Try our new research platform with insights from 80,000+ expert users
Rapid7 InsightIDR Logo

Rapid7 InsightIDR pros and cons

Vendor: Rapid7
4.2 out of 5
Leave a review

Pros & Cons summary

Rapid7 InsightIDR provides intelligent alerting and seamless threat monitoring with honey pots and honey users, ensuring stability, scalability, and budget-friendly quick deployment. While it struggles with API integration and ITSM functionality, users seek improved log source support and threat intelligence insights. Its incident management and limited security tool integration require more intuitive search features and customizable configurations for enhanced performance, making it a competitive yet imperfect solution for tech buyers.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Rapid7 InsightIDR offers intelligent alerting to minimize alert fatigue while maintaining high coverage across network systems, from endpoints to firewalls.
Threat modeling integrates seamlessly, utilizing resources from Metasploit and InsightIDR repositories, enhancing security measures through tools like honeypots and honey files.
Technical support is highly rated, providing prompt solutions and comprehensive assistance to any inquiries or issues.
User behavior analytics and comprehensive log searching capabilities allow for effective incident investigation and management, improving security program efficiencies.
The solution provides excellent scalability and efficiency, collecting and processing massive amounts of data daily, swiftly identifying critical security threats and patterns.

CONS

Rapid7 InsightIDR needs easier API integration with ITSMs to automate ticket creation and closure.
More supported log sources and ability to customize collector for logs are required.
Improvement in cloud risk assessment and digital forensics is necessary.
InsightIDR lacks extensive integration with various security tools from different vendors.
Threat intelligence should be enhanced for better understanding of threats.
 

Rapid7 InsightIDR Pros review quotes

it_user836481 - PeerSpot reviewer
it_user836481
Information Security Officer at a tech vendor with 201-500 employees
Mar 13, 2018
Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs.
Read full review
JS
Josh Serna
Information Security Systems Administrator at a non-tech company with 5,001-10,000 employees
Mar 13, 2018
I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters.
Read full review
Chad Kliewer - PeerSpot reviewer
Chad Kliewer
Information Security Officer at PTCI
Mar 13, 2018
Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well.
Read full review
Buyer's Guide
Rapid7 InsightIDR
January 2026
Free Report: Rapid7 InsightIDR Reviews and More
Learn what your peers think about Rapid7 InsightIDR. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.
DOWNLOAD NOW
881,082 professionals have used our research since 2012.
Databasea5f3 - PeerSpot reviewer
Databasea5f3
Database Administrator at a educational organization with 501-1,000 employees
Mar 14, 2018
​​User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day.
Read full review
Security7d6d - PeerSpot reviewer
Security7d6d
Security Manager
Sep 26, 2018
The alerting to drive investigations and remediation has been its most valuable feature.​
Read full review
Informate3db - PeerSpot reviewer
Informate3db
Information Security Manager at a tech vendor with 51-200 employees
Oct 2, 2018
The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue.
Read full review
reviewer1256475 - PeerSpot reviewer
reviewer1256475
IT Engineer Security Operation Team at a tech services company with 201-500 employees
Jan 7, 2020
The web interface is great — very useful and user-friendly.
Read full review
reviewer1339392 - PeerSpot reviewer
reviewer1339392
Enterprise Sales at a tech vendor with 11-50 employees
Jul 19, 2020
If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities.
Read full review
reviewer1526580 - PeerSpot reviewer
reviewer1526580
Linux admin at a wholesaler/distributor with 51-200 employees
Apr 5, 2021
It is a very stable solution.
Read full review
DB
Davide Baudanza
CoFounder & Head of Technology at intuity
Jul 21, 2021
Very intuitive and easy to set up.
Read full review
Show 10 more reviews (out of 31)
 

Rapid7 InsightIDR Cons review quotes

it_user836481 - PeerSpot reviewer
it_user836481
Information Security Officer at a tech vendor with 201-500 employees
Mar 13, 2018
One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not.
Read full review
JS
Josh Serna
Information Security Systems Administrator at a non-tech company with 5,001-10,000 employees
Mar 13, 2018
I feel it would greatly benefit from more supported log sources.
Read full review
Chad Kliewer - PeerSpot reviewer
Chad Kliewer
Information Security Officer at PTCI
Mar 13, 2018
I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert.
Read full review
Buyer's Guide
Rapid7 InsightIDR
January 2026
Free Report: Rapid7 InsightIDR Reviews and More
Learn what your peers think about Rapid7 InsightIDR. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.
DOWNLOAD NOW
881,082 professionals have used our research since 2012.
Databasea5f3 - PeerSpot reviewer
Databasea5f3
Database Administrator at a educational organization with 501-1,000 employees
Mar 14, 2018
It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.​
Read full review
Security7d6d - PeerSpot reviewer
Security7d6d
Security Manager
Sep 26, 2018
Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition.
Read full review
Informate3db - PeerSpot reviewer
Informate3db
Information Security Manager at a tech vendor with 51-200 employees
Oct 2, 2018
The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in.
Read full review
reviewer1256475 - PeerSpot reviewer
reviewer1256475
IT Engineer Security Operation Team at a tech services company with 201-500 employees
Jan 7, 2020
The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful.
Read full review
reviewer1339392 - PeerSpot reviewer
reviewer1339392
Enterprise Sales at a tech vendor with 11-50 employees
Jul 19, 2020
Cloud risk assessment is one area where I think they need a lot of improvement.
Read full review
reviewer1526580 - PeerSpot reviewer
reviewer1526580
Linux admin at a wholesaler/distributor with 51-200 employees
Apr 5, 2021
The dashboard is an area that could be simplified.
Read full review
DB
Davide Baudanza
CoFounder & Head of Technology at intuity
Jul 21, 2021
Lacks a mobile application.
Read full review
Show 10 more reviews (out of 31)

