Rapid7 Active Response

Rapid7 Active Response is an optional add-on to our Managed Detection and Response (MDR) service that enables our expert SOC analysts to respond directly to validated threats in your environment.

• Active Response Deployment Overview

With Active Response, our analysts can isolate endpoints and disable compromised user accounts within minutes, limiting attacker dwell time and accelerating time to respond. To learn more about MDR Active Response, check out this video:

How it works

Here’s how Rapid7 Active Response works:

• During setup, you will install the required plugins, set up connections and provide a list of users and assets (such as critical servers, users, or devices) that you want excluded from quarantine actions. This way, we don’t treat your Domain Controller the same as a typical user.
• Active Response then uses the Rapid7 Insight Agent or VMware Carbon Black Response EDR to isolate threats by quarantining users or endpoints as early in the kill chain as possible, preventing malware propagation across your systems, lateral movement, or data exfiltration.
• The MDR team will send real-time updates to actions using your preferred communication methods as long as it is supported by Active Response.
• Throughout the containment process, you can accelerate or cancel containment actions before they run from your mobile or desktop devices via Slack.

Active Response Deployment Overview

Active Response Deployment Milestones are listed below:

The following sections contain installation and configuration instructions to guide you through the deployment process.