Rapid7 InsightIDR is a cloud-based security information and event management solution known for its user behavior analytics, offering rapid detection and response capabilities while facilitating seamless integration across systems.
| Product | Mindshare (%) |
|---|---|
| Rapid7 InsightIDR | 2.1% |
| Splunk Enterprise Security | 7.3% |
| IBM Security QRadar | 5.3% |
| Other | 85.3% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Security Information and Event Management (SIEM) | Jun 23, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 23, 2026 | Download |
| Comparison | Rapid7 InsightIDR vs Splunk Enterprise Security | Jun 23, 2026 | Download |
| Comparison | Rapid7 InsightIDR vs IBM Security QRadar | Jun 23, 2026 | Download |
| Comparison | Rapid7 InsightIDR vs Wazuh | Jun 23, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| CrowdStrike Falcon | 4.3 | 2.8% | 97% | 140 interviewsAdd to research |
| Cortex XDR by Palo Alto Networks | 4.2 | N/A | 96% | 112 interviewsAdd to research |
The ROI from Rapid7 InsightIDR is presumed to be substantial, although an exact figure was never calculated by users.
| Company Size | Count |
|---|---|
| Small Business | 19 |
| Midsize Enterprise | 5 |
| Large Enterprise | 5 |
| Company Size | Count |
|---|---|
| Small Business | 322 |
| Midsize Enterprise | 185 |
| Large Enterprise | 426 |
Rapid7 InsightIDR is designed to enhance threat detection and investigation through its efficient user behavior analytics and advanced threat intelligence framework. The platform's cloud-based deployment ensures rapid setup and comprehensive event monitoring across diverse IT environments, including endpoints and Office 365. Its intuitive interface supports seamless data collection, honing in on threat detection through honeypot utilization and intelligent alerting. However, it is noted for lacking some customization features and better integration, especially with Microsoft and ITSMs.
What are the key features of Rapid7 InsightIDR?Rapid7 InsightIDR is prominently used in security operation centers to manage events, detect threats, and respond effectively. Industries apply it for network behavior monitoring, compliance, and vulnerability management. Companies integrate it with security tools to boost threat investigation, ensuring full SIEM functionalities and robust log management capacities. Its application spans behavioral and intrusion analytics, aiding in monitoring and addressing malicious activities.
Rapid7 InsightIDR was previously known as InsightIDR.
Liberty Wines, Pioneer Telephone, Visier
| Author info | Rating | Review Summary |
|---|---|---|
| Head Of Cyber Security at Super Secure | 3.5 | I've used Rapid7 InsightIDR for about five years, mainly with banking clients for compliance and threat detection, but it lacks customization and advanced SOAR features compared to Splunk or LogRhythm, making it better suited for mid-tier organizations. |
| Principal IT Security & Compliance at IBEX Holdings Ltd | 3.5 | <p>I use Rapid7 InsightIDR for a comprehensive alert overview, integrating it with endpoint and NDR solutions. It offers unlimited storage, user behavior analytics, and MITRE ATT&CK. While AI improvements are needed, incident response time and search capabilities are efficient.</p> |
| Chief Technology Officer at a tech vendor with 51-200 employees | 3.5 | Rapid7 InsightIDR's intelligence and vulnerability management features are highly valued for their native integration, enhancing detection capabilities. However, the cloud-first approach lacks on-premises support, particularly affecting market acceptance in regions like the Middle East. Improvements in customer support are needed. |
| Network & Security Engineer at PT. Centrin Online Prima | 4.0 | I use Rapid7 InsightIDR to detect malicious activities at endpoints in my company. The Insight Agent reveals endpoint risks, but integration needs improvement. AI-enhanced functionalities would be beneficial. I deployed it on AWS without evaluating other solutions. |
| Country Sales Lead at securic systems | 4.0 | Rapid7 InsightIDR is user-friendly, cloud-based, and integrates well with EDR solutions, though it needs more development towards XDR capabilities. Compared to QRadar and other established SIEM providers, its licensing and threat intelligence differ significantly, favoring longtime market leaders. |
| Founder & CEO at AGILLY | 4.0 | I use Rapid7 InsightIDR for secret events, compliance, and information management. I appreciate its user analysis feature, but find it challenging for log searches and feel that it could benefit from improved dashboards and user-friendly templates. |
| Director of Solutions and Alliances at a tech services company with 1-10 employees | 4.0 | I am a system integrator for Rapid7 InsightIDR, which serves as the core of our security operations. Its detection rules and integration features are beneficial, though the search capabilities need improvement to simplify incident handling. |
| Cyber Security Trainer and Programmer at Freelancer | 4.5 | We use Rapid7 InsightIDR for EDR and SIP management, event management, threat detection, and DFIR. It features excellent dashboards and threat alerts, yet needs improved threat intelligence depth. User behavior analytics are positive, enhancing overall security operations. |
| Systems Administrator at a consultancy with 51-200 employees | 4.5 | I use Rapid7 InsightIDR to collect logs across our IT environment. The most valuable feature is its centralized dashboard. However, it lacks pre-made queries. We switched from Unomaly because Rapid7 provides broader system monitoring beyond just syslogs. |
| Security Engineer at Secure Networks | 4.5 | I find Rapid7 InsightIDR an impressive tool for threat detection, with an intuitive UI and valuable features like legacy UBA. However, it should allow more than 30 custom rules. Compared to IBM QRadar, Splunk, and Sentinel, it's easier to handle. |
I am working with Rapid7 InsightOps and Rapid7 InsightIDR because the requirement is as such from the customer side, particularly the banks. Whatever the requirement is, these are the products that we are working with.
I usually recommend Rapid7 InsightIDR for banks because that is the bigger chunk here who do business in cybersecurity or whose requirement is that compliance requirements need to be filled by certain products, which Rapid7 InsightIDR is one of them.
UEBA is an important element these days, but usually the requirement is for threat detection, investigation, and response. This is what Rapid7 InsightIDR provides.
Banks typically go for threat detection, investigation, and response capabilities. End-user entity and behavior analysis, or UEBA, is certainly an important addition if we provide the solution along with UEBA. It provides that and this is something that the customer cannot ignore because they want to have a 360-degree coverage of their emails or for their users and what they are doing. This is definitely their requirement.
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled.
Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.
It has been about four to five years now that we have been working with Rapid7. Whatever the products, they were all related to vulnerability tools that we have been working with. It has been a journey of about five years with Rapid7.
Rapid7 InsightIDR is budget-friendly and has a good market position because not everybody can afford to go for LogRhythm or Splunk or QRadar. It is good for a middle-tier organization. In that market, there is competition now.
I do not recommend Rapid7 InsightIDR for bigger companies because they trust these big brands such as QRadar or LogRhythm. The general perception is that these are the solutions for big organizations having hundreds of branches or more. Rapid7 InsightIDR fits in the middle tier.
The integration of Rapid7 InsightIDR with the security stack works fine because the systems in this part of the world are not so much cloud-driven. They have something around 20% or 30% of services running from the cloud. The rest are usually on-premises. Office 365 is one service that they get from the cloud. Networking typically includes Cisco and Fortinet in their networks. For endpoints, the operating system is usually Windows or Linux, not Mac in an enterprise environment. Windows and Linux can be easily integrated with this solution.
The dashboard functionalities of Rapid7 InsightIDR are usually about customer-friendliness. Customers want to have some rich enrichment of the analysis or the ticket alerts or the events that come out with some processing behind the scenes. They feel that it is a more rapid or more intense process at Splunk or LogRhythm or QRadar compared to Rapid7 InsightIDR.
For automated threat intelligence features, customers usually go for a full SOAR solution. They want to have playbooks and everything to run. Although Rapid7 InsightIDR does claim that it has integrated SOAR, called InsightConnect, this is not as advanced as a dedicated SOAR solution. LogRhythm solutions or Splunk solution or Sumo Logic solution are doing business here as well. These are considered more rich in features compared to Rapid7 InsightIDR.
I rate Rapid7 InsightIDR between a six and seven out of ten.
I am using Rapid7 InsightIDR as an InsightIDR solution. This tool is integrated with other solutions like endpoint and NDR, and it correlates alerts, giving me a comprehensive picture of the alerts.
The platform offers unlimited storage and agent-based solutions. I have user behavior analytics (UBA) and MITRE ATT&CK as well. The user behavior analytics feature helps in enhancing the security posture by helping to identify user behaviors and engineering alerts based on them.
There is a future in AI with Rapid7, however, it is not fully operated. There are certain limitations with Rapid7 that I am working on. I have already opened a list of features with Rapid7, and they are working on it.
I have been using Rapid7 InsightIDR for about two years.
So far, I have not had any performance issues with Rapid7 InsightIDR. It is working well, and I have not faced any downtime in the last two years.
Every product has some limitations, and Rapid7 is no exception, yet it is working for me perfectly right now.
I rate their technical team 8.5 out of ten, which is pretty good.
Positive
Currently, I am not working with the LogRhythm solution. I have another SIEM solution in place. Previously, three years back, I was working with LogRhythm, however, now I do not.
The initial setup was straightforward, and I did not face any complexities during the setup of the IDR product.
The incident response time is good, and I can easily find or search any incident. I easily build the queries in Rapid7 and search my relevant logs or relevant investigation logs.
I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product.
Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.
The most valuable feature of the product for managing security events stems from the fact that the product's intelligence part is very good since it offers its own threat intelligence and vulnerability management platform. The tool also has its own cloud security posture management platform. The tool also is a dynamic application security testing platform. The aforementioned tools fall under Rapid7 InsightIDR's kitty. The intelligence and the data that Rapid7 gathers from customers across the globe enrich the quality of its detection capabilities. All other tools in the market depend on third-party solutions for intelligence. Rapid7 InsightIDr has the intelligence part natively available within the product, giving it a good edge over other vendors.
I believe that Rapid7 InsightIDR has moved to a complete cloud-first strategy. The tools offered by Rapid7 InsightIDR are amazing. The product should have provided some capabilities to users who wanted to stay or use the tool's on-premises version, as it would have provided the solution with more acceptance in the market, especially in the Middle East region.
It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required.
I have been using Rapid7 InsightIDR for three to four years.
As I haven't heard any complaints about the product, I rate the solution's stability a nine out of ten.
Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable.
The product is meant for medium-sized customers and large enterprises and not for corporate or government organizations since the product is available only on the cloud. Customers who have the privilege of using cloud solutions can use Rapid7 InsightIDR. Cloud solutions' use is less in government spaces in the Middle East region since there are some regulations to use cloud-based products. In the private space, I feel that Rapid7 InsightIDR is considered to be a fairly strong product.
It is difficult for enterprise businesses to use the solution, especially the ones regulated by governments. There are no problems with the solution when it comes to a private company or a private enterprise. I think Rapid7 InsightIDR provides the best tools. The tool won't work for you if you are not allowed to use a public cloud.
I rate the technical support a six to seven out of ten.
Neutral
The tool has improved the efficiency of security incident detection and response in our company as it works fairly well. It is possible to enhance the capabilities of the platform since the solution offers a whole stack or suite of tools. When dealing with Rapid7 InsightIDR, you will see the integration capabilities offered are extremely seamless. Rapid7 InsightIDR offers its own set of features that enrich the capabilities of the vulnerability management tool. In general, the product's features increase the solution's overall capabilities in terms of reporting and detection of vulnerabilities.
I can't remember a scenario where the product was effective in threat hunting or investigation. Rapid7 InsightIDR is a very acceptable product for people who want a cloud-based solution. The product is not available on an on-premises version. The product can be useful for industries ranging from SMBs to large-sized companies where there is a need for a tool that can be very easily rolled out at a very effective and attractive price point that gives them very good coverage from a cybersecurity perspective.
Speaking about how the product has enhanced the security posture in our company, I would say that I am not really sure about the capabilities of the UABA part of the solution since I haven't seen many use cases around it.
Rapid7 InsightIDR mean time-to-detect and mean time-to-respond are fairly good because Rapid7's support team does pick up a ticket whenever it is raised from the users' end, but its mean time-to-resolve has some concerns since some of the tools under Rapid7 are available on an on-premises model. In specific to InsightIDR, I think that everything is very good, including areas like detection, MTTD, and MTTR, which are very good in InsightIDR specifically. The product can improve a bit in the area of MTTD and MTTR.
Rapid7 InsightIDR's integration capabilities with other tools are not an area I have experience with since the product is completely available on the cloud. I believe that whatever integrations users want from the product would work since it is a solution that is available on the cloud. I don't have personal experience with the integration part.
I rate the overall tool a seven out of ten.
Rapid7 InsightIDR helps me detect any malicious activities in any endpoints in my company.
I have seen that Rapid7 InsightIDR provides security to the networks and endpoints in the company.
With Rapid7 InsightIDR, you must install the Insight Agent, after which you may get to see some of the risks affecting endpoints.
The integration capabilities of the solution have certain shortcomings where improvements are required.
If possible, it would be great to see AI embedded in all the functionalities offered by the product.
I have been using Rapid7 InsightIDR for four years. I use the solution's latest version since the version gets automatically updated as it is a cloud-based tool. I work as a distributor of the product.
Stability-wise, I rate the solution an eight out of ten.
It is a scalable solution. Scalability-wise, I rate the solution an eight out of ten.
The time required to complete the product's installation phase depends on the number of endpoints that a user has in their environment. Insight Agent can be deployed in a couple of minutes.
Five engineers in my company take care of the deployment phase of Rapid7 InsightIDR.
The solution is deployed on the public cloud services offered by AWS.
Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight.
I did not evaluate any other options in the market against Rapid7 InsightIDR.
I have never been involved with any maintenance process related to Rapid7 InsightIDR.
To those who plan to use the solution, I suggest that they undertake a training program to understand the product.
I rate the overall tool an eight out of ten.
I like that it's a cloud-based solution. The features of all SIEM solutions are pretty much the same, but Rapid7 is user-friendly, totally cloud-based, and can integrate into the EDR solution whenever a customer wants it. Those are USPs for us.
Because Rapid7 was originally a vulnerability management solution, more and more companies are now moving towards their technologies and their existing SIEM applications and converting them to XDR solutions. Though Rapid7 provides its EDR option with SIEM, it has a long way to go to achieve an XDR status.
I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR because every SIEM solution provider is moving their solutions toward XDR.
The product is stable.
We used to use QRadar in my previous company. The first difference is in the deployment architecture. QRadar comes with cloud and on-prem options. In countries like Pakistan, where I am from, there are very strict regulations for using cloud solutions, especially in the banking sector. Rapid7 only offers a SaaS-based SIEM.
The second difference between the two is in their licensing. Rapid7 InsightIDR license is applied based on the number of nodes and devices. QRadar, on the other hand, does licenses the events per second.
The third difference is in the threat intelligence QRadar provides, and there's a huge difference between the two in this domain. QRadar is an IBM product that is very old in the SIEM market and provides relatively better threat intelligence than players like Rapid7.
The solution is easy to implement.
Rapid7 InsightIDR is priced very well and is cost-effective.
Enterprise-level customers have better options, such as LogRhythm, QRadar, and Splunk. These products are core SIEM-based companies that are old players in this market. Rapid7 is a relatively new entrant in the SIEM market. However, it has strong capabilities, and customers trust big names, big companies they've known from the beginning, who have been working on SIEM solutions since inception.
The benefit of the solution, first of all, is that it's cost-effective. It is also a Gartner leading solution, which provides more credibility in the customer's eyes. Eventually, it benefits us to translate that credibility into achieving more and more revenue through it.
I recommend Rapid7 InsightIDR for SMB companies because there are better options in the market for enterprises.
I rate the solution an eight out of ten.
We use the tool for secret events, compliance, and information management.
I like the tool's user analysis feature.
Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one.
We had done our first deployment three years ago.
The tool is cloud-based and scalable.
Rapid7 InsightIDR's technical support is reactive and supportive. However, they only speak English. Our native language is French and it would be better if they can have some French speaking agents.
The solution provides better value than competitors with its modules. The deployment is simple and straightforward. However, Rapid7 InsightIDR is not good for log management.
One of our customers had a Huawei firewall and we required help to do the configuration. However, the installation was easy with other standard vendors like Cisco and Check Point. The product's deployment got completed in four to five days and we required three people to handle it. One person was in charge of the portal's initial set up and the other one handled the integration of on-premises devices. The third one took care of Office 365 integration.
Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs.
I would rate Rapid7 InsightIDR an eight out of ten.
Our company is a system integrator for Rapid7 InsightIDR. We use the latest SaaS version of the product. Rapid7 InsightIDR works as the foundation of the security operation center in our company. The solution is used in our organization for data ingesting for multiple security devices and solutions. Rapid7 InsightIDR provides insights and stability on the security aspects of the company.
The unconventional detection rules of Rapid7 InsightIDR are quite beneficial. The solution provides satisfying native integration features.
The searching feature in Rapid7 InsightIDR needs to evolve. For instance, when pursuing an incident handling task, extensive searching is required, and the solution's own query language can only be used. In situations similar to the aforementioned example, the solution becomes difficult to use. It would be interesting if the vendor could make the search feature like the Google search engine.
I have been working with Rapid7 InsightIDR for three years.
Overall, the solution is stable enough. I would rate the stability a nine out of ten.
The product's scalability seems good enough. In our company, we are able to manage a couple of thousand devices comfortably using only one single tenant.
Through our company, thousands of users are using the interface of Rapid7 InsightIDR to process data and check incidents. I have implemented data ingestion for couple of thousand devices that include virtual machines, switches, routers and firewalls.
For all the aforementioned devices we haven't faced any issues in our company. Rapid7 InsightIDR is used in our company, majorly for medium and enterprise grade customers, where some enterprises have more than 5000 employees and some less than that.
Our company mostly receives fast and suitable support from Rapid7 InsightIDR, but sometimes the response arrives quite slow. I would rate the technical support a seven out of ten.
Neutral
I would rate the initial setup a nine out of ten. It's quite straightforward to put the solution to work. Once Rapid7 InsightIDR activates the tenant, the deployment process becomes straightforward. In our company, we just download the agents and install them in the customers' virtual machines.
Following the aforementioned step, some integration with Azure Entra ID authentication services or on-prem authentication is required. Thus, some base integration is required for login data. For the final stage of deployment, as part of the company, we configure a couple of customizations for the detection rules to start ingesting data; the niche customizations can be performed easily for the use cases.
In our company we have an engineering deployment team who are highly skilled in setup processes. For client companies with less than 500 devices, usually one full-time engineer is enough for the deployment. For clients with 500 devices, when we at our company use automation to deploy the agents, it takes only a couple of days to finish the deployment process.
The solution has a mid-range price point in the market. The licensing cost depends on the customer size and the negotiation on whether to add IVM. There are multiple add-ons to the base licensing fee, we use them only for specific customers of our organization. The additional licenses increase the pricing drastically, so we try to stick with the base license at our company.
At our company, along with Rapid7 InsightIDR we use multiple cloud providers like Azure, Google, Oracle and AWS infrastructure to ingest data.
I would advise others to select a reliable system integrator to implement Rapid7 InsightIDR for the correct use cases or business needs. The solution is satisfying, but there are multiple other solutions in the market, and having a partner can help a customer explore all the options before adopting one. Overall, I would rate Rapid7 InsightIDR an eight out of ten.
We use the tool for deployment, incorporating both EDR and SIP management. It serves the purpose of event management, including log retrieval from endpoints, malware detection, and providing about system health. This includes assessing vulnerabilities and determining the level of risk the system is exposed to at specific points in time. Its dashboard is wonderful.
We use Rapid InsightIDR for security operations, threat response, and DFIR. It also provides lab practices to individuals.
During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint.
It provides user entity behavior analysis and a threat intelligence framework, combining SIEM and EDR for automation. My experience with user behavior analytics is positive and wonderful. It allows fetching logs, managing users, and overseeing endpoints. The capability to conduct investigations and import applications, along with configuring endpoints by collecting data, adds to its functionality. The platform offers a variety of features, including a dashboard for new alerts. This dashboard provides a quick overview of the number of users, endpoints, and noticeable behaviors.
The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources.
I have been using the product for more than three years.
I rate the product's stability a nine out of ten.
I rate the tool's scalability a nine out of ten.
The initial setup is easy. It involves tasks such as data collection, onboarding, and downloading, making the process straightforward for clients. You can deploy it on mobile devices as well. It offers deployment options for iPhone users and Windows.
In one instance, we faced a threat from the DarkSide ransomware, known for its ability to execute without requiring administration privileges, including a privilege escalation part. This particular ransomware was embedded in an Excel file, and it didn't need any administrative privileges for execution. The hackers cleverly concealed the DarkSide ransomware within an Excel file. When an unsuspecting team member tried to open the file, an alert indicated the malicious nature of the Excel file.
The employee was unaware that the Excel file contained a ransomware threat. As security personnel monitoring the endpoint received an alert, they immediately contacted the individual, notifying them about the presence of the DarkSide ransomware. The security team advised against opening the file and guiding the user to delete it.
I cannot compare Rapid7 InsightIDR with other tools directly because it has integrated both EDR and SIM. It combines these functionalities into an XDR platform, operating at a different level compared to other services. Additionally, the network analysis provided is wonderful.
The product is easy to use and easy to understand. It is lightweight. I rate it a nine out of ten.
I recommend it for easy deployment, enabling swift detection from endpoints to the cloud. This accelerates security orchestration across various environments and endpoints, aiding in risk mitigation within hybrid environments. The system is valuable for discovering new threats and offers exposure management to enhance understanding of the entire security operation.
I use Rapid7 InsightIDR to collect logs and information from throughout our company's entire IT environment.
The most valuable feature of the solution is the single pane of glass that allows me to see all the information in one spot. I can see at one spot to see all the information from all the logs and everything.
Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries. In the future, I would like the tool to offer its uses with a pre-made set of queries.
I have been using Rapid7 InsightIDR for a year. I use the solution's latest version. My company is a customer of the solution.
The product works well. Stability-wise, I rate the solution a ten out of ten.
I rate the product's scalability a ten out of ten since, scalability-wise, it is a really good tool.
Rapid7 InsightIDR is managed by four people in my company.
The speed of response from the technical support team may vary since I purchased it from a reseller in Sweden and not from Rapid7 directly.
I rate the technical support a seven out of ten.
Neutral
In the past, my company used Unomaly, a tool from Sweden. My company switched from Unomaly to Rapid7 InsightIDR after seeing that the former could only checked syslogs, while we wanted something that checked our overall systems.
I rate the initial setup a ten out of ten.
The solution's initial setup was very straightforward.
The solution is deployed on an on-premises and cloud model. The cloud services are provided by Rapid7.
The solution can be deployed in half a day or four hours in a small environment.
I was the only person involved in the product's deployment phase.
After considering the prices of the product's competitors, I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive. There may be some additional costs attached to the solution only if you want to buy a SOC or something. I don't have to pay for any additional costs at the moment.
I suggest that those who plan to use the solution give it a try since it is free for a couple of months. The solution has really easy setup and deployment phases, and you can even remove it from your environment if you want to do so later.
I rate the overall product a nine out of ten.
It’s a great tool. The solution helps us a lot in threat detection. It’s one of the most updated tools. The UI is very good. We can easily start using the tool and explore it. It also provides features like legacy UBA that other products do not provide. We can customize the rules from the default template in InsightIDR. UBA is a great feature.
When a new user is created in Active Directory, an investigation is created. We can use the default features to create an investigation. The solution has many advanced features and default templates that help protect from attacks without a user’s intervention. It is quite impressive.
The product allows us to make only 30 custom rules. The limit on custom rules must be changed.
I have been working with the product for two months.
We have deployed the solution in 28 offices. We are using the basic features for now.
The initial setup is straightforward.
We chose Rapid7 because of its price. IBM QRadar charges us based on data storage. Rapid7 InsightIDR charges us based on the endpoints we connect to. We are satisfied with the product’s price.
I have used IBM QRadar, Splunk, and Sentinel. We use Splunk in our offices, too. Compared to other products, Rapid7 InsightIDR’s UI is very good. It is very easy to handle. We are working with the tool currently and are quite satisfied with it.
Overall, I rate the solution a nine out of ten.
