Search Results
IFrame Detection | Threat Command Documentation
Attackers can inject a hidden iframe into a webpage and steal the user’s session (cookie). ... This attack is similar to a redirect, however by leveraging the iframe technique, attackers can perfor...
Website Redirect Detection | Threat Command Documentation
A common practice of a phishing website attack technique is to redirect users to the official website after stealing their PII/personal information so as not to raise suspicion. ... The Phishing Wa...
Update User Profile Details | Threat Command Documentation
Analyst and admin users change their user settings in different ways: ... Analyst users see and use the Settings > My Profile page, described in this topic. ... Administrator users see and use the ...
Virtual Appliance Hardening | Threat Command Documentation
The Threat Command virtual appliance is a secure, closed appliance: both the OS (Ubuntu 20.04 LTS) and the application are maintained solely by Rapid7. ... In addition, Rapid7 performs server harde...
Website Clone Detection | Threat Command Documentation
On This Page ... Website Clone Detection ... The ideal phishing website attack technique is to copy the customer website HTML to imitate the user experience of a real website. ... The following ste...
Phishing Watch | Threat Command Documentation
Fraudsters today use legacy tactics—such as phishing—to target online users’ account information. ... The Threat Command Phishing Watch solution provides advanced and preemptive phishing detection ...
Authentication Options | Threat Command Documentation
Use the Authentication page to set global options for 2-factor authentication (2FA), SAML single sign-on (SSO), and IP address access restriction. ... This page is visible only for administrator us...
Subscription Settings, Keys, and API | Threat Command Documentation
You can also download the current PDF document and get or revoke API and appliance keys. ... This page is visible only for administrator users. ... View subscription details ... You can view the fo...
Phishing Watch Frequently Asked Questions | Threat Command Documentation
Q: What data does the Phishing Watch snippet capture? ... When you add a snippet to your website, it recognizes that it is in the official website domain and it will not do anything. ... When it ru...
View IOCs and CVEs with Rapid7 Extend | Threat Command Documentation
Extend comprises two synergetic parts: ... Summary window with enrichment data and additional actions. ... Extend works very similarly for IOCs and CVEs. ... In the following sections, we will poin...
Manage and Configure Rapid7 Extend | Threat Command Documentation
This topic describes methods to manage and configure the IntSights Extend browser extension. ... The IntSights Extend browser icon indicates in what state the browser extension is. ... The followin...
Configure Customers | Threat Command Documentation
The Customers page enables the managed security service provider (MSSP) to configure customers and customer users. ... The page is available only for Multi-Tenant Threat Management (MTTM) accounts.
Configure Users | Threat Command Documentation
Administrator users can use the Users page to add new or manage current (or deleted) Threat Command users, including their own user. ... You can sort the Users page by the Name, Status, and Last ac...
Provisioning Users with JIT | Threat Command Documentation
When using JIT to provision users, the following apply to those users: ... Logging in to Threat Command is done from the SSO application, not through the Threat Command login. ... The user does not...
Enable SP-Initiated User Login | Threat Command Documentation
IdP-initiated login, through the SSO provider. ... SP-initiated login, through the Threat Command Log In with SSO option. ... To enable either of these login options, you must configure SAML single...
Install and Configure Rapid7 Extend | Threat Command Documentation
Installing Rapid7 Extend is as simple as installing any other Chrome extension. ... Ability to log in to Threat Command, either as admin or analyst. ... If you are asked to give permissions, review...
IntSights Extend Browser Extension | Threat Command Documentation
Extend brings the power of Rapid7 Threat Command to your desktop. ... By using Extend on any web page, you can view indicators and CVEs on that web page. ... If those indicators and CVEs were previ...
Configure PingOne SSO | Threat Command Documentation
Download the Ping certificate that is needed for the Threat Command. ... Before you begin, ensure that you can access the Ping account as an administrator. ... To download the Ping SSO certificate:
Configure Okta SSO | Threat Command Documentation
In addition, you can enable SP-initiated SSO and user provisioning with the SAML Just In Time (JIT) method. ... User provisioning with JIT enables users to register new users to Threat Command dire...
Configure Generic SAML SSO | Threat Command Documentation
If your SSO provider does not have a formal Rapid7 Threat Command app, you can support SAML SSO authentication independently using a custom/local app. ... In addition, you can enable SP-initiated S...