Skip to content

technology integration

Incydr™ + Rapid7

See Product Demos

Visualize data risk events to surface insider threats

Incydr integrates with Rapid7 InsightIDR to allow security teams to visualize Incydr data within custom dashboards in InsightIDR. The integration helps SOC teams identify, prioritize and triage the most critical Insider Risk Indicators (IRIs), such as those that signal theft of corporate data. IRIs, which are surfaced within Incydr, are activities or characteristics that indicate data is at a high likelihood of exposure or exfiltration. With Incydr configured as a data collection source in InsightIDR, the highest severity events can be monitored in the same control plane as other threat types to ensure swift action.

When further investigation is required, SOC analysts can access Incydr directly from InsightIDR with one click to gather activity on how files were modified, where they were exfiltrated, and access the contents of the files themselves.

Benefits of the Incydr + Rapid7 InsightIDR integration

Centralize the initial triage of IRIs that matter most to your organization – including user activity or file events indicative of data theft or an attempt to conceal exfiltration.

Access Incydr directly from InsightIDR to execute fast, contextualized insider risk investigations to inform the right human and automated response actions.

Strengthen compliance and file integrity monitoring (FIM) by validating critical file modification events and directly attributing users to suspicious activity in real-time.

Integration features

File integrity monitoring

See and validate all file modification events, such as a file extension change, then directly attribute users to suspicious activity in real-time.

Alert centralization

Ingest the most critical Incydr IRIs into InsightIDR to centralize monitoring and initial triage of certain events within a single control plane.

One-click investigations

Access Incydr from Rapid7 InsightIDR to run saved searches against Incydr data, such as filename or hash, to detect exposure events tied to specific use cases, or to see how a specific file moved, and who had access to it.

Compliance and audits

Create and schedule reports of aggregated Incydr data for targeted metrics gathering; then retain Incydr exposure data and audit logs for an extended period of time to meet compliance and audit requirements.


Visualize and triage data risk as a result of insider threat

Traditional data loss prevention (DLP) technologies built to address regulatory compliance don’t account for unstructured intellectual property – such as product roadmaps or source code – or have policies in place that can be easily circumvented by a malicious insider who changes the file extension type to disguise a spreadsheet with customer data disguised as a low-value file type, such as a JPEG.

Want to see Incydr from the inside?

In under four minutes, our product demo provides a walk through of the SaaS solution to show how Incydr can stop data exfiltration before damage is done.

Watch Demo