[ARCHIVED] Rapid7 MTC Notifications
You will receive various notifications and alerts from the Rapid7 MDR Service. This page details what to expect with each. If you use mail forwarding rules or other automation to manage alerts, please reference this page for the proper syntax.
Emergent Threat Response
| Sender | emergent_threat_advisory@rapid7.com |
| Subject | CVE name is included, but subject may vary. |
| Description | Upon learning of new vulnerabilities or threats that may impact our customers, the Rapid7 team will proactively communicate with all Rapid7 Managed Services customers through email with details of what we know, how customers can take proactive measures to protect themselves, and what our Rapid7 team is doing to assist them. |
| Recipients | Your Cybersecurity Advisor manages designated contacts for Emergent Threat Response notifications. Security Distribution Lists are excluded as our customers often reserve these for 24/7 incident notification. These contacts are not currently visible on the platform. Please work with your Cybersecurity Advisor to make changes. |
| Example |  |
MDR SOC
Incident Notifications
| Sender | managed@rapid7.com |
| Subject | Rapid7 MDR <Low/Medium/High> Incident: < subject > - Case < Case# > |
| Description | MDR SOC Analysts generate these notifications when they have detected an incident in your environment. Additionally, a member of the MDR SOC team will call designated contacts for medium and high severity incidents. Incident notifications typically include: - Evidence of incident - Impacted asset hosts - Impacted users - Immediate remediation actions - Link to InsightIDR investigation - Any questions for your team The frequency of these notifications varies based on your environment. Action is required. Please take the recommended remediation actions and continue working with the MDR team throughout the incident. Please work with your Cybersecurity Advisor to tune these alerts as needed. |
| Recipients | Your Cybersecurity Advisor manages designated contacts for MDR SOC communications. These contacts are not currently visible on the platform. Please work with your Cybersecurity Advisor to make changes. |
| Example |  |
Requests for Information (RFI)
| Sender | managed@rapid7.com |
| Subject | Rapid7 MDR RFI: < subject > - Case < Case# > |
| Description | MDR SOC Analysts generate these notifications when investigating activity and need more information. The frequency of these notifications varies based on your environment. Action is required. Please review the activity in these alerts and let the MDR team know whether or not you expect this activity. Please work with your Cybersecurity Advisor to tune these alerts as needed. |
| Recipients | Your Cybersecurity Advisor manages designated contacts for MDR SOC communications. These contacts are not currently visible on the platform. Please work with your Cybersecurity Advisor to make changes. |
| Example |  |
Consolidated (“Alert roll-up”) Requests for Information
| Sender | mdr_notifications@rapid7.com |
| Subject | MDR Notification: < Alert Type > - < Customer Name> |
| Description | These alerts differ from Requests for Information generated by MDR SOC Analysts, but you should treat them with equal importance. Alerts included in these notifications do not have the Rapid7 Managed label in InsightIDR. However, the MDR SOC prioritizes these alerts because of their high fidelity. These alerts are sent to you first, requiring your input before an MDR SOC Analyst can investigate. Alert types include account management activity, authentication activity, cloud service activity, and third-party account leaks. We send these consolidated alerts hourly, except for account leaks, which we send daily. Action is required. Please review the activity in these alerts. If you are not expecting the activity, please open a case on the Customer Portal for further investigation. Please work with your Cybersecurity Advisor to tune Rapid7 Managed alerts. You can tune most other alerts directly in InsightIDR. |
| Recipients | Your Cybersecurity Advisor manages designated contacts for MDR SOC communications. These contacts are not currently visible on the platform. Please work with your Cybersecurity Advisor to make changes. |
| Example |  |
Services Portal Reports
| Sender | insight_noreply@rapid7.com |
| Subject | Subjects may vary, but follow these general guidelines: Rapid7 MDR < Month YYYY > Service Report uploaded to your portal. Rapid7 MDR < Low/Medium/High > Incident Report uploaded to your portal |
| Description | You will receive these notifications when Rapid7 uploads a document (such as a report or announcement) to your Services Portal . The frequency of these notifications varies based on your service package and environment. The Report Deliverables page contains sample reports. |
| Recipients | Recipients include users with access to the Services Portal on the Insight Platform (adjustable via user management ) and those listed under the Services Portal Account Team . |
| Example |  |
InsightIDR Product
InsightIDR Incident Alerts
| Sender | insight_noreply@rapid7.com |
| Subject | InsightIDR Incident Alert |
| Description | These notifications are sent directly from the InsightIDR product by alerts populated in the investigations page. These alerts differ from MDR SOC incidents. Investigations labeled Rapid7 Managed on the InsightIDR Investigations page are the responsibility of the Rapid7 SOC, and all investigations without this tag are the responsibility of your organization. Please see InsightIDR Alerts for more information on product alerts. |
| Recipients | You can manage these product alerts within the Insight Platform . |
| Example |  |
InsightIDR Basic Detection Rules (formerly known as Custom Alerts)
| Sender | insight_noreply@rapid7.com |
| Subject | InsightIDR < Type of Basic Detection Rule > < alert name > |
| Description | With InsightIDR, you have the option of creating basic detection rules when built-in detection rules do not suit your needs. You can configure basic detection rules to notify you to event source inactivity, monitor for events, or detect changes in your environment. The MDR SOC does not monitor basic detection rules. |
| Recipients | Basic detection rule notifications are configured individually in InsightIDR. You have the option to define one or more communication methods . |
| Example |  |
Updates and other Communications
Featured Content, Blogs, and Product Updates
Adjust your communication preferences for other Rapid7 content on the Communication Preferences page .
Rapid7 Status Page
Subscribe to Rapid7’s Status page for scheduled maintenance and service degradation notifications.