I used the solution to monitor networks and prevent them from real-time threats.
SOC Analyst at Tata Consultancy Services, Ltd
Can install, gather, and monitor logs easily
Pros and Cons
- "The solution's initial setup is easy."
- "They should add more configuration and security features to it."
What is our primary use case?
What is most valuable?
The solution's most valuable feature is its ability to fetch insights on threats and log activities.
What needs improvement?
They should add more configuration and security features to the solution.
For how long have I used the solution?
I have used the solution for more than a year and a half.
Buyer's Guide
Rapid7 InsightIDR
March 2025

Learn what your peers think about Rapid7 InsightIDR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,651 professionals have used our research since 2012.
What do I think about the stability of the solution?
I rate the solution's stability as a seven.
What do I think about the scalability of the solution?
We have two thousand customers using the solution. It works best for the medium-scale industry. I rate its scalability as an eight.
How was the initial setup?
The solution's initial setup is easy. The deployment process involves installing and collecting agents to communicate with the systems. In the case of multiple machines, it takes around five to six months to complete it. I rate the process as an eight.
What's my experience with pricing, setup cost, and licensing?
The solution's license costs around Rs. 20,00,000. It is more reasonable than other vendors. I rate its pricing as an eight.
What other advice do I have?
Compared to other solutions, Rapid7 is more flexible to use. We install, gather, and monitor logs easily with its help. I rate it as an eight.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: partner

Information Security Officer at PTCI
Dashboards provide critical information at a glance, without hours of coding
Pros and Cons
- "Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."
- "InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."
- "Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."
- "I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."
What is our primary use case?
I was looking for a behavior analytics solution to help me monitor our users' activity and to notify of any suspicious activity.
InsightIDR was able to meet those needs and even exceed it by providing full SIEM capabilities, even for devices they don’t support directly. Most importantly, I don’t need a team of people dedicated to log collecting and sifting.
How has it helped my organization?
With the full suite of Rapid7 products, I am able to provide effective oversight to the information security program with measurable progress. This is a very difficult thing to measure with the ever-changing threat landscape. Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well.
What is most valuable?
InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level, which is very important to me as a one-person security department.
Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network.
What needs improvement?
I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
I have not encountered any stability issues with the local collector. On the rare occasion that the cloud part of insightIDR is undergoing maintenance or having other issues, I usually receive a notification from Rapid7 before I even notice a problem.
What do I think about the scalability of the solution?
I have not seen any issues with scalability. On average, insightIDR is processing about 60 million events per day from my environment.
How are customer service and technical support?
The technical support folks at Rapid7 are a great bunch of folks. I haven’t had much need to contact them, but when I have they have been extremely professional and will escalate issues and suggestions to developers, if needed.
Which solution did I use previously and why did I switch?
I actually purchased the predecessor, InsightUBA, which quickly changed into the insightIDR that we have today. There was no other previous solution.
How was the initial setup?
Setup was extremely simple. An implementation specialist was assigned to me to help get me started and to learn my environment and challenges.
For the most part, all communications are sent to a log aggregation server. It is as simple as pointing syslogs to that server. For some, such as Active Directory and Exchange, there are plugins that are simple to install on those servers to make sure the appropriate logs are sent.
From InsightIDR, it is as simple as choosing from a list of supported log sources, or you can create a generic log source by specifying a port number. It’s that simple.
What's my experience with pricing, setup cost, and licensing?
Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help.
Which other solutions did I evaluate?
I did not consider any other options in depth. Most other options I saw required one or more full-time employees to maintain.
What other advice do I have?
In the past I have made several requests and have had the opportunity to work with developers and user-interface specialists to add enhancements to the product. The effort that Rapid7 puts into the user interface, after gaining first-hand use-case information directly from us, the end users, is unprecedented. Even when I worked for much larger companies, I did not see so many suggestions turn into reality.
Be sure to take full advantage of the agents. I have not seen any performance problems on the endpoints, and having this level of information from outside the network is difficult otherwise.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Rapid7 InsightIDR
March 2025

Learn what your peers think about Rapid7 InsightIDR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,651 professionals have used our research since 2012.
Security Engineer at Secure Networks
An affordable product that is easy to use and has many advanced features and default templates
Pros and Cons
- "The UI is very good."
- "The product allows us to make only 30 custom rules."
What is most valuable?
It’s a great tool. The solution helps us a lot in threat detection. It’s one of the most updated tools. The UI is very good. We can easily start using the tool and explore it. It also provides features like legacy UBA that other products do not provide. We can customize the rules from the default template in InsightIDR. UBA is a great feature.
When a new user is created in Active Directory, an investigation is created. We can use the default features to create an investigation. The solution has many advanced features and default templates that help protect from attacks without a user’s intervention. It is quite impressive.
