The Legacy UBA Detection Rules in Rapid7 IDR have just been automatically re-enabled for all customers after several months of being fully disabled during the transition to the new detection rule library, which is now generating a large number of alerts. How could this suddenly happen?
1 Like
same here… more info please…
1 Like
Around 11 AM UTC a inadvertent config change was made that triggered these to be turned On. This has been rolled back. If you see that they are still coming in please open a support case!
1 Like
Has Rapid7 itself confirmed this?
they never do until it´s solved 