Search Results

IFrame Detection | Threat Command Documentation

Attackers can inject a hidden iframe into a webpage and steal the user’s session (cookie). ... This attack is similar to a redirect, however by leveraging the iframe technique, attackers can perfor...

Website Redirect Detection | Threat Command Documentation

A common practice of a phishing website attack technique is to redirect users to the official website after stealing their PII/personal information so as not to raise suspicion. ... The Phishing Wa...

Configure Generic SAML SSO | Threat Command Documentation

If your SSO provider does not have a formal Rapid7 Threat Command app, you can support SAML SSO authentication independently using a custom/local app. ... In addition, you can enable SP-initiated S...

Configure Azure AD SSO | Threat Command Documentation

User provisioning with JIT enables Azure AD users to register new Threat Command users directly from Azure AD, thus bypassing the need to set up each user individually in Threat Command. ... This s...

ServiceNow ITSM Installation | Threat Command Documentation

Describe how to install and configure the external app, ServiceNow ISTM. ... Before you can use the external app with Rapid7 Threat Command you need to add it. ... Add external app ... Before using...

ServiceNow Security App Administration | Threat Command Documentation

Post incident reviews ... When a security incident status is marked as Review, the assigned user is required to fill the post-incident review assessment form for the security incident. ... Prerequi...

IntSights App for Splunk SOAR (Phantom) | Threat Command Documentation

Splunk SOAR on-prem ... Splunk SOAR Cloud ... The integration enables Splunk users to import IOCs, alerts, and vulnerabilities (CVEs) from Threat Command and to correlate them in the Splunk environ...

Splunk App Install, Configure, and Upgrade | Threat Command Documentation

This section describes how to install and configure the IntSights App for Splunk, an external app. ... The following table shows the minimum server requirements: ... The following table shows versi...

Provisioning Users with JIT | Threat Command Documentation

When using JIT to provision users, the following apply to those users: ... Logging in to Threat Command is done from the SSO application, not through the Threat Command login. ... The user does not...

Configure PingOne SSO | Threat Command Documentation

Download the Ping certificate that is needed for the Threat Command. ... Before you begin, ensure that you can access the Ping account as an administrator. ... To download the Ping SSO certificate:

Change Check Point Device Blade Configuration | Threat Command Documentation

You can change the Check Point IOC mapping blade configuration after the device is added. ... To change the blade configuration: ... From Threat Command, select Automations > Integration. ... Selec...

Change Existing ArcSight Configuration | Threat Command Documentation

You can edit an existing ArcSight Connector configuration file. ... To change a connector configuration: ... In the wizard that begins, change the connector parameters.

ServiceNow ITSM Configuration | Threat Command Documentation

Permission and Roles ... These are the ServiceNow roles and the permissions that are needed to install the application. ... Create Users ... If you do not want to create a user, then System Admin c...

ServiceNow ITSM App | Threat Command Documentation

ServiceNow ITSM App ... This application populates Alerts in Custom Table and Create or Update Incidents in ServiceNow if criteria are matched. ... Application features ... The main features of the...

IntSights Splunk App for Splunk SOAR Activities | Threat Command Documentation

You can use the Splunk App for SOAR to perform the following activities: ... hunt file - Look for information about a file hash in the Threat Command database ... hunt domain - Look for information...

IntSights Splunk App for Splunk SOAR Installation and Configuration | Threat Command Documentation

Describes how to install and configure the IntSights Splunk App for Splunk SOAR, an external app. ... Before you can use the external app with Rapid7 Threat Command you need to add the app. ... Add...

View IOCs and CVEs with Rapid7 Extend | Threat Command Documentation

Extend comprises two synergetic parts: ... Summary window with enrichment data and additional actions. ... Extend works very similarly for IOCs and CVEs. ... In the following sections, we will poin...

Manage and Configure Rapid7 Extend | Threat Command Documentation

This topic describes methods to manage and configure the IntSights Extend browser extension. ... The IntSights Extend browser icon indicates in what state the browser extension is. ... The followin...

Install and Configure Rapid7 Extend | Threat Command Documentation

Installing Rapid7 Extend is as simple as installing any other Chrome extension. ... Ability to log in to Threat Command, either as admin or analyst. ... If you are asked to give permissions, review...

IntSights Extend Browser Extension | Threat Command Documentation

Extend brings the power of Rapid7 Threat Command to your desktop. ... By using Extend on any web page, you can view indicators and CVEs on that web page. ... If those indicators and CVEs were previ...