Platform
- TECHNOLOGY
  The Rapid7 Command Platform
  AI-Powered Cybersecurity Platform
  Explore
Products
- NEW!
  Exposure Command
  Take Command of Your Attack Surface
  Request Demo
- DETECTION & RESPONSE
- Next-Gen SIEM
  INSIGHTIDR
- Threat Intelligence
  THREAT COMMAND
Services
- MXDR
  Managed Threat Complete
  24x7 MXDR to secure your extended ecosystem
  Request Demo
- DETECTION & RESPONSE
- Managed XDR
  MANAGED THREAT COMPLETE
- Incident Response Services
  EXPERIENCING A BREACH?
Resources
- NEW
  The 2024 Attack Intelligence Report
  Read the latest research by Rapid7 Labs
  READ NOW
Company
Partners
Sign In

Documentation

Threat Command

Platform
- TECHNOLOGY
  The Rapid7 Command Platform
  AI-Powered Cybersecurity Platform
  Explore
Products
- NEW!
  Exposure Command
  Take Command of Your Attack Surface
  Request Demo
- DETECTION & RESPONSE
- Next-Gen SIEM
  INSIGHTIDR
- Threat Intelligence
  THREAT COMMAND
Services
- MXDR
  Managed Threat Complete
  24x7 MXDR to secure your extended ecosystem
  Request Demo
- DETECTION & RESPONSE
- Managed XDR
  MANAGED THREAT COMPLETE
- Incident Response Services
  EXPERIENCING A BREACH?
Resources
- NEW
  The 2024 Attack Intelligence Report
  Read the latest research by Rapid7 Labs
  READ NOW
Company
Partners

Sign In

Documentation
Threat Command
Release Notes

Docs Menu

Welcome

Welcome to Threat Command
Register to Threat Command
Log in to Threat Command
Multi Tenant Threat Management
Rapid7 Product Connections
Customer Support

Threat Command

Threat Command
Architecture Overview
Threat Command Dashboard
Threat Command Quick Start
Strategic Intelligence
Manage Alerts
Remediate an Alert
Threats
Configure Assets
- Asset Types and Formats
- Alerts from Assets
Asset Management
Create Reports
Configurations

Threat Intelligence Platform (TIP)

TIP Overview
TIP Quick Start
TIP Sources
TIP IOCs
TIP Dashboard
Investigation
- View Investigation Map and Overview
- View Investigation Additional Enrichment Data
Threat Library
- Threat Library Related Information
IntelliFind

Vulnerabilty Risk Analyzer (VRA)

Vulnerability Risk Analyzer
Manage Vulnerabilities
- CVE Details
- Export CVEs to a CSV
Vulnerability Alerts

Threat Third-Party

Threat Third Party
Risk Assessment

Automation

Automation
Automate Actions on Alerts
Automate Internal Remediation
- Create IOC Management Rules
- Manage IOC Groups
Alert Profiler

Integrate Devices

Integrate Devices
The Threat Command Virtual Appliance
Integrate Cloud Devices
Integrate On-Premises Devices
Automate Leaked Credentials with Active Directory
- Integrate an Azure Active Directory Device
- Integrate a Microsoft Active Directory
InsightIDR Integration
IntSights App for Splunk
- Splunk App Install, Configure, and Upgrade
IntSights Splunk App for Splunk SOAR (Phantom)
- IntSights Splunk App for Splunk SOAR Installation and Configuration
- IntSights Splunk App for Splunk SOAR Activities
Rapid7 Threat Command App for Elastic SIEM
ServiceNow Security App
ServiceNow ITSM App
IntSights App for IBM QRadar
- IBM QRadar App Installation and Configuration
Integration Appendix

Settings

Update User Profiles
Configure Users
Configure Customers
Subscription Settings, Keys, and API
Authentication Options

IntSights Extend Browser Extension

IntSights Extend Browser Extension
Install and Configure Rapid7 Extend
Manage and Configure Rapid7 Extend
View IOCs and CVEs with Rapid7 Extend

Phishing Watch

Phishing Watch
Website Clone Detection
Website Redirect Detection
IFrame Detection
Phishing Watch Frequently Asked Questions

Welcome

Welcome to Threat Command
Register to Threat Command
Log in to Threat Command
Multi Tenant Threat Management
Rapid7 Product Connections
Customer Support

Threat Command

Threat Command
Architecture Overview
Threat Command Dashboard
Threat Command Quick Start
Strategic Intelligence
Manage Alerts
Remediate an Alert
Threats
Configure Assets
- Asset Types and Formats
- Alerts from Assets
Asset Management
Create Reports
Configurations

Threat Intelligence Platform (TIP)

TIP Overview
TIP Quick Start
TIP Sources
TIP IOCs
TIP Dashboard
Investigation
- View Investigation Map and Overview
- View Investigation Additional Enrichment Data
Threat Library
- Threat Library Related Information
IntelliFind

Vulnerabilty Risk Analyzer (VRA)

Vulnerability Risk Analyzer
Manage Vulnerabilities
- CVE Details
- Export CVEs to a CSV
Vulnerability Alerts

Threat Third-Party

Threat Third Party
Risk Assessment

Automation

Automation
Automate Actions on Alerts
Automate Internal Remediation
- Create IOC Management Rules
- Manage IOC Groups
Alert Profiler

Integrate Devices

Integrate Devices
The Threat Command Virtual Appliance
Integrate Cloud Devices
Integrate On-Premises Devices
Automate Leaked Credentials with Active Directory
- Integrate an Azure Active Directory Device
- Integrate a Microsoft Active Directory
InsightIDR Integration
IntSights App for Splunk
- Splunk App Install, Configure, and Upgrade
IntSights Splunk App for Splunk SOAR (Phantom)
- IntSights Splunk App for Splunk SOAR Installation and Configuration
- IntSights Splunk App for Splunk SOAR Activities
Rapid7 Threat Command App for Elastic SIEM
ServiceNow Security App
ServiceNow ITSM App
IntSights App for IBM QRadar
- IBM QRadar App Installation and Configuration
Integration Appendix

Settings

Update User Profiles
Configure Users
Configure Customers
Subscription Settings, Keys, and API
Authentication Options

IntSights Extend Browser Extension

IntSights Extend Browser Extension
Install and Configure Rapid7 Extend
Manage and Configure Rapid7 Extend
View IOCs and CVEs with Rapid7 Extend

Phishing Watch

Phishing Watch
Website Clone Detection
Website Redirect Detection
IFrame Detection
Phishing Watch Frequently Asked Questions

Provisioning Users with JIT

You can provision user access to Threat Command with SAML Just in Time (JIT) from your single sign-on (SSO) provider. The service is available for Azure AD and Okta SSO.

When using JIT to provision users, the following apply to those users:

Logging in to Threat Command is done from the SSO application, not through the Threat Command login.
The user does not have a Threat Command password.
Deleting a user from the SSO application does not delete them from Threat Command.
A user deleted from the SSO application cannot Log in to Threat Command (as they have no password). You can manually delete that user from Threat Command.
Users are assigned the same time zone as the account.
To change the time zone or make other changes to user settings (notifications, etc.) use the Threat Command Settings > Users page.
Users have a notation in their user card that their user was provisioned by SAML JIT.

For more information on configuring SSO and user provisioning, see these sections: