Sold by: Rapid7
Deployed on AWS
Rapid7 InsightIDR is a fast-deploying next-gen SIEM for the cloud-first era that lets you simplify threat detection and response in today's complex hybrid environments.
4.3
Overview
Rapid7 InsightIDR is a cloud-based next-gen SIEM built for security teams in need of a solution that can quickly detect and respond to threats in today's ever-evolving hybrid and multi-cloud IT environments.
InsightIDR deploys quickly. Customers routinely get up and running in under a day. A library of 900+ out of the box detections lets InsightIDR start detecting threats as soon as deployment is complete.
Once deployed, InsightIDR monitors your entire IT environment. It can ingest CloudTrail, GuardDuty, EC2 network traffic, and raw logs sent via SQS from multiple AWS accounts plus data from other cloud services, on-premises networks, and remote endpoints. From there, you can use InsightIDR to:
- Visualize and search all your security data in a single intuitive interface
- Quickly detect threats and minimize false alarms with user and attacker behavior analytics, backed by a vast community of threat intel
- Build layered defenses with honeypots, honey credentials, and honey files
- Detect use of new AWS regions, services, and EC2 instance types
- Cut investigation times with detailed log timelines and automated response workflows
- Meet log, event, and File Integrity Monitoring (FIM) requirements of compliance frameworks like PCI, HIPAA, and GDPR
InsightIDR is also available as a managed service.
NOTE: InsightIDR's attribution engine requires access to Microsoft Active Directory, DHCP, and LDAP. Before purchasing, please read documentation and contact Rapid7 with any questions.
Highlights
- Resolve incidents faster: InsightIDR's visual investigation timeline makes it easy to validate and quickly understand the scope of an attack. In addition, automation capabilities let you instantly take actions such as quarantining compromised assets.
- Get up and running in hours: InsightIDR is SaaS-based, making it easy to deploy in a fraction of the time of traditional SIEMs.
- Monitor everything with one tool: Centralize data from cloud and on-prem networks, off-network endpoints, cloud services like AWS GuardDuty, and SaaS solutions like Office365. This consolidated view of your environment makes it easier to detect and respond to intrusions.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Insight IDR Essential | Monitor up to 500 assets. 0.5TB/mo limit, 13 month data retention | $21,479.00 |
InsightIDR Advanced | Monitor up to 500 assets. 0.6TB/mo limit, 13 month data retention | $33,682.00 |
IDR Ultimate | Monitor up to 500 assets. 0.8TB/mo. Incl. ENTA, unlimited automation. | $46,149.00 |
Vendor refund policy
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Rapid7 offers an array of deployment and training services to ensure customers start getting value out of their Rapid7 solutions as quickly as possible.
Review and assess the configuration and deployment of your InsightIDR and provide recommendations for improvement.
Rapid7 InsightIDR offers a SIEM solution that integrates real-time threat detection, behavioral analytics, and automated incident response. Our professional service ensures seamless deployment and integration of InsightIDR, enhancing your organization's security posture with advanced analytics and actionable insights.
![Rapid 7 [Private Offer Only]](https://d7umqicpi7263.cloudfront.net/img/product/df967701-20ee-4624-9d32-837737795927.png)
The Rapid7 Insight platform consists of five distinct SaaS security solutions designed to address different aspects of cybersecurity.
Customer reviews
BENOIT C.
Seamless UEBA Integration for Advanced Threat Detection
Reviewed on Jan 13, 2026
Review provided by G2
What do you like best about the product?
I highly value its seamless integration of UEBA and deception tools to detect lateral movement across the network.
What do you dislike about the product?
The platform lacks deep customization for complex correlation rules and can become quite expensive as log volume increases.
What problems is the product solving and how is that benefiting you?
It solves the problem of alert fatigue by unifying disparate logs into clear, actionable attack timelines for faster response.
Joevanne V.
Easiest SIEM Implementation with Transparent Pricing
Reviewed on Jan 06, 2026
Review provided by G2
What do you like best about the product?
In my experience, this is the easiest SIEM tool to implement. Another advantage is that, unlike many competitors, its pricing is not based on log ingestion. It has many pre-built integrations making it very easy to integrate with many 3rd party tools.
What do you dislike about the product?
This tool may feel somewhat limited when compared to some of the larger competitors in the industry.
What problems is the product solving and how is that benefiting you?
SIEM and managed detection and response have been advantageous for us, as they enable the collection of all necessary logs within our environment. This has removed our worries about costs or exceeding our log licensing limits.
SohailHyder
Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration
Reviewed on Nov 05, 2025
Review provided by PeerSpot
What is our primary use case?
I am working with Rapid7 InsightOps and Rapid7 InsightIDR because the requirement is as such from the customer side, particularly the banks. Whatever the requirement is, these are the products that we are working with.