Product Categories

Product Categories
Security Information and Event Management (SIEM)
User Entity Behavior Analytics (UEBA)
Endpoint Detection and Response (EDR)
Threat Deception Platforms
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Rapid7 InsightIDR Logo
CrowdStrike Falcon vs Rapid7 InsightIDR
Wazuh vs Rapid7 InsightIDR Logo
Wazuh vs Rapid7 InsightIDR
Microsoft Defender for Endpoint vs Rapid7 InsightIDR Logo
Microsoft Defender for Endpoint vs Rapid7 InsightIDR
Splunk Enterprise Security vs Rapid7 InsightIDR Logo
Splunk Enterprise Security vs Rapid7 InsightIDR
Fortinet FortiEDR vs Rapid7 InsightIDR Logo
Fortinet FortiEDR vs Rapid7 InsightIDR
Darktrace vs Rapid7 InsightIDR Logo
Darktrace vs Rapid7 InsightIDR
Microsoft Sentinel vs Rapid7 InsightIDR Logo
Microsoft Sentinel vs Rapid7 InsightIDR
SentinelOne Singularity Complete vs Rapid7 InsightIDR Logo
SentinelOne Singularity Complete vs Rapid7 InsightIDR
Commvault Cloud vs Rapid7 InsightIDR Logo
Commvault Cloud vs Rapid7 InsightIDR
IBM Security QRadar vs Rapid7 InsightIDR Logo
IBM Security QRadar vs Rapid7 InsightIDR
Cortex XDR by Palo Alto Networks vs Rapid7 InsightIDR Logo
Cortex XDR by Palo Alto Networks vs Rapid7 InsightIDR
Microsoft Defender XDR vs Rapid7 InsightIDR Logo
Microsoft Defender XDR vs Rapid7 InsightIDR
Varonis Platform vs Rapid7 InsightIDR Logo
Varonis Platform vs Rapid7 InsightIDR
Elastic Security vs Rapid7 InsightIDR Logo
Elastic Security vs Rapid7 InsightIDR
Huntress Managed EDR vs Rapid7 InsightIDR Logo
Huntress Managed EDR vs Rapid7 InsightIDR
See all alternatives

Product Categories

Product Categories
Security Information and Event Management (SIEM)
User Entity Behavior Analytics (UEBA)
Endpoint Detection and Response (EDR)
Threat Deception Platforms
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Rapid7 InsightIDR Logo
CrowdStrike Falcon vs Rapid7 InsightIDR
Wazuh vs Rapid7 InsightIDR Logo
Wazuh vs Rapid7 InsightIDR
Microsoft Defender for Endpoint vs Rapid7 InsightIDR Logo
Microsoft Defender for Endpoint vs Rapid7 InsightIDR
Splunk Enterprise Security vs Rapid7 InsightIDR Logo
Splunk Enterprise Security vs Rapid7 InsightIDR
Fortinet FortiEDR vs Rapid7 InsightIDR Logo
Fortinet FortiEDR vs Rapid7 InsightIDR
Darktrace vs Rapid7 InsightIDR Logo
Darktrace vs Rapid7 InsightIDR
Microsoft Sentinel vs Rapid7 InsightIDR Logo
Microsoft Sentinel vs Rapid7 InsightIDR
SentinelOne Singularity Complete vs Rapid7 InsightIDR Logo
SentinelOne Singularity Complete vs Rapid7 InsightIDR
Commvault Cloud vs Rapid7 InsightIDR Logo
Commvault Cloud vs Rapid7 InsightIDR
IBM Security QRadar vs Rapid7 InsightIDR Logo
IBM Security QRadar vs Rapid7 InsightIDR
Cortex XDR by Palo Alto Networks vs Rapid7 InsightIDR Logo
Cortex XDR by Palo Alto Networks vs Rapid7 InsightIDR
Microsoft Defender XDR vs Rapid7 InsightIDR Logo
Microsoft Defender XDR vs Rapid7 InsightIDR
Varonis Platform vs Rapid7 InsightIDR Logo
Varonis Platform vs Rapid7 InsightIDR
Elastic Security vs Rapid7 InsightIDR Logo
Elastic Security vs Rapid7 InsightIDR
Huntress Managed EDR vs Rapid7 InsightIDR Logo
Huntress Managed EDR vs Rapid7 InsightIDR
See all alternatives
Related questions
  • 87
What SOC product do you recommend?
  • 20
Is Rapid7 InsightIDR the right choice to be used in SOC?
  • 343
What is the difference between IDR and EDR?
  • 135
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 82
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 86
What are the main differences between Nessus and Arcsight?
  • 65
What's The Best Way to Trial SIEM Solutions?
  • 118
Which is the best SIEM solution for a government organization?
  • 543
What is the difference between IT event correlation and aggregation?
  • 70
What Is SIEM Used For?