Security teams are flooded with logs, yet every alert demands fast, accurate context. In Verizon’s 2025 Data Breach Investigations Report [1], they analyzed 22,052 security incidents, of which 12,195 (55%) were confirmed breaches, underscoring how much activity teams must sift through to find what matters.

In practice, that means dozens of investigations per shift, each requiring fast judgment with incomplete context. A 2024 SANS survey shows that SOC teams report alert volume, limited context, and lack of automation continue to slow investigation and response [2].

Speed suffers. So does consistency.

Turn raw logs into a clear narrative

AI-Powered Log Summary in Rapid7 Incident Command transforms raw log data into a clear, concise narrative directly within the investigation workflow. Analysts see what happened, why it matters, and what to do next in seconds, not minutes.

Instead of decoding logs line by line, analysts get:

• Instant identification of who initiated the activity.

• Fast understanding of exactly which actions occurred.

• Clarity into when and where events unfolded.

• Connectivity into why that behavior matters.

Analysts stay grounded in the original data, but they no longer have to fight through it to find answers. The summary provides immediate orientation and focus, keeping their focus on what to do next.

Built for real SOC workflows

⠀

AI-Powered Log Summary is embedded directly into the log search workflow. No pivoting, and no context switching. With a single action, analysts generate a contextual summary tailored to their results in seconds. That means faster investigations without breaking flow.

Summaries can be shared with teammates or leadership to communicate findings quickly, without rewriting technical details into plain language. Everyone stays aligned on what happened and what comes next.

AI integration in action

Rapid7 leverages the best available technology to protect our customers' attack surfaces. Our mission drives us to keep abreast of the latest AI advancements to deliver optimal value to customers while effectively managing the inherent risks of the technology. Integrating AI into our core processes enhances our operational security and underscores our commitment to ethical innovation. 

At Rapid7, we are dedicated to leading responsibly in the AI space, ensuring that our technological advancements positively contribute to our customers, company, and society. Read more about how our TRiSM (Trust, Risk, and Security Management) is a foundational strategy that guides us in navigating the intricate landscape of AI with confidence and security.

Less noise, more impact

By reducing time spent parsing logs, teams can focus on what matters: containment, remediation, and proactive threat hunting.

⠀

This brings analysts:

• Faster triage and investigations.

• More consistent analysis across shifts.

• Lower cognitive load during high-volume periods.

• Clear communication to stakeholders.

Rapid7 is at the vanguard of integrating AI into its products to accelerate outcomes for our customers, with a particular focus on amplifying analyst impact and bringing speed and clarity to SOC operations throughout the threat detection and response lifecycle. 

That is how modern SOC teams move faster. Visit the Incident Command page for more information.

⠀

[1] Verizon 2025 DBIR

[2] SANS 2024 SOC Survey

For teams managing dozens, or even hundreds, of tenants, API access quickly becomes operational overhead. Managed Security Service Providers and large enterprises often find themselves maintaining separate credentials for every environment, adding friction to automation, reporting, and day-to-day operations.

To address this, we are excited to announce multi-tenant API access, a new authentication capability designed to drive operational efficiency and consistent security outcomes across all your customers or environments.

Whether you are a MSSP or an enterprise managing multiple tenants, this new capability transforms how you programmatically access and manage data, allowing you to focus on security outcomes rather than script maintenance.

Managing API keys across multiple tenants to eliminate key sprawl

Without multi-tenant capabilities, a security team managing 50 tenants requires 50 unique credentials that need to be generated, named, and stored. This key sprawl creates overhead for rotation, increased risk of credential leakage, and makes cross-tenant reporting a challenge to automate effectively.

Meaning basic tasks, such as creating a consolidated compliance report, could turn into a multi-day integration project involving brittle scripts and large configuration files.

A centralized approach to multi-tenant API access

Multi-tenant API access introduces a centralized way to programmatically access data across all managed tenants with a single API key. Instead of maintaining individual tenant-specific credentials, you can use one key for many tenants.

At Rapid7, we’re introducing new multi-tenant admin keys that enable access to all current and future tenants, ensuring that new tenants require zero additional API configuration - saving security teams valuable time and effort.

Reducing operational overhead with multi-tenant API access

By removing the authentication bottleneck, our multi-tenant API keys enable security engineers to build a single integration that "loops" through tenants automatically, reducing the time they would otherwise have spent manually configuring API keys per tenant and the maintenance overhead that comes with this.

Using one key to provide seamless access to all tenant data, operations are simplified and the impact on efficiency is measurable: teams reclaim days of effort onboarding new tenants and rotating credentials experiencing 98% time savings overall.

Strengthening API security and compliance across tenants

Beyond efficiency, multi-tenant API access improves security visibility, reducing an organization’s attack surface by utilizing a single multi-tenant key. Fewer keys mean fewer opportunities for developers to accidentally hardcode credentials or leave orphaned keys active after a tenant is decommissioned.

This feature also streamlines compliance. It allows teams to run a single script to pull critical vulnerabilities or alerts across hundreds of tenants into a single dashboard, and enables efficient exports of audit logs across all tenants. 

Simplifying cross-tenant automation and reporting

Multi-tenant API access is about freeing security teams to focus on what matters. By centralizing credential control and simplifying automation, we are empowering analysts and engineers to act faster and reduce risk.

Want to see how multi-tenant API access can streamline your operations? Administrators can leverage this new capability by utilizing the new multi-tenant API key type and our new managed organizations API to retrieve details of your managed tenants, enabling you to create or update automation scripts to retrieve or manage data for any (or all) of your managed tenants via existing Rapid7 APIs.

Security teams have been talking about alert fatigue for years. And yet, for many SOCs, the problem isn’t getting better. It’s getting worse.

As environments expand across cloud, SaaS, identity, and legacy systems, analysts are flooded with signals that all demand attention but rarely arrive with enough context to act quickly. Staffing shