Incident Command overview
Incident Command is the AI-native security operations platform within the Rapid7 Command Platform. It provides a unified interface for detecting, investigating, and responding to security threats within your Security Operations Center (SOC). The platform combines key operational capabilities including threat detection, alert triage, case investigation, response actions, threat intelligence, automation, and attack surface monitoring in a single experience.
Incident Command is designed to reduce the overhead of managing multiple tools and to improve the efficiency of your security workflows. It uses AI models trained on real-world SOC data to prioritize alerts and add context to findings. This helps your teams focus on high-priority threats and take informed action without being overwhelmed by alert volume.
The Command Platform supports both strategic and operational users. Security leaders can monitor risk posture and demonstrate outcomes, while analysts can use the platform to investigate alerts and coordinate responses. Incident Command includes core SIEM and SOAR functionality and scales to support more advanced use cases with AI-assisted triage, endpoint and network detection integrations, and remediation. By consolidating your detection and response tools into a single platform, Incident Command helps reduce noise, streamline triage and investigation, and support faster resolution of incidents.
Incident Command packages
Rapid7 currently offers the following package tiers for Incident Command:
- Incident Command Essentials - Collect, enrich, and analyze security data at scale
-
Incident Command Advanced - The essentials, plus AI-driven security operations and threat intelligence
- Incident Command Ultimate - Full XDR, including complete protection for endpoints, networks, and more with detection and response
Surface Command is included with all Incident Command packages.
Feature comparison
Understand key differences between the Incident Command package tiers at the feature level.
| Feature | Incident Command Essentials | Incident Command Advanced | Incident Command Ultimate |
|---|---|---|---|
| Asset Discovery (CAASM) | ✓ | ✓ | ✓ |
| External Attack Surface Management (EASM) | ✓ | ✓ | ✓ |
| Active Risk Prioritization | ✓ | ✓ | ✓ |
| Remediation Hub | ✓ | ✓ | ✓ |
| Automation & Response (SOAR) | ✓ | ✓ | ✓ |
| Customer Support | ✓ | ✓ | ✓ |
| APIs | ✓ | ✓ | ✓ |
| Rapid7 Endpoint Agent, including Detection Library and Enhanced Endpoint Telemetry | ✓ | ✓ | ✓ |
| Log Management and Third-Party Event Sources | ✓ | ✓ | ✓ |
| Detection Triage, Investigation, and Reporting (SIEM) | ✓ | ✓ | ✓ |
| Detection Rule Library and Custom Rule Creation | ✓ | ✓ | ✓ |
| User Behavioral Analytics (UEBA) | ✓ | ✓ | ✓ |
| AI for Log Search | ✓ | ✓ | ✓ |
| Integrated Theft Intelligence from Rapid7 Labs | ✓ | ✓ | ✓ |
| Investigation and Response Playbooks | ✓ | ✓ | ✓ |
| Deployment and Training | Quick Start included in year 1 | Quick Start included in year 1 | Quick Start included in year 1 |
| Log Retention | 90 days + add-on | 180 days + add-on | 180 days + add-on |
| Alert and Audit Retention | 13 months + add-on | 13 months + add-on | 13 months + add-on |
| AI-Assisted Alert Triage and Disposition (AI-SOC), including AI-Suggested Dispositions and AI-Assisted Workflows | - | ✓ | ✓ |
| Intelligence Hub | - | ✓ | ✓ |
| Deception Technology, including honeypots, honey users, and honey files | - | ✓ | ✓ |
| Endpoint Detection & Response (EDR), including File Integrity Monitoring, Response Actions, and Next-Generation Antivirus (NGAV) (coming soon) | - | - | ✓ |
| Network Detection & Response (NDR) | - | - | ✓ |
| Intrusion Detection System (IDS) | - | - | ✓ |
| Hosted Velociraptor (DFIR) | - | - | ✓ |