultimate:
Products you can use
Access these Rapid7 products on the Insight Platform:
Core products
| Product | Description | Learn more |
|---|---|---|
| InsightIDR | Detect and respond with InsightIDR, your security information and event management (SIEM) system for incident management, authentication monitoring, and endpoint visibility. All log sources from your environment are ingested into InsightIDR for monitoring. Rapid7's Managed Detection and Response (MDR) service works directly in InsightIDR alongside your business, helping to secure your environment. | InsightIDR documentation |
| InsightVM | Manage vulnerabilities with InsightVM, a data-rich scanning tool that integrates data from Rapid7’s library of Nexpose vulnerability research, exploit knowledge from Metasploit, global attacker behavior, internet-wide scanning data, exposure analytics, and real-time reporting. | InsightVM documentation |
| InsightConnect | Automate IT and security tasks with InsightConnect, a workflow builder that integrates with other Insight products to increase efficiency across your business. InsightConnect enables the integrations necessary for Active Response. | InsightConnect documentation |
Ultimate exclusive products
| Product | Description | Learn more |
|---|---|---|
| Threat Command | Defend against threats with Threat Command, a defensive tool that monitors your external threat profile, aggregates and analyzes tens of thousands of threats, and automates the risk mitigation life cycle. | Threat Command documentation |
| Velociraptor | Conduct digital forensics and incident response with Velociraptor, an open source DFIR tool that now integrates with the Insight Platform. Use Velociraptor alongside InsightIDR to add DFIR capabilities to your investigative toolset, allowing a greater level of monitoring and swifter responses to issues. | InsightIDR's integrated Velociraptor documentation |
Services teams you connect with
Collaborate with these Rapid7 resources to extend your security operations:
Customer Advisor Support Center
All customers can contact the Customer Advisor Support Center to quickly get help with common issues. The Customer Advisor Support Center can help with questions about security best practices and product functionality (for example, setting up Active Response for remote containment).
Managed Detection and Response Security Operations Center (MDR SOC)
The MDR SOC handles routine detection and response on behalf of your company, providing continuous security coverage. Working alongside your team in InsightIDR, the MDR SOC provides extra support for triaging alerts and responding to investigations. Learn more about Managed Detection and Response.
Incident Response Consultants
Rapid7's Incident Response Consultants are a dedicated group that lead incident response for complex or high-impact incidents in your environment. As experienced incident response professionals, this team also provides ongoing training and support to the MDR SOC.
All customers can contact the Incident Response Consultants for help with active incidents.
Threat Intelligence Detection and Engineering
As the first vulnerability management provider to become a CVE Numbering Authority, Rapid7 has a unique understanding of the modern threat landscape, including attackers' ability to compromise your environment. The Threat Intelligence Detection and Engineering team develops the detection mechanisms to uncover vulnerabilities, exploits, and attack campaigns in your environment.
Rapid7 Labs
Rapid7 Labs tracks adversaries, shares proprietary, curated intelligence and research, and builds trusted open-source communities. You can leverage the work done by Rapid7 Labs to stay up to date on the latest zero day vulnerabilities.
Dedicated Managed Detection and Response (MDR) Customer Advisor
The Customer Advisory team is your strategic partner who works with you—from initial technology deployment through incident response and ongoing security consultation—to guide your organization's security maturity. Throughout your Managed Threat Complete service term, your Customer Advisor (CA) will frequently communicate with your team to provide updates on service delivery, reporting, metrics, technology health, and to ensure Rapid7 is helping you address your security goals. Additionally, your CA will work closely with Rapid7’s MDR SOC team to understand and convey information relevant to any investigations and incidents.
Dedicated Managed Vulnerability Management (MVM) Customer Advisor
Your MVM Custom Advisor provides similar services as your MDR Customer Advisor, but in the context of vulnerability management. Your MVM Custom Advisor can help prioritize which risks to mitigate, based on their impact. Alongside your MVM Customer Advisor, you can reduce risk, resulting in fewer incidents for your MDR Customer Advisor and MDR SOC to triage.
Connect with your MVM Customer Advisor for support with vulnerability management activities or InsightVM.
Managed Digital Risk Protection (MDRP) Analyst
Your MDRP Analyst works in InsightIDR and Threat Command to ensure that you're receiving accurate and useful detections, limiting the occurrence of false positives and verifying that threats are not being actively exploited. MDRP Analysts communicate with the MDR SOC and Incident Response Consultants to respond to any active exploits that they uncover. Learn more about MDRP.
Work with Rapid7 to tune detections
The accuracy of Rapid7's detections depend on the contextual information that you provide. Your MDR Customer Advisor will provide guidance about the information that Rapid7 needs for regular tuning.
Reports you can access
Your Rapid7 services teams generate these reports, which you can access through the Services Portal:
Core reports
| Report | Description | Example |
|---|---|---|
| Security Posture Assessment Report | Once the Insight Agent is deployed to at least 80% of the endpoints in your environment, Rapid7 evaluates potential attack paths and performs an overall security an assessment of your environment. This report provides remediation and mitigation recommendations to reduce risks. Rapid7 initiates the incident response process if an active compromise occurs during the assessment, notifying your company. | Security posture assessment report |
| Monthly Service Report | This report provides metrics and context about threat detection and incident response activities conducted during the previous month, along with information about the health of detection and response controls in your environment. | February 2024 Service Report |
| Incident Response Reports | This report details all incident management activities, key findings, the dates of attacker activity, and recommended corrective actions. | Malicious executable incident |
| Top 25 Remediations by Risk Report | This report allows you to assess high-impact remediation solutions, based on how recently the solutions were released and how well they address the vulnerability across your environment. The report shows the percentage of resolved vulnerabilities, vulnerabilities with malware kits and known exploits, and the number of assets impacted after the top remediation solutions are applied. It also shows the number of vulnerabilities that will be remediated, the total risk score, and the reduction of risk after remediation. To review all potential solutions for a vulnerability, refer to the Remediations on the vulnerability details page in InsightVM. | Top 25 remediations by risk |
| Vulnerability Risk Scorecard | This report shows the risk score across segments that you specify, allowing you determine which remediation actions might have the biggest impact. For example, you could use the risk scorecard to compare risk across offices, critical assets, or operating systems. | Risk scorecard |
| Top 10 Assets by Vulnerabilities | This report lists the 10 assets in your environment with the most vulnerabilities. You can use this report to prioritize remediation efforts towards your most vulnerable assets. This report does not account for cumulative risk. | Top 10 assets by vulnerabilities |
Advanced and Ultimate reports
| Report | Description | Example |
|---|---|---|
| Detection and Response Readiness Assessment | For this assessment, Rapid7 works with your team to enhance your existing incident response plan, improving collaboration with Rapid7's Incident Response team during a security event. Rapid7 might also recommend overall plan improvements to defend against today's cyber attacks. | - |
| Critical Security Controls Assessment | For this assessment, your MDR Customer Advisor works with you to create a roadmap towards improving your overall security program, based on the Center for Internet Security (CIS) - Critical Security Controls v8. The CIS Critical Security Controls is a prioritized set of best practices designed to mitigate the most prevalent system and network attacks and is often referenced by legal, regulatory, and policy frameworks. This roadmap acts as a guide for monthly security posture review meetings and presents an opportunity for Rapid7's experts to collaborate with your team, strategically improving detection visibility and response capabilities. | Critical security controls assessment report |
| Service Update and Threat Briefing Presentation | As a Managed Threat Complete Advanced or Ultimate customer, you meet with your MDR Customer Advisor monthly. With your Customer Advisor, you'll review security activities and key metrics and identify actions that strengthen your security posture. Together, you'll also review your security program against Rapid7's critical controls framework to strategically improve your security maturity and your Customer Advisor will advise on future security projects, if requested. This review might also offer measurements of security improvements you've made so far while collaborating with Rapid7, allowing you to demonstrate the value of Rapid7's Managed Threat Complete to executives. | Threat briefing and trend reporting presentation |
| Executive Summary Report | Designed with executives in mind, the Executive Summary Report provides a monthly, curated assessment of your company's vulnerability management program. This report allows you to easily see your remediation efforts in one place, so that you can compare data from current and previous reporting periods. The report includes easy-to-read visuals, graphs, and explanations. This is a report generated in the VM Platform. | - |
Notifications you receive
Rapid7's products and services send you these notifications through email:
Other updates and communications
To receive updates for featured content, blogs, and product updates, adjust your Rapid7 communication preferences. You can also subscribe to the Rapid7 status page for notifications about maintenance and service degradation.
Emergent threat response notifications
| Notification | Description | Email information |
|---|---|---|
| Emergent Threat Response | Rapid7 notifies all Managed Services customers after discovering new Common Vulnerabilities and Exposures (CVEs). This notification includes known information about the CVE, steps to protect your environment, and updates on Rapid7's response. | Subject: Includes the CVE name Sender: emergent_threat_advisory@rapid7.com Recipients: Rapid7's CVE distribution list (contact Rapid7 to make changes) |
MDR SOC notifications
| Notification | Description | Email information |
|---|---|---|
| Incident Notifications | Your action is required. Rapid7's MDR SOC notifies your company when an incident occurs in your environment. These notifications typically include evidence of the incident, impacted assets, remediation actions, a link to the InsightIDR investigation, and questions for your team. For medium and high severity incidents, the MDR SOC also contacts designated contacts at your company by phone. Take the recommended remediation actions and work with Rapid7 throughout the incident. | Subject: Rapid7 MDR [Priority] Incident: [Subject] - [Case Number] Sender: managed@rapid7.com Recipients: Your company's designated contacts for MDR SOC notifications (contact Rapid7 to make changes) |
| Investigation Requests for Information (RFIs) | Your action is required. Rapid7's MDR SOC sends these notifications when your company's input is needed on an investigation, for example, to confirm whether activity is expected. Review the investigation details and respond to the request. | Subject: Rapid7 MDR RFI: [Subject] - [Case Number] Sender: managed@rapid7.com Recipients: Your company's designated contacts for MDR SOC notifications (contact Rapid7 to make changes) |
| Alert RFIs | Your action is required. Rapid7's MDR SOC sends these notifications to request your input on account management activity, authentication activity, cloud service activity, and third-party account leak alerts occurring in your environment. These alerts don't have the Rapid7 Managed label in InsightIDR, but the MDR SOC prioritizes them because of their high fidelity. Review the alert details and open a case on the Customer Portal if MDR SOC investigation is required. Rapid7 sends these notifications hourly, except for account leak alerts, which are sent daily. | Subject: MDR Notification: [Alert Type] - [Customer Name] Sender: mdr_notifications@rapid7.com Recipients: Your company's designated contacts for MDR SOC notifications (contact Rapid7 to make changes) |
| Services Portal Reports | Rapid7 sends these notifications after adding a new document to your Services Portal, such as a report or announcement. | Subject: Includes the report or announcement details Sender: insight_noreply@rapid7.com Recipients: Insight Platform users with access to the Services Portal and Services Portal Account Team users |
InsightIDR product notifications
| Notification | Description | Email information |
|---|---|---|
| Basic Detection Rules | InsightIDR sends these notifications when a basic detection rule (formerly known as a custom alert), triggers a detection in your environment. The MDR SOC does not monitor basic detection rules. | Subject: [InsightIDR Basic Detection Rule Type and Name] Sender: insight_noreply@rapid7.com Recipients: Insight Platform users that you specify when configuring the basic detection rule |
Contact Rapid7
Managed Threat Complete Advanced and Managed Threat Complete Ultimate customers will have frequent, scheduled sessions with Rapid7. All Managed Threat Complete customers can also contact Rapid7 at any time using the Customer Portal.