We've updated Rapid7’s community resources

Hello. We've evolved our community resources to provide a richer experience. Learn more.
Questions? Contact us.


Blogs, How-tos, & Research

Our new blog will still publish the same cutting-edge research, analysis, and commentary you expect from Rapid7.

Explore the Blog

Docs, Help, & Questions

Help content and documents are now curated to let you get the information you need even faster.

Explore Help

Rapid7 Threat Report: Q4 2017 Q4 Threat Report and 2017 Wrap-up

Welcome to Rapid7’s Q4 report, featuring our first annual threat report wrap-up! 2017 Quarterly Threat Report: Q4 and 2017 Wrap-Up Get the Full Report We could not have picked a better year to start doing this, as 2017 was one for the books. While…

Next Threat Intel Book Club 4/5: Recapping The Cuckoo’s Egg

Welcome, book clubbers! Our next digital book club meeting will be Thursday, April 5, 2018 at 8 PM EST. Register here (required): http://r-7.co/TIBCApril5. First-timer? Don’t have the book? No problem. We’ll be summarizing the plot and the takeaways from book…

Metasploit Wrapup

Return of the GSoC! The Metasploit project is proud to return to Google Summer of Code this year. Student applications are open until March 27th, so there's still time to get in! Coding begins on May 14th, and we're eager to hear what you'd like…

Patch Tuesday - March 2018

There are a lot of fixes this month: Microsoft's updates include patches for 76 separate vulnerabilities, including two critical Adobe Flash Player remote code execution (RCE) vulnerabilities. In fact all of this month's critical vulnerabilities are browser-related. This is not surprising considering web browsers are…

AWS Asset Sync Connection: More Visibility into your AWS Infrastructure

We recently announced the release of an updated AWS discovery connection for our vulnerability management solutions, Nexpose and InsightVM. This new connection is more efficient and works to the user’s advantage; to do this, it leverages a different workflow than the old connection does.…

CIS Critical Control 10: Data Recovery Capability

hope you enjoyed your stop at Center for Internet Security (CIS) Critical Control 9: Limitation and Control of Network Ports, Protocols, and Services! If you missed the previous stops on this journey, please check out our full blog series on the CIS Top 20 Critical…

Metasploit Wrapup

With the Northeast U.S. getting hit with back-to-back nor’easters this week, it’s probably a good idea to head back inside and wait it out until spring arrives. So toss another log on the fire, grab a hot drink, raise a toast to…

How to Build an Incident Response Plan: Your Battle Plan

An incident response plan can serve as your master blueprint for navigating the challenges of a security incident, ensuring everything is thought out in advance, secured appropriately, and that everyone on the team knows what to do if an issue does arise. In short, a…

An Impressively Unprecedented Drop in Open memcached Services

(Many thanks to Jon Hart and Tom Sellers for their research and content for this blog post.) We started performing weekly monitoring of open/amplification-vulnerable memcached servers after the recent memcrashed amplification distributed denial-of-service (DDoS) attack and today we have some truly awesome news to…

CIS Critical Control 9: Limitation and Control of Ports, Protocols, and Services

This is a continuation of our CIS Critical Control Series blog series. Need help addressing these controls? See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls. If you’ve ever driven on a major metropolitan highway system, you’…

Guest post: Lurking in /lib

This is a guest post from a long-time Metasploit contributor and community member. Over the next few months, Rapid7 will be publishing a series of guest posts featuring unique perspectives on Metasploit Framework and highlighting some of our community’s favorite functionality, hidden gems, and…

Today's Threat Landscape Demands User Behavior Analytics

Attackers continue to hide in plain sight by impersonating company users, forcing security teams to overcome two challenges...…

R7-2017-27 | CVE-2017-8987: HPE iLO3 Unauthenticated Remote DoS (FIXED)

This post describes CVE-2017-8987, an unauthenticated remote Denial of Service vulnerability in HPE iLO3 firmware version 1.88. This vulnerability can be exploited by several HTTP methods; once triggered, it lasts for approximately 10 minutes until the watchdog service performs a restart of the iLO3…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More


Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More