The features of Rapid7 InsightOps that I have found most valuable are the predefined policies and the use of correlation rules, which are very valuable because they eliminate the need to spend time creating those rules. This feature detects insider threats or compromised credentials by using user behavior analytics, which can collect other compromise indicators. It makes it easier to install and implement this solution because you can run it as normal behavior of users and then switch off to look for the anomalous behavior of any entities, such as laptops and others. In any violation or restricted behavior, the system will notify you that something unusual is occurring. The machine learning algorithms in Rapid7 InsightIDR for threat detection work quite effectively as part of the user entity behavior analytic model, allowing us to focus group normal typical behavior of users and then turn on the rule to spot any unexpected behavior. The automation features of Rapid7 InsightOps are quite satisfactory, as users appreciate these features, especially when integrating with the ticketing system. If something goes wrong, InsightOps will notify the ticketing system to create a ticket and assign it to the responsible person to handle the events found in the infrastructure. The customizable dashboards in Rapid7 InsightOps are quite valuable and interesting because SOC center operators spend most of their time investigating on those dashboards, making them easy to manage. Additionally, we can configure email reports for high-level talks, sending historical data without needing to look online, which is very convenient.
