Rapid7 Product Connections
Describes how to leverage synergies between Rapid7 Threat Command and other Rapid7 products.
Get TIP IOC Data in IDR & ICON
Users can now configure a Quick Action to 'get an indicator by value' from the Threat Command TIP database from any page within InsightIDR or InsightConnect.
(This requires a connection to a user's instance of Threat Command with TIP enabled.)
Users can search for information about IP addresses, file hashes, domains, and URLs. The quick action provides the following data:
- Severity
- Status (active or retired)
- Score
- Is whitelisted
- First seen
- Last seen
- Last update
- Geo location
- Reporting feeds
- Tags
- Related malware, campaigns, and threat actors
This enables users to rapidly pivot between Rapid7 Insight platform solutions to expedite use cases. Specifically, users can easily enrich IOCs tied to alerts in IDR by leveraging TIP.
Did this page help you?