Security Analyst at a tech vendor with 10,001+ employees
Real User
Top 20
Mar 26, 2026
Rapid7 MDR serves as our endpoint security solution. When we receive an alert from Rapid7 MDR, we check the logs of the endpoints that are managed on the client side, which provides us with richer information for the tickets. The enrichment that Rapid7 MDR generates for the client is greater than with other tools, and this has had a big impact. Everything works very well with Rapid7 MDR. One day we had an incident related to an attack where Rapid7 MDR detected social engineering in a Teams chat, for which we received a notification by email. By correlating the events in Rapid7 MDR, we identified that it was a call from an unauthorized tenant within the organization.
I can describe many use cases for Rapid7 MDR, as there are multiple times when a person's PC gets compromised. There is an attacker behavior analysis, ABA, which is already part of the specific Rapid7 MDR XDR solution. We define a specific set of built-in rules in the MDR services and remap those rules according to our infrastructure for specific use cases. We also deal with multiple phishing emails that we receive, and Rapid7 MDR is effective in identifying those specific use cases. In the Fintech sector, we encounter many anomalies from different servers that are publicly exposed on the internet, and Rapid7 MDR provides very beneficial use cases that eliminate the need to write custom use cases. We can define the logic in predefined use cases such as Attacker Behavior Analysis and User Behavior Analytics. Additionally, when onboarding any log sources, there is a RegEx parser designed for parsing every log source on the built-in platform, making it quite user-friendly.
The typical use case for Rapid7 MDR is that it is highly valued. It is not so bad, but competition with EDR is tough. Rapid7 MDR does not position itself as EDR or XDR, so it is rather a SIEM type solution, which makes it different from CrowdStrike, SentinelOne, or Microsoft. They are not in the competition listing of EDR products.
Rapid7 MDR is a leading service offering transparency, integration, incident response, and proactive security. It is designed for efficient SIEM and EDR integration to facilitate threat detection, making it effective for organizations of all sizes.Renowned for robust threat detection, Rapid7 MDR combines transparency, automation, and integration. It provides excellent incident response, vulnerability management, AI-driven log queries, and significant time savings. Despite competitive...
Rapid7 MDR serves as our endpoint security solution. When we receive an alert from Rapid7 MDR, we check the logs of the endpoints that are managed on the client side, which provides us with richer information for the tickets. The enrichment that Rapid7 MDR generates for the client is greater than with other tools, and this has had a big impact. Everything works very well with Rapid7 MDR. One day we had an incident related to an attack where Rapid7 MDR detected social engineering in a Teams chat, for which we received a notification by email. By correlating the events in Rapid7 MDR, we identified that it was a call from an unauthorized tenant within the organization.
I can describe many use cases for Rapid7 MDR, as there are multiple times when a person's PC gets compromised. There is an attacker behavior analysis, ABA, which is already part of the specific Rapid7 MDR XDR solution. We define a specific set of built-in rules in the MDR services and remap those rules according to our infrastructure for specific use cases. We also deal with multiple phishing emails that we receive, and Rapid7 MDR is effective in identifying those specific use cases. In the Fintech sector, we encounter many anomalies from different servers that are publicly exposed on the internet, and Rapid7 MDR provides very beneficial use cases that eliminate the need to write custom use cases. We can define the logic in predefined use cases such as Attacker Behavior Analysis and User Behavior Analytics. Additionally, when onboarding any log sources, there is a RegEx parser designed for parsing every log source on the built-in platform, making it quite user-friendly.
The typical use case for Rapid7 MDR is that it is highly valued. It is not so bad, but competition with EDR is tough. Rapid7 MDR does not position itself as EDR or XDR, so it is rather a SIEM type solution, which makes it different from CrowdStrike, SentinelOne, or Microsoft. They are not in the competition listing of EDR products.
We use it for our security and virtual center security. It helps us investigate incidents and physical issues.
We use the solution in our security operation center. We use the tool to provide more visibility into the security operation center.