What needs improvement?
The product allows us to make only 30 custom rules. The limit on custom rules must be changed.
For how long have I used the solution?
I have been working with the product for two months.
What do I think about the scalability of the solution?
We have deployed the solution in 28 offices. We are using the basic features for now.
How was the initial setup?
The initial setup is straightforward.
What's my experience with pricing, setup cost, and licensing?
We chose Rapid7 because of its price. IBM QRadar charges us based on data storage. Rapid7 InsightIDR charges us based on the endpoints we connect to. We are satisfied with the product’s price.
Which other solutions did I evaluate?
I have used IBM QRadar, Splunk, and Sentinel. We use Splunk in our offices, too. Compared to other products, Rapid7 InsightIDR’s UI is very good. It is very easy to handle. We are working with the tool currently and are quite satisfied with it.
What other advice do I have?
Overall, I rate the solution a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Systems Administrator at a non-tech company with 5,001-10,000 employees
I am able to run automated actions based on the output of reports
Pros and Cons
- "I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."
- "The ability to ingest Office 365 log files, then process them into events and display them on a map."
- "The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."
- "I feel it would greatly benefit from more supported log sources."
- "The ability to tune the collector for custom logs would greatly help."
What is our primary use case?
Visibility and response.
How has it helped my organization?
I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters.
What is most valuable?
The ability to ingest Office 365 log files, then process them into events and display them on a map. This feature is particularly useful as it allows us to view students who are attempting to bypass our content filters, and it shows us users who have been phished.
What needs improvement?
Personally, I feel it would greatly benefit from more supported log sources. Additionally, the ability to tune the collector for custom logs would greatly help.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
Product is cloud-based. Thus far, it has proven to be stable.
What do I think about the scalability of the solution?
No product scales extremely well
How is customer service and technical support?
The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame.
How was the initial setup?
Initial setup was straightforward.
What about the implementation team?
I had a support engineer sit with me through the whole process over the course of three days. He was a huge help!
What's my experience with pricing, setup cost, and licensing?
This is a great product. The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.
Which other solutions did I evaluate?
We did PoC with a couple of other products. However, Rapid7 InsightIDR was the best product for our needs and budget.
We evaluated LogRhythm and AlienVault. Both were inferior in regards to pricing or performance.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Marketing Expert at J's communication
A cost-effective and stable solution but lacks an AI-driven capability
Pros and Cons
- "It improves because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively."
What needs improvement?
The solution lacks an AI-driven capability. While other competitors emphasize AI as the most important feature.
For how long have I used the solution?
I have been using Rapid7 InsightIDR as a distributor for seven years.
What do I think about the stability of the solution?
The product's stability is high. I rate the solution’s stability an eight out of ten.
What do I think about the scalability of the solution?
Due to its cloud-based nature and numerous agents, its scalability is high. This, combined with its on-premise environment, ensures rapid performance. It can handle several thousand. It is best suited for large-scale businesses.
How are customer service and support?
Support is slow. I'm not satisfied with the support so far.
How would you rate customer service and support?
Neutral
How was the initial setup?
Due to the product's complexity, the initial setup can be challenging. Additionally, setting up the product and training the customer can be quite demanding. Deploying the appliance or sensor on-premises can take up to twelve months.
What's my experience with pricing, setup cost, and licensing?
The product pricing is very cheap.
What other advice do I have?
InsightIDR automates everything through InsightConnect in a seven-day cycle.
The product has improved significantly since its inception. However, based on feedback I've received from other products in the market, aside from InsightIDR.
It improved because several sensors are deployed within the on-premise environment. It can be very efficient if the customer implements and operates it effectively.
If you combine it with InsightIDR, then it may become more compact. Maybe IBM was a bit larger. So, having MDR is the main key point for this product.
Overall, I rate the solution a four out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Security Solution Engineer II at a security firm with 501-1,000 employees
Quick to deploy and helpful in detecting and responding to security incidents before there is a big outage
Pros and Cons
- "The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."
- "One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
What is our primary use case?
I used it in my previous company. We were the integrator of the solution, and also a partner of Rapid7 at the time.
We used it for security monitoring and also for analytics. We used it for our own company, and like an MSSP, we sold this to our customers. So, we did security monitoring for our customers and interim response for them.
It was cloud-based, and I was using its latest version.
How has it helped my organization?
Previously, when something happened, such as when a hacker was attacking one of our customers, we were always behind, or we didn't know that we were hacked until the ransomware started. With the Rapid7 solution, at every step, we could online see what a person was doing, and we could prevent ransomware. Previously, we could never say it can be really prevented, but with Rapid7, we could see the first steps of what they were trying to do, and we could mitigate those steps before there is a big outage.
What is most valuable?
The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days.
When something is happening, such as there is hacking or something else going on, the information provided is really helpful. It almost tells you what to do. It is enriched with a lot of information.
What needs improvement?
One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level.
It could have intelligence. It is available as a separate product but not as a part of the platform itself.
What do I think about the stability of the solution?
It is definitely stable. We never have any outages. I would rate it a ten out of ten in terms of stability.
What do I think about the scalability of the solution?
It is definitely scalable. I would rate it a ten out of ten in terms of scalability.
We had six users who were monitoring the systems. There were 10 customers with about 10,000 employees in total.
How are customer service and support?
They are responsive, but there is scope for improvement. I would rate them an eight out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
It is straightforward. I would rate it a nine out of ten in terms of the ease of setup.
In terms of maintenance, it is all cloud-based. So, the maintenance is done by the vendor.
What was our ROI?
It must be really high, but we never looked at the real numbers.
What's my experience with pricing, setup cost, and licensing?
It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year.
Which other solutions did I evaluate?
We had a list of three products. We tried them all, and in the end, we went for Rapid7 because it was easy to deploy, and it required little or no maintenance. The price was another reason.
What other advice do I have?
One of the biggest reasons why we chose it as our security platform was that it is not only for security monitoring. We could see a lot of improvements coming over the next couple of years. Automation is one of the things that will be really important in the next few years. It is already there, but we didn't buy it.
I would rate it a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
System Engineer at Starlabs Limited
It provides excellent visibility a fast response
Pros and Cons
- "InsightIDR helps us investigate an environment to discover information about incidents."
- "InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal."
What is our primary use case?
We provide InsightIDR for our banking and ICT clients.
What is most valuable?
InsightIDR helps us investigate an environment to discover information about incidents.
What needs improvement?
InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal.
For how long have I used the solution?
I have used InsightIDR for four years.
What do I think about the stability of the solution?
I rate InsightIDR 10 out of 10 for stability.
What do I think about the scalability of the solution?
I rate InsightIDR six out of 10 for scalability. The licensing model limits the scalability. The licenses are defined based on assets, so you have to purchase more licenses as you add assets. It's suitable for a small or medium-sized company. We have about 250 users.
How are customer service and support?
I rate Rapid7 support nine out of 10.
How would you rate customer service and support?
Positive
How was the initial setup?
I rate InsightIDR eight out of 10 for ease of setup. It takes about seven working days to deploy. We install a connector on the LAN, which links up to the cloud and becomes one of your event sources. Next, you need to integrate everything with the console.
What's my experience with pricing, setup cost, and licensing?
I rate InsightIDR six out of 10 for affordability. It isn't the cheapest solution I've seen, but it offers a greater value than less expensive competitors.
What other advice do I have?
I rate InsightIDR eight out of 10. It's worth a try. InsightIDR provides excellent visibility and threats. The network detection is fast, so you get alerts as soon as something happens.
Disclosure: My company has a business relationship with this vendor other than being a customer:
An easy-to-use and stable solution with an intuitive interface
Pros and Cons
- "The solution is easy to use, and the interface is intuitive."
- "Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."
What is our primary use case?
I use the solution for its SIEM functionalities, log analysis, and behavioral analysis.
What is most valuable?
The solution is easy to use, and the interface is intuitive.
What needs improvement?
Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA). So, User Behavior Analytics (UBA) should be added in the new release.
For how long have I used the solution?
I have been using the solution for two years. My company has a partnership with Rapid7.
What do I think about the stability of the solution?
It is a stable solution. My customers are happy to use it.
What do I think about the scalability of the solution?
I do not have any plans to expand the usage of the solution. Currently, one hundred people are using the solution.
How are customer service and support?
I have not used the technical support.
Which solution did I use previously and why did I switch?
Previously, I used IBM.
How was the initial setup?
I was not involved in the initial setup as I am not an engineer.
What's my experience with pricing, setup cost, and licensing?
The pricing is good, and it is not very expensive.
What other advice do I have?
I rate the overall solution a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Buyer's Guide
Download our free Rapid7 InsightIDR Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Security Information and Event Management (SIEM) User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Threat Deception Platforms Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Fortinet FortiSIEM
Sumo Logic Security
AlienVault OSSIM
Securonix Next-Gen SIEM
Google Chronicle Suite
Exabeam
ManageEngine Log360
Buyer's Guide
Download our free Rapid7 InsightIDR Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What SOC product do you recommend?
- Is Rapid7 InsightIDR the right choice to be used in SOC?
- What is the difference between IDR and EDR?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- What's The Best Way to Trial SIEM Solutions?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?