Top Rated
Score 8.5 out of 10
Top Rated
Rapid7 InsightIDR


What is InsightIDR?

In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.
Read more

Recent Reviews

Read all reviews


Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of InsightIDR, and make your voice heard!

Return to navigation


View all pricing

InsightIDR Advanced


per month per asset

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visit…


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Starting price (does not include set up fee)

  • $5.89 per month per asset
Return to navigation

Product Details

What is InsightIDR?

InsightIDR is a lightweight, cloud-native infrastructure means it scales with the business. InsightIDR provides SaaS delivery and software based data collection, giving users access to new detections, new features, and product updates as soon as they’re rolled out.

InsightIDR offers wizard-guides to help users know where to go next. For this Rapid7 credits a global MDR SOC which uses and vets everything, to provide a deep and early look at user experience.

With it, the vendor states every analyst is empowered to be an expert, and there’s no more “alert fatigue," and that users can count on flexible search options, comprehensive coverage of the environment, helpful visualizations, and cloud computing power.

InsightIDR Video

Rapid7 InsightIDR 3-Min Overview

InsightIDR Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.

InsightIDR starts at $5.89.

The most common users of InsightIDR are from Enterprises (1,001+ employees).
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings



(1-11 of 11)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
Rapid7 InsightDR has been used as a security center. It works as a SIEM as well as XDR. It helps in protecting our on-premises and cloud workload from both insider and external threats. As a Software as a Service (SaaS) tool, it helps in collecting the data from everywhere like network security and monitoring tools, authenticators and endpoints.
  • Incident detection and response
  • Threat Intelligence
  • Incident Automation
  • User behvioural Analytics
  • Lack of customizing
  • UI can be bit improved.
  • Number of false positives is high.
  • Dashboards can be improved.
It is well suited for:
Threat intelligence
Automated response capabilities
User Behavioral analytics
Incident response capabilities

Bhuwan Chandra | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Rapid7 InsightIDR helps in the early detection & response of threats, integration with other technologies for in-depth strategy & ultimately threat hunting. Early detection help organization detect attacker in the first stage of the kill chain. By in-depth use case helps to get intelligence of malware tactics protecting from the malware but also helps in to detect such malware in the future also.
  • Deceive Expose & Eliminate threats.
  • Attacker Visibility.
  • Integration with existing technologies like SIEM to 360 overviews of malware.
  • Granularity in reporting is missing.
Provide Contextual intelligence about the attackers with AI to enable an antimalware engine. AI enable Web-filtering solution. Automation of threat response & Broder investigates the report. Rapid7 Insight can be deployed rapidly in the network. Rapid7 Insight also helps to detect the lateral movement of malware. We can deploy Rapid7 Deception on any ware in the network rather than putting only on DMZ; I can put it in-line so that all traffic would scan.
January 27, 2023

Great SIEM

Chris Goodhue | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Product has been our primary SIEM tools to collect logs and develop alerting around behaviors in our environment. We monitor network,cloud logins and firewall traffic with this tool. Along with MS log data. This has been a great one pane of glass tool to see all logs.
  • Easy to inject logs
  • Lots of useful information
  • Lots of connections with out products
  • Can be difficult to query logs
  • UI can be overwhelming
  • Sometimes it’s hard to see data of an alert
Great place for small team to gather and monitor logs from many resources to get a better picture of behaviors in your environment.
Gray Nathan | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Rapid7 InsightIDR is our cybersecurity software and we use it to handle Endpoint Detection and Response. My line of duty involves deploying AI bots under a cloud-based infrastructure that's prone to cyber attacks and viruses invasion to compromise the bots functionality. The security team engaged Rapid7 InsightIDR to help secure critical data being handled by the bots and systems, networks at large. I use it's system monitoring tools in my jurisdiction. It sends instant alerts in case of breaches to prevent major damages.
  • It provides network visibility with the sensor unlock over your environment.
  • Has a lightweight sensor for suspicious activity that's also noiseless.
  • The indicators of compromise are complex to analyze.
  • Running system scans consumes heavily the network bandwidth slowing processes.
Rapid7 InsightIDR handles malware like a pro. It's able to identify the steathly techniques used by attackers. There was a certain attack where the hacker masked as an employee of our company to escape the radar but we were able to sample out the activity with Rapid7 UEBA. It's also worth noting that Rapid7 InsightIDR has a complex architecture and while running system scans, operations may slow down as it takes up most of the network bandwidth.
Score 9 out of 10
Vetted Review
Verified User
We use Rapid7 InsightIDR to gain knowledge and understanding about the vulnerabilities in place in our organization. Whether it is an unpatched software product, a misconfiguration, or a zero-day exploit, we know what remediation steps are needed within our organization. Additionally, we can automate reports and trigger actions for technicians to remediate issues.
  • Reporting
  • Aggregating data from thousands of machines against thousands of vulnerabilities
  • Agentless and Agent based scanning
  • Pricing
  • Network Segmentation Flexability
We have found Rapid7 InsightIDR especially well suited for auditing a new environment prior to working on/supporting it. It is very simple to push an agent and setup a scanner and start receiving actionable information. It is also well suited for ongoing monitoring of an environment, to make sure new vulnerabilities are dealt with.
Mary Ramirez | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
We are using Rapid7 for incident detection and responses on our servers by reducing the attack's dwell time. We've also utilized it for IOCs TTP procedures to map the threat indicators metrics. We picked it because it's capable of trapping malicious behavior on the attack chain early enough before the vital assets are compromised.
  • Attacks are detected early enough on the peripheral assets to allow us more time to initiate responses with SOAR before compromising the critical assets.
  • Provides a good analysis of log and network data.
  • InsightIDR has limited SIEM capabilities, we are using another software for that.
InsightIDR has been very suitable for deception and extra. It maps attacks on our servers and networks in a very detailed manner, stating not only the log and network data but also important information like how the loops in which the attack was orchestrated and how the attackers got in. Also, during an attack, it weaves the intruder in InsightIDR's' honeypot' to give us plenty of time to initiate security response protocols.
Score 10 out of 10
Vetted Review
Verified User
We use Rapid7 as our SIEM solution. It provides us the network monitoring and detection capabilities without having to bring in an in-house SIEM technology and the FTE support required for such an implementation. Our network is spread across the US with over 60 offices spanning three time zones. We are an SMB with over 1,400 employees.
  • Timely Detection of Abnormal Behavior
  • Host Isolation
  • Collection of Network Devices Logs
  • Threat Intelligence Source
  • User Behavior and Analytics
  • Cost Effective
  • Staff Augmentation
  • Tamper Proofing Agent Against Bad Actors
  • Log Searching
  • Integration with Other Security Technologies
InsightIDR is well suited for SMBs that do not have the resources to bring in an on-prem SIEM. After the initial configuration is completed, which the Rapid7 team was very good at assisting us on, the upkeep of the SIEM in the cloud is mainly done by them. Then after the "tuning" is done and the noise of the benign network traffic is muted, then only the true alerts can be investigated for malicious intentions. It has been a great tool for us to identify malicious activity. The technology also allows us to isolate hosts on-the-fly.
Score 7 out of 10
Vetted Review
Verified User
We have an issue with end users lacking knowledge of IT security, so we purchased Rapid7 InsightIDR to deploy an agent on their workstations for monitoring, as well as internal pen testing. If an employee fails a security check, then they have to take the security education course over again. Over time this has helped.
  • Collect logs from workstations and send them back for analysis
  • Internal pen testing
  • Monitor authentications to internal resources
  • Agent can be resource intensive at times
  • Server has to be rebooted more often than it should
  • Logging needs a better archiving ability
Rapid7 InsightIDR is great for facilities where access to internal resources is highly restricted, such as healthcare. It helps with logging attempted access to restricted servers, as well as providing a way to bait test the end users to verify they are educated on the security side of IT. Companies with little to no restrictions to internal resources would see no benefit from a software such as this.
Nikhil Wadhwani | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
With the help of cloud security, I am able to easily operate my functions and get in my best work in place. The data streams do not need to be worried about and a lot of the data can be accessed without thinking twice of who or what is behind or ahead.
  • Security
  • Rapid authentication
  • Highlights suspicious activities in turn helping us to be ahead of attackers
  • Free trials should be well documented
  • Prices can be reduced if possible
  • Add support for syncing a workplace
If you have any major impacting security device that needs replacement this is the one to go to. The entire setup is easy on cloud and in turn gives much more than just security. The authenticity and the data streaming is priceless. Applications are much more secure and not vulnerable
Score 7 out of 10
Vetted Review
Verified User
Rapid7 InsightIDR is a wonderful, easy to use tool for incident detection, authentication monitoring and endpoint visibility. It provide due diligence on your security we are mainly using this to protect our organisation security venerability. It has the ability to monitor numerous of endpoints and dispatch the security breach alerts in no time.
  • Incident detection
  • authentication monitoring
  • endpoint visibility
  • There should be an testing version
  • make more user friendly
  • add PII rules as well.
Rapid7 InsightIDR is an amazing tool for your organisation security it suites well if your organisation is growing and expanding globally it help to make secure data transactions among team or groups and help to avoid security threads. if you're tiny company like 1-10 people then your might not needed Rapid7 InsightIDR.
Score 8 out of 10
Vetted Review
Verified User
Rapid7 InsightIDR is our current product for EDR and antivirus. This product allows us to keep our environment secure from any and all vulnerabilities that could be harmful to the systems that run the business. We use it to secure our web applications as well as design plans for detection and response.
  • Rapid7 InsightIDR does a very good job at keeping virus definitions up to date so that our threat intelligence is very up to date when knowing what to protect against.
  • It helps us by scanning all of our infrastructure components and highlights where improvements need to be made in security so we can be proactive with our security initiatives.
  • It has automated response mechanisms to triage and resolve any potentials risks allowing us to save time in the long run.
  • Sometimes Rapid7 InsightIDR will be too locked down and without knowing will block applications and processes needed for day to day operation.
  • System scans with Rapid7 InsightIDR can be very bandwidth-heavy on the network and system resources.
  • From a recent incident, we have seen more and more false positives from Rapid7 InsightIDR on areas that we know are secure.
Rapid7 InsightIDR is best suited for environments with different types of infrastructures, cloud, virtual, and on-premise. It will easily handle each of these infrastructures and provide detailed vulnerability scans and show where security holes lie. Rapid7 InsightIDR is also best used where you are looking to automate security as it is able to program automated response and quarantine based on its virus detection.
Return to navigation