Community Threats

Hello everyone, sorry to bother you. I would like to know what I’ve missed about Community Threats IOC.

I uploaded my list of IOC urls in InsightIDR but when I visit a website that is on my threat list I don’t have any alerts. I can find the website visited in my dns logs but no alert comming.

Do you have any idea why no alert comming ?
Best regards,
Cyrille.

1 Like

Hey, that´s not the expected behavior at all, have you created a case? Rapid7 Support Community (site.com)

Hi Cyrille, I’m also having the same issue. Added some domains to Community Threats and I have DNS logs matching these domains. But no investigations are ever created.

Interestingly, I did a DNS lookup for a Deep Panda malicious domain, and that created an investigation, so Rapid 7 is reading my DNS logs correctly, but not my Community Threats.

Did you find a solution ?

Is your Community threat detection set to creates investigation?

Also are there perhaps any open Investigations this behavior is being appended to? (Assuming its set to creates investigation)