Rapid7 MDR Notifications
You will receive various notifications and alerts from the Rapid7 MDR Service. This page details what to expect with each. If you use mail forwarding rules or other automation to manage alerts, please reference this page for the proper syntax.
Emergent Threat Response
Requests for Information (RFI)
Consolidated (“Alert roll-up”) Requests for Information
|Subject||MDR Notification: < Alert Type > - < Customer Name>|
|Description||These alerts differ from Requests for Information generated by MDR SOC Analysts, but you should treat them with equal importance. |
Alerts included in these notifications do not have the Rapid7 Managed label in InsightIDR. However, the MDR SOC prioritizes these alerts because of their high fidelity. These alerts are sent to you first, requiring your input before an MDR SOC Analyst can investigate.
Alert types include account management activity, authentication activity, cloud service activity, and third-party account leaks. We send these consolidated alerts hourly, except for account leaks, which we send daily.
Action is required. Please review the activity in these alerts. If you are not expecting the activity, please open a case on the Customer Portal for further investigation.
Please work with your Customer Advisor to tune Rapid7 Managed alerts. You can tune most other alerts directly in InsightIDR.
|Recipients||Your Customer Advisor manages designated contacts for MDR SOC communications. These contacts are not currently visible on the platform. Please work with your Customer Advisor to make changes.|
Services Portal Reports
|Subject||Subjects may vary, but follow these general guidelines: Rapid7 MDR < Month YYYY > Service Report uploaded to your portal. Rapid7 MDR < Low/Medium/High > Incident Report uploaded to your portal|
|Description||You will receive these notifications when Rapid7 uploads a document (such as a report or announcement) to your Services Portal. The frequency of these notifications varies based on your service package and environment. The Report Deliverables page contains sample reports.|
|Recipients||Recipients include users with access to the Services Portal on the Insight Platform (adjustable via user management) and those listed under the Services Portal Account Team.|
InsightIDR Incident Alerts
|Subject||InsightIDR Incident Alert|
|Description||These notifications are sent directly from the InsightIDR product by alerts populated in the investigations page. These alerts differ from MDR SOC incidents. Investigations labeled Rapid7 Managed on the InsightIDR Investigations page are the responsibility of the Rapid7 SOC, and all investigations without this tag are the responsibility of your organization. |
Please see InsightIDR Alerts for more information on product alerts.
|Recipients||You can manage these product alerts within the Insight Platform.|
InsightIDR Custom Alerts
|Subject||InsightIDR < Type of Custom Alert > < alert name >|
|Description||With InsightIDR, you have the option of creating custom alerts when built-in alerts do not suit your needs. You can configure custom alerts to notify you to event source inactivity, monitor for events, or detect changes in your environment. The MDR SOC does not monitor custom alerts.|
|Recipients||Custom alert notifications are configured individually in InsightIDR. You have the option to define one or more communication methods.|
Updates and other Communications
Featured Content, Blogs, and Product Updates
Adjust your communication preferences for other Rapid7 content on the Communication Preferences page.
Rapid7 Status Page
Subscribe to Rapid7’s Status page for scheduled maintenance and service degradation notifications.