We changed our name from IT Central Station: Here's why

Rapid7 InsightOps OverviewUNIXBusinessApplication

What is Rapid7 InsightOps?

Rapid7 InsightOps is the next evolution of the Logentries log management technology, combining cloud-based log centralization with IT asset search to make log management fast and easy.

As a cloud-based solution, InsightOps eliminates the need for managing and maintaining your log management technology. With a 5-minute setup, out-of-the-box analytics and visual search capabilities that eliminates the need to learn a new query language, InsightOps is the easiest log management solution available.

To start a free 30-day trial of InsightOps, visit rapid7.com/insightops

Rapid7 InsightOps was previously known as InsightOps, Logentries.

Buyer's Guide

Download the Log Management Buyer's Guide including reviews and more. Updated: January 2022

Rapid7 InsightOps Customers

Trimble Navigation Limited

Rapid7 InsightOps Video

Archived Rapid7 InsightOps Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Information Security Officer at a tech services company with 501-1,000 employees
Real User
Primarily used to send alerts and detect suspicious logins, but it is missing some security aspects in the product
Pros and Cons
  • "It has the ability to alert and track logs from different sources."
  • "There are a few things I would like to do with a few more complex queries which I am not able to do right now, because it is a SaaS solution."

What is our primary use case?

I use it primarily to send alerts, or detect suspicious logins, and be proactive in the detection of compromised accounts.

What is most valuable?

All of them. I use it as a security incident and event management system. It has the ability to alert and track logs from different sources.

What needs improvement?

Flexibility. There are a few things I would like to do with a few more complex queries which I am not able to do right now, because it is a SaaS solution. I think it really comes to that. One of the main drawbacks of SaaS is the limited flexibility of its advanced features.

For the security aspects, there are things that all the Rapid7 products have (all the solutions have) that they don't have in this product, or that I have not seen yet. 

For how long have I used the solution?

I have used it fairly recently. We tested it about six to eight months ago. Right now, I have been using it for the last two months.

What do I think about the stability of the solution?

There have been a few browsers hiccups, depending on the browser. Otherwise, it is fairly stable.

What do I think about the scalability of the solution?

No, as far as I have noticed, I do not have any issues scaling up the product.

How are customer service and technical support?

Good. I mainly asked for some tech support when I was in the testing phase. I don't really know how to assess it.

I did not need help during setup. I have not gone through any trainings. I only asked a few questions about features and things like that, which may have not been available to me during the testing phase and I have not tried to implement them yet.

Which solution did I use previously and why did I switch?

I had a previous solution, and I switched to Rapid7 insightOps due to management and costs.

How was the initial setup?

It was really simple. They have some documentation. It is pretty straightforward for the client to install. There are really limited things to configure on their interface.

Which other solutions did I evaluate?

I chose from a pool of options, some that included all of the Rapid7 products, which were more focused on security. I probably had four or five options which I looked at during the initial process.

What other advice do I have?

Do your homework beforehand to know what you expect from such a solution and how you plan to scale up. Because like any solution, when you scale up, you want to first make sure you have a solution that can handle it, and second, the cost of expanding matches your expectations.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user760716
Technicien Niveau 2 at a tech services company with 11-50 employees
Real User
The ability to browse logs from multiple sources simultaneously speeds up root cause analysis
Pros and Cons
  • "The ability to browse logs from multiple sources at the same time really speeds up root cause analysis."
  • "Since I used the beta, improvements are to be expected. The dashboard options could have been clearer, but I believe it is more a problem with the limited documentation available at the time."

What is most valuable?

  • The log aggregation and research capabilities are definitely what pays for itself. 
  • The ability to browse logs from multiple sources at the same time really speeds up root cause analysis, which involves more than one source and this is almost always the case. 
  • Visual mode search and live monitoring are just icing on the cake.

How has it helped my organization?

Imagine having to recreate the timeline of an event across three servers, with multiple logs each, and some logs dated using UTC and some using our actual time zone. You either have to build complex scripts using grep, sed, and awk to standardize the data before you can start your analysis or you risk getting lost. InsightOps does it all automatically so you can get to work right away. Less time lost and less risk of taking the wrong path.

What needs improvement?

Since I used the beta, improvements are to be expected. The dashboard options could have been clearer, but I believe it is more a problem with the limited documentation available at the time.

For how long have I used the solution?

Two months. The time that the beta lasted.

What do I think about the stability of the solution?

None at all.

What do I think about the scalability of the solution?

No, but our testing has been rather limited.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Find out what your peers are saying about Rapid7, Splunk, AT&T and others in Log Management. Updated: January 2022.
563,327 professionals have used our research since 2012.
ITCS user
Cyber Security Engineer at a recruiting/HR firm with 51-200 employees
Real User
Enables us to have the end point agent on all of our systems and real time queries across the board

How has it helped my organization?

We have a lot of mobile users who are not always on our network, and this gave us the ability to have full visibility into them. We're able to do real time requests and questions with the agent. So I can basically search all my agents and see if there's a malicious registry key in any of the registries. I can see a process that might be running, that should be running or shouldn't be running, I can do a real time query across the entire board.

You can use this to also see if systems are up or down, from an infrastructure level as well. So it has more than just monitoring things for malicious activity. It can also see if things are working properly as well.

What is most valuable?

The most important feature is the ability to have the end point agent on all of our systems. And since they talk back to their cloud infrastructure, it doesn't matter if the systems are on our network or not on our network. We still get real time feedback, not only on the InsightOps part, but also our InsightIDR and others as well. It's only one agent, and they all pull back data that's relevant to our network.

It also gives us a lot of almost "forensic" capabilities, because the agent itself monitors the entire system, from the registry all the way down to the file level. If there's anything malicious, or network connections, anything of that nature that's going on, you can do searches on them and it's beaconing back in real time.

What needs improvement?

Yes. The searching capability, or when you ask real time questions. The searching is pretty decent but it's still not up to par with, say, Splunk. It's much better than it used to be but it can take a little longer than you may want.

Also, when you do the real time queries, if you do too many it could take longer than you want. They're constantly improving it, so I will give them credit on that. It is getting better, but it still could take a little longer than you care for.

It's hard to say that it's not fast enough when you're querying agents that are overseas and not on your network. So, it does do a pretty good job of handling that type of traffic, but sometimes it can take a little bit for everything to populate.

What do I think about the scalability of the solution?

No, not at all. It's actually very simple. I don't know if you can or not, but you could probably deploy it through a group policy if you wanted to. But we use K Software deployment. I just take the MSI, put in a few command lines, and toss it onto all my systems as need be.

It was very, very simple to deploy the agent, and that agent automatically communicates back to their cloud service, or to your onsite collector, if it's onsite. All those settings are configured automatically, it's not something you have to do. So setting up the agents and the collector for it, you have visibility over everything, it's very simple.

And if you're also using it to integrate other logs from other sources, that's extremely easy as well, because they will ingest any logs. Some products won't, for example, take logs from Splunk, or they won't take logs unless they're in a separate format. That's probably one of the better attributes of InsightOps. If you put an onsite collector, and you point things at it to collect logs, it doesn't matter what format it's in, it can ingest just about any type of log.

You can set up alerts, queries and dashboards based off those logs as well. You're not just limited to what InsightOps has. You can also use logs from other sources to give you more insight or more information, where it's feasible.

How are customer service and technical support?

I have a Customer Success Manager, so I have called their customer support. When you call their customer support you get several people immediately jumping on what's wrong. Normally, I don't have to worry about the problems because they usually know about them before I do, because they're very on top of things.

But I do have a customer rep so if I have any problems that aren't immediate, I can email her. She always helps me take care of it the same day. Or if it's gonna be longer, because it needs to be developed, she gets that put in, then that gets worked on as well. Whenever I've had to call them, I've never had a problem with their customer support at all.

Which solution did I use previously and why did I switch?

We used to use SecureWorks as our MSSP for everything from end point protection to infrastructure monitoring. To say we weren't happy with them would be probably an understatement. We felt we were overpaying, and getting less than we should. What they tried to sell us on and say they could do, they couldn't. They said they could do true end to end correlation and visibility on all your assets, and that just didn't happen until we got Rapid7 and got their products. It was IDR, Ops and really combining the two. But even just Ops by itself gave us more visibility and better alerting than we had with SecureWorks.

One of the things I didn't like about them is that there was a lot of false positives. You would try to tune them, you'd try to work with their associates to try and get things customized to your environment, and it just never seemed to really work properly. Whereas with Ops and IDR and our other ones, we've been able to get it to a point where we don't have alert fatigue, and false positives. I don't really have to worry about that anymore, where it used to be kind of a headache.

How was the initial setup?

Very similar to when I was talking about deploying the agents and all that. It goes hand in hand with the actual setup.

There are just two of us, me and my boss, and when we did the proof of concept for it I told my boss, "I should have it set up completely in less than two weeks." He laughed at me, jokingly. But, really, I had probably 98% of it set up in the first two weeks. The last two percent were very customized things that I was trying to do personally, to see if I could get it done.

But when it came to getting it set up, getting the agents deployed, getting the collector deployed, getting all the root things, and the root metrics and operations set up, yeah two weeks was all I needed. And that was by myself. Bigger companies may take a little bit longer, whether it's red tape or it's just they have more hoops to jump through, but when it comes to really setting it up, it's not very difficult.

Which other solutions did I evaluate?

We did a proof of concept with a few other companies before we purchased this one. It seems like they are definitely one of the best in the field. Whether we're talking about ease of deployment or price. We get way more out of it than we did with SecureWorks and we pay about a third of the price.

What other advice do I have?

Make sure you know what you're trying to monitor. Because one of the things that you can do, and I started doing it at the beginning myself, is have it ingest all the logs you give it. I mean, we have everything pointed at it and giving our alerts and our logs to it. And then I got to the point where I've got everything coming in, what do I need to monitor the most? So having a very well defined path for it, on exactly what you want to use it for. What you want to monitor, how you want your alerts to go.

Just make sure you have a good starting point.

Whether it's price, customization, full user visibility, full end point invisibility, it gives you a lot that you can do with it. In some ways you're only limited based off of what you can think of, and what you come up with to monitor, or to develop, or feed for logs.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user722238
Systems Administrator at a university with 10,001+ employees
Vendor
​Dashboard And Manageability Are Among The Features That Make It Easy To Use

What is most valuable?

Dashboard and manageability.

How has it helped my organization?

Easy to use and spend less time on setups/troubleshooting.

What needs improvement?

There were some difficulties in product setup, but after those issues were resolved, there were no issues.

For how long have I used the solution?

Two months.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Great.

Which solution did I use previously and why did I switch?

SCCM. That product was not easy to use.

How was the initial setup?

Setting up the application was easy, but connection to the AD structure was a little harder than with other applications.

What's my

What is most valuable?

Dashboard and manageability.

How has it helped my organization?

Easy to use and spend less time on setups/troubleshooting.

What needs improvement?

There were some difficulties in product setup, but after those issues were resolved, there were no issues.

For how long have I used the solution?

Two months.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Great.

Which solution did I use previously and why did I switch?

SCCM. That product was not easy to use.

How was the initial setup?

Setting up the application was easy, but connection to the AD structure was a little harder than with other applications.

What's my experience with pricing, setup cost, and licensing?

Licensing model is easy.

Which other solutions did I evaluate?

LANDesk.

What other advice do I have?

Look into standardizing your naming schemes prior to implementation. It will save you a lot of time later.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user661389
InfoSec Consultant at a tech services company with 51-200 employees
Consultant
Gives A Complete View Of Your Assets, From Logs To Monitoring To Queries

What is most valuable?

You have a complete view of your assets, from logs to monitoring to queries. In a single web interface it is possible to resolve even the trickiest issue very quickly. Once you start using InsightIDR, which works hand in glove with InsightOps, you will feel like you were operating in the stone age before.

How has it helped my organization?

Our service desk and sysadmins are now less busy tracking "boring issues". InsightOps helps them to focus on real problems and to have all IT assets monitored in one place.

What needs improvement?

Not because it's not great already, but because when it comes to searching there are always new (hopefully better/cleaner) ways to present data and analyze it.

For how long have I used the solution?

Three months or so. We also took part at beta testing process.

What do I think about the stability of the solution?

No issue, the cloud-based solution works very well.

What do I think about the scalability of the solution?

No issue, the cloud-based solution works very well.

How are customer service and technical support?

Maybe I'm biased because of the beta program, but the support is very quick and competent. Also, the Rapid7 community is a great help, and public docs are gold.

Which solution did I use previously and why did I switch?

We had Nagios and WhatsUp Exchange Monitor. We removed Nagios because the hidden costs were too high. We were quite happy with WhatsUp, mainly because we have a couple of very expert engineers. InsightOps is head and shoulders above the rest.

How was the initial setup?

Setup is very neat. You deploy an agent and start collecting data in minutes. Very easy.

What's my experience with pricing, setup cost, and licensing?

Licensing is quite flexible and pricing is affordable. Plus, you can ask for a 30-day demo.

Which other solutions did I evaluate?

We tried almost every competitor, both FOSS and commercial, but there is no real competitor yet.

What other advice do I have?

Try the demo, you'll find yourself loving it.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.