Cisco Security and Rapid7 InsightIDR

Rapid7 technologies makes it simple to collect operational data across systems, eliminating blind spots and unlocking the information required to securely develop, operate, and manage today’s sophisticated applications and services. Our analytics and science transform data into key insights to quickly predict, deter, detect, and remediate attacks and obstacles to productivity.

InsightIDR accelerates detection and response by increasing efficiency with embedded threat intelligence, expertly vetted detections, and automation for faster response.

Product Integrations

• Panoptica: The integration between Panoptica snd IntSights (Rapid7) provides and ability to enrich the CVEs feed and provide Threat Intelligence trends for each detected CVE.
• Secure Firewall ASA: InsightIDR collects connection and VPN event data from Secure Firewall ASA to aid investigations.
• Secure Firewall: Cisco Secure Firewall combines the power of Cisco’s ASA firewall with its own IDS, previously called IDS. You can configure Cisco Secure Firewall to send IDS log data to InsightIDR.

Key Features

• Integrate Cisco Secure Firewall Threat Defense with InsightIDR

Requirements

• Must have Cisco Secure Firewall Threat Defense v6.3 and higher

Umbrella: The InsightIDR attribution engine will perform attribution using the source address present in the Umbrella log lines.

Secure Endpoint: When you connect Cisco AMP to InsightIDR, your logs will parse out Advanced Malware and Virus infection events aiding in investigations.