May 27, 202220220527


  • MDR Customer ABA Detection Rule Tuning and Responsibility: If you are a Managed Detection and Response (MDR) customer, you can now make modifications to Attacker Behavior Analytics (ABA) rules that are not managed by the Rapid7 SOC team. Modifications include changing the Rule Action, changing the Rule Priority, and adding exceptions. Currently, this functionality is available only if you have elected to manage your own AWS GuardDuty rules. You can filter detection rules by those managed by your organization, and those managed by the MDR SOC by using the Responsibility of filter on the Attacker Behavior Analytics tab.


  • HTML Reports: ​You now have the option to generate reports as an HTML file, which is sent to them by email. This file allows you to scroll through tables, drill into and out of charts, and sort your tables in the same way that you would in a dashboard. This HTML report option will be available alongside the existing PDF report option. Only now, you will have a much richer set of features in your reports to allow you to better explore your data.
  • Log Search Context Menu Links: While analyzing Log Search results, you can now select a user or asset in the log data and open the User or Asset Details pages from the Context Menu. This can help you to gather more information about recent user or asset activity, which will assist with your search objectives.
Customer Requested
  • Regex Highlighting: We have updated the styling and color of regular expressions in LEQL syntax highlighting. You can now clearly see where regular expressions are correctly defined in your LEQL query, because they are highlighted in purple and are no longer formatted in bold.
Customer Requested
  • Directory Watcher: InsightIDR’s Directory Watcher - a tool that automatically reads any changes to log files in specific directories - has been rebuilt and can now handle higher volumes of data. InsightIDR customers will see fewer failures related to the Directory Watcher, which means you’ll have more time to focus on security-related problems.
  • Process Start Data Reduction: ​InsightIDR engineering teams utilize a variety of tuning measures to optimize for system performance and data storage limits. In this release, we have removed excessive process start data, resulting in a 12% reduction in overall data storage and processing.


  • The Direction field in Log Search is now populated for firewall documents that are missing asset and account.
  • We fixed a bug that caused the Inspect Actor Activity feature to stop working when the Must Not Include filter was selected.
  • We fixed an issue that caused Data Exporter information to not render correctly on smaller screens.