Search Results

Phishing Watch Frequently Asked Questions | Threat Command Documentation

Q: What data does the Phishing Watch snippet capture? ... When you add a snippet to your website, it recognizes that it is in the official website domain and it will not do anything. ... When it ru...

Provisioning Users with JIT | Threat Command Documentation

When using JIT to provision users, the following apply to those users: ... Logging in to Threat Command is done from the SSO application, not through the Threat Command login. ... The user does not...

IFrame Detection | Threat Command Documentation

Attackers can inject a hidden iframe into a webpage and steal the user’s session (cookie). ... This attack is similar to a redirect, however by leveraging the iframe technique, attackers can perfor...

Configure Okta SSO | Threat Command Documentation

In addition, you can enable SP-initiated SSO and user provisioning with the SAML Just In Time (JIT) method. ... User provisioning with JIT enables users to register new users to Threat Command dire...

View IOCs and CVEs with Rapid7 Extend | Threat Command Documentation

Extend comprises two synergetic parts: ... Summary window with enrichment data and additional actions. ... Extend works very similarly for IOCs and CVEs. ... In the following sections, we will poin...

Website Redirect Detection | Threat Command Documentation

A common practice of a phishing website attack technique is to redirect users to the official website after stealing their PII/personal information so as not to raise suspicion. ... The Phishing Wa...

Install and Configure Rapid7 Extend | Threat Command Documentation

Installing Rapid7 Extend is as simple as installing any other Chrome extension. ... Ability to log in to Threat Command, either as admin or analyst. ... If you are asked to give permissions, review...

Website Clone Detection | Threat Command Documentation

On This Page ... Website Clone Detection ... The ideal phishing website attack technique is to copy the customer website HTML to imitate the user experience of a real website. ... The following ste...

Phishing Watch | Threat Command Documentation

Fraudsters today use legacy tactics—such as phishing—to target online users’ account information. ... The Threat Command Phishing Watch solution provides advanced and preemptive phishing detection ...

Manage and Configure Rapid7 Extend | Threat Command Documentation

This topic describes methods to manage and configure the IntSights Extend browser extension. ... The IntSights Extend browser icon indicates in what state the browser extension is. ... The followin...

Enable SP-Initiated User Login | Threat Command Documentation

IdP-initiated login, through the SSO provider. ... SP-initiated login, through the Threat Command Log In with SSO option. ... To enable either of these login options, you must configure SAML single...

IntSights Extend Browser Extension | Threat Command Documentation

Extend brings the power of Rapid7 Threat Command to your desktop. ... By using Extend on any web page, you can view indicators and CVEs on that web page. ... If those indicators and CVEs were previ...

Subscription Settings, Keys, and API | Threat Command Documentation

You can also download the current PDF document and get or revoke API and appliance keys. ... This page is visible only for administrator users. ... View subscription details ... You can view the fo...

Virtual Appliance Hardening | Threat Command Documentation

The Threat Command virtual appliance is a secure, closed appliance: both the OS (Ubuntu 20.04 LTS) and the application are maintained solely by Rapid7. ... In addition, Rapid7 performs server harde...

Configure Customers | Threat Command Documentation

The Customers page enables the managed security service provider (MSSP) to configure customers and customer users. ... The page is available only for Multi-Tenant Threat Management (MTTM) accounts.

Change Check Point Device Blade Configuration | Threat Command Documentation

You can change the Check Point IOC mapping blade configuration after the device is added. ... To change the blade configuration: ... From Threat Command, select Automations > Integration. ... Selec...

Configure PingOne SSO | Threat Command Documentation

Download the Ping certificate that is needed for the Threat Command. ... Before you begin, ensure that you can access the Ping account as an administrator. ... To download the Ping SSO certificate:

Authentication Options | Threat Command Documentation

Use the Authentication page to set global options for 2-factor authentication (2FA), SAML single sign-on (SSO), and IP address access restriction. ... This page is visible only for administrator us...

Configure Users | Threat Command Documentation

Administrator users can use the Users page to add new or manage current (or deleted) Threat Command users, including their own user. ... You can sort the Users page by the Name, Status, and Last ac...

Update User Profile Details | Threat Command Documentation

Analyst and admin users change their user settings in different ways: ... Analyst users see and use the Settings > My Profile page, described in this topic. ... Administrator users see and use the ...