SOC Supported Third Party Security Tools
Rapid7 provides comprehensive support to customers by leveraging advanced tools and expert services to triage and investigate security events across endpoints, identity, network, and cloud environments. Our mission is to help customers achieve full visibility into their environments by ingesting third-party alerts, correlating them with our own where applicable, and focusing investigations on alerts that indicate significant security risks or threats.
The Rapid7 SOC will triage, investigate, and respond to alerts from select third party security tools. Rapid7 will only perform these actions within InsightIDR. Rapid7 will not close alerts in third party systems via manual process or API access and/or integrations.
Alerts from third-party security tools are integrated into InsightIDR by configuring the appropriate event sources. As with all event sources in InsightIDR, Rapid7 assists with event source configuration but does not have control over potential disruptions in data flow from third-party tools to InsightIDR. While such disruptions are not common, they can result in gaps in detection or services. Because these outages are often due to factors outside of Rapid7’s control, Rapid7 cannot be held responsible for disruptions in the flow of data from third parties.
The Rapid7 SOC will triage, investigate, and respond to alerts the third party classifies with their top severity/priority at the time of ingestion to InsightIDR. These alerts will be mapped to Rapid7’s “High” priority and will be subject to the same service level objectives as all other high priority alerts. Rapid7’s “Critical” priority is reserved for Rapid7 authored detections, and select third party detections that meet strict efficacy requirements. For clarification purposes, Rapid7’s service level objectives for any alert from a third party are based on the created time within InsightIDR and not the event time in the third party system. Any custom alerts from a third party product, regardless of priority, will not be triaged by the Rapid7 MDR SOC.
Supported Third Party Security Tools
| Third Party | Category |
|---|---|
| AWS GuardDuty | Cloud |
| CrowdStrike Falcon | Endpoint |
| SentinelOne EDR | Endpoint |
| Microsoft Defender for Cloud | Cloud |
| Microsoft Defender for Endpoint | Endpoint |
| Microsoft Defender for Entra Identity | Identity |
| Microsoft Defender for Cloud Apps | Cloud |
| Microsoft Defender for Office 365 | Cloud |
We will update this table as SOC support for new tools are released.
The number of third-party products monitored by Rapid7 is determined by your service level.
- MTC Advanced, MTC Ultimate, and MDR Elite customers are entitled to monitoring for two (2) third-party products, with the option to purchase additional monitoring if needed.
- MTC Essential and MDR Essentials customers must purchase third-party product monitoring as an add-on.