Search Results
Configure Okta SSO | Threat Command Documentation
In addition, you can enable SP-initiated SSO and user provisioning with the SAML Just In Time (JIT) method. ... User provisioning with JIT enables users to register new users to Threat Command dire...
Configure Generic SAML SSO | Threat Command Documentation
If your SSO provider does not have a formal Rapid7 Threat Command app, you can support SAML SSO authentication independently using a custom/local app. ... In addition, you can enable SP-initiated S...
Configure Azure AD SSO | Threat Command Documentation
User provisioning with JIT enables Azure AD users to register new Threat Command users directly from Azure AD, thus bypassing the need to set up each user individually in Threat Command. ... This s...
Phishing Watch Frequently Asked Questions | Threat Command Documentation
Q: What data does the Phishing Watch snippet capture? ... When you add a snippet to your website, it recognizes that it is in the official website domain and it will not do anything. ... When it ru...
Website Redirect Detection | Threat Command Documentation
A common practice of a phishing website attack technique is to redirect users to the official website after stealing their PII/personal information so as not to raise suspicion. ... The Phishing Wa...
Subscription Settings, Keys, and API | Threat Command Documentation
You can also download the current PDF document and get or revoke API and appliance keys. ... This page is visible only for administrator users. ... View subscription details ... You can view the fo...
Phishing Watch | Threat Command Documentation
Fraudsters today use legacy tactics—such as phishing—to target online users’ account information. ... The Threat Command Phishing Watch solution provides advanced and preemptive phishing detection ...
IFrame Detection | Threat Command Documentation
Attackers can inject a hidden iframe into a webpage and steal the user’s session (cookie). ... This attack is similar to a redirect, however by leveraging the iframe technique, attackers can perfor...
View IOCs and CVEs with Rapid7 Extend | Threat Command Documentation
Extend comprises two synergetic parts: ... Summary window with enrichment data and additional actions. ... Extend works very similarly for IOCs and CVEs. ... In the following sections, we will poin...
Website Clone Detection | Threat Command Documentation
On This Page ... Website Clone Detection ... The ideal phishing website attack technique is to copy the customer website HTML to imitate the user experience of a real website. ... The following ste...
IntSights Extend Browser Extension | Threat Command Documentation
Extend brings the power of Rapid7 Threat Command to your desktop. ... By using Extend on any web page, you can view indicators and CVEs on that web page. ... If those indicators and CVEs were previ...
Manage and Configure Rapid7 Extend | Threat Command Documentation
This topic describes methods to manage and configure the IntSights Extend browser extension. ... The IntSights Extend browser icon indicates in what state the browser extension is. ... The followin...
Enable SP-Initiated User Login | Threat Command Documentation
IdP-initiated login, through the SSO provider. ... SP-initiated login, through the Threat Command Log In with SSO option. ... To enable either of these login options, you must configure SAML single...
Install and Configure Rapid7 Extend | Threat Command Documentation
Installing Rapid7 Extend is as simple as installing any other Chrome extension. ... Ability to log in to Threat Command, either as admin or analyst. ... If you are asked to give permissions, review...
Provisioning Users with JIT | Threat Command Documentation
When using JIT to provision users, the following apply to those users: ... Logging in to Threat Command is done from the SSO application, not through the Threat Command login. ... The user does not...
Configure PingOne SSO | Threat Command Documentation
Download the Ping certificate that is needed for the Threat Command. ... Before you begin, ensure that you can access the Ping account as an administrator. ... To download the Ping SSO certificate:
Authentication Options | Threat Command Documentation
Use the Authentication page to set global options for 2-factor authentication (2FA), SAML single sign-on (SSO), and IP address access restriction. ... This page is visible only for administrator us...
Configure Customers | Threat Command Documentation
The Customers page enables the managed security service provider (MSSP) to configure customers and customer users. ... The page is available only for Multi-Tenant Threat Management (MTTM) accounts.
Change Existing ArcSight Configuration | Threat Command Documentation
You can edit an existing ArcSight Connector configuration file. ... To change a connector configuration: ... In the wizard that begins, change the connector parameters.
Install a New Certificate | Threat Command Documentation
Do cd /usr/share/ca-certificates ... Run sudo mkdir custom- create a directory called "custom" ... Download the CA certificate of the proxy and save it into "/usr/share/ca-certificates/custom/proxy...