Search Results
IntSights Extend Browser Extension | Threat Command Documentation
Extend brings the power of Rapid7 Threat Command to your desktop. ... By using Extend on any web page, you can view indicators and CVEs on that web page. ... If those indicators and CVEs were previously identified in your Threat Command environment, their enrichment data can also be seen directly from the web page or the Extend summary window.
Manage and Configure Rapid7 Extend | Threat Command Documentation
This topic describes methods to manage and configure the IntSights Extend browser extension. ... The IntSights Extend browser icon indicates in what state the browser extension is. ... The following table shows the indicator states:
Phishing Watch Frequently Asked Questions | Threat Command Documentation
Q: What data does the Phishing Watch snippet capture? ... When you add a snippet to your website, it recognizes that it is in the official website domain and it will not do anything. ... When it runs in other environments, with different domains, or unknown redirects to your official website, the snippet will enable the domain report flow and report the following information:
IFrame Detection | Threat Command Documentation
Attackers can inject a hidden iframe into a webpage and steal the user’s session (cookie). ... This attack is similar to a redirect, however by leveraging the iframe technique, attackers can perform illicit behavior behind the scenes and avoid the detection of having visited a malicious website.
Phishing Watch | Threat Command Documentation
Fraudsters today use legacy tactics—such as phishing—to target online users’ account information. ... The Threat Command Phishing Watch solution provides advanced and preemptive phishing detection capabilities that help your organization identify attacks before phishing websites emerge attempting to redirect legitimate users from your official site.
View IOCs and CVEs with Rapid7 Extend | Threat Command Documentation
Extend comprises two synergetic parts: ... Summary window with enrichment data and additional actions. ... Extend works very similarly for IOCs and CVEs. ... In the following sections, we will point out the differences, when applicable.
Website Redirect Detection | Threat Command Documentation
A common practice of a phishing website attack technique is to redirect users to the official website after stealing their PII/personal information so as not to raise suspicion. ... The Phishing Watch detects scenarios where users are being redirected to the official company website from a suspicious or unknown domain.
Website Clone Detection | Threat Command Documentation
On This Page ... Website Clone Detection ... The ideal phishing website attack technique is to copy the customer website HTML to imitate the user experience of a real website. ... The following steps illustrate how the Phishing Watch works when a website is cloned:
Configure Azure AD SSO | Threat Command Documentation
User provisioning with JIT enables Azure AD users to register new Threat Command users directly from Azure AD, thus bypassing the need to set up each user individually in Threat Command. ... This section describes the basic Azure AD configuration process.
Configure Okta SSO | Threat Command Documentation
In addition, you can enable SP-initiated SSO and user provisioning with the SAML Just In Time (JIT) method. ... User provisioning with JIT enables users to register new users to Threat Command directly from Okta, thus bypassing the need to set up each user in Threat Command.
Install and Configure Rapid7 Extend | Threat Command Documentation
Installing Rapid7 Extend is as simple as installing any other Chrome extension. ... Ability to log in to Threat Command, either as admin or analyst. ... If you are asked to give permissions, review and approve.
Provisioning Users with JIT | Threat Command Documentation
When using JIT to provision users, the following apply to those users: ... Logging in to Threat Command is done from the SSO application, not through the Threat Command login. ... The user does not have a Threat Command password.
Change Existing ArcSight Configuration | Threat Command Documentation
You can edit an existing ArcSight Connector configuration file. ... To change a connector configuration: ... In the wizard that begins, change the connector parameters.
Upgrade the Threat Command virtual appliance | Threat Command Documentation
Log in to Threat Command. ... Navigate to TIP > Dashboard ... If there is an upgrade available, you will see a notification in the top of the page ... Click Upgrade. ... Virtual appliance dashboard
Configure Generic SAML SSO | Threat Command Documentation
If your SSO provider does not have a formal Rapid7 Threat Command app, you can support SAML SSO authentication independently using a custom/local app. ... In addition, you can enable SP-initiated SSO and also user provisioning with the SAML Just In Time (JIT) method.
Authentication Options | Threat Command Documentation
Use the Authentication page to set global options for 2-factor authentication (2FA), SAML single sign-on (SSO), and IP address access restriction. ... This page is visible only for administrator users.
Configure PingOne SSO | Threat Command Documentation
Download the Ping certificate that is needed for the Threat Command. ... Before you begin, ensure that you can access the Ping account as an administrator. ... To download the Ping SSO certificate:
Enable SP-Initiated User Login | Threat Command Documentation
IdP-initiated login, through the SSO provider. ... SP-initiated login, through the Threat Command Log In with SSO option. ... To enable either of these login options, you must configure SAML single sign-on in the Threat Command Settings page.
Configure Customers | Threat Command Documentation
The Customers page enables the managed security service provider (MSSP) to configure customers and customer users. ... The page is available only for Multi-Tenant Threat Management (MTTM) accounts.
Virtual Appliance Hardening | Threat Command Documentation
The Threat Command virtual appliance is a secure, closed appliance: both the OS (Ubuntu 20.04 LTS) and the application are maintained solely by Rapid7. ... In addition, Rapid7 performs server hardening to ensure that it complies with security requirements.