I usually recommend Rapid7 InsightIDR for banks because that is the bigger chunk here who do business in cybersecurity or whose requirement is that compliance requirements need to be filled by certain products, which Rapid7 InsightIDR is one of them.
What is most valuable?
UEBA is an important element these days, but usually the requirement is for threat detection, investigation, and response. This is what Rapid7 InsightIDR provides.
Banks typically go for threat detection, investigation, and response capabilities. End-user entity and behavior analysis, or UEBA , is certainly an important addition if we provide the solution along with UEBA. It provides that and this is something that the customer cannot ignore because they want to have a 360-degree coverage of their emails or for their users and what they are doing. This is definitely their requirement.
What needs improvement?
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm , it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm . If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled.
Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.
For how long have I used the solution?
It has been about four to five years now that we have been working with Rapid7. Whatever the products, they were all related to vulnerability tools that we have been working with. It has been a journey of about five years with Rapid7.
What other advice do I have?
Rapid7 InsightIDR is budget-friendly and has a good market position because not everybody can afford to go for LogRhythm or Splunk or QRadar. It is good for a middle-tier organization. In that market, there is competition now.
I do not recommend Rapid7 InsightIDR for bigger companies because they trust these big brands such as QRadar or LogRhythm. The general perception is that these are the solutions for big organizations having hundreds of branches or more. Rapid7 InsightIDR fits in the middle tier.
The integration of Rapid7 InsightIDR with the security stack works fine because the systems in this part of the world are not so much cloud-driven. They have something around 20% or 30% of services running from the cloud. The rest are usually on-premises. Office 365 is one service that they get from the cloud. Networking typically includes Cisco and Fortinet in their networks. For endpoints, the operating system is usually Windows or Linux, not Mac in an enterprise environment. Windows and Linux can be easily integrated with this solution.
The dashboard functionalities of Rapid7 InsightIDR are usually about customer-friendliness. Customers want to have some rich enrichment of the analysis or the ticket alerts or the events that come out with some processing behind the scenes. They feel that it is a more rapid or more intense process at Splunk or LogRhythm or QRadar compared to Rapid7 InsightIDR.
For automated threat intelligence features, customers usually go for a full SOAR solution. They want to have playbooks and everything to run. Although Rapid7 InsightIDR does claim that it has integrated SOAR , called InsightConnect, this is not as advanced as a dedicated SOAR solution. LogRhythm solutions or Splunk solution or Sumo Logic solution are doing business here as well. These are considered more rich in features compared to Rapid7 InsightIDR.
I rate Rapid7 InsightIDR between a six and seven out of ten.
Financial Services
IDR situation
Reviewed on Aug 06, 2025
Review provided by G2
What do you like best about the product?
It maps detections to MITRE ATT&CK, which helps a lot during investigations. So it makes the processes faster
What do you dislike about the product?
It's too limited. It's becomes difficult to create alerts and set up pattern based alerts do to the timing
What problems is the product solving and how is that benefiting you?
It gives us full visibility across endpoints, cloud apps, and logs. All in one place, and once
Asim Naeem
Providing comprehensive insight into alerts while working towards AI enhancement
Reviewed on Feb 06, 2025
Review from a verified AWS customer
What is our primary use case?
I am using Rapid7 InsightIDR as an InsightIDR solution. This tool is integrated with other solutions like endpoint and NDR, and it correlates alerts, giving me a comprehensive picture of the alerts.
What is most valuable?
The platform offers unlimited storage and agent-based solutions. I have user behavior analytics (UBA ) and MITRE ATT&CK as well. The user behavior analytics feature helps in enhancing the security posture by helping to identify user behaviors and engineering alerts based on them.
What needs improvement?
There is a future in AI with Rapid7, however, it is not fully operated. There are certain limitations with Rapid7 that I am working on. I have already opened a list of features with Rapid7, and they are working on it.
For how long have I used the solution?
I have been using Rapid7 InsightIDR for about two years.
What do I think about the stability of the solution?
So far, I have not had any performance issues with Rapid7 InsightIDR. It is working well, and I have not faced any downtime in the last two years.
What do I think about the scalability of the solution?
Every product has some limitations, and Rapid7 is no exception, yet it is working for me perfectly right now.
How are customer service and support?
I rate their technical team 8.5 out of ten, which is pretty good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
How was the initial setup?
The initial setup was straightforward, and I did not face any complexities during the setup of the IDR product.
What was our ROI?
The incident response time is good, and I can easily find or search any incident. I easily build the queries in Rapid7 and search my relevant logs or relevant investigation logs.
Which other solutions did I evaluate?
I have EDR, XDR , NDR, TLP, and many other solutions like these.
What other advice do I have?
I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product.
Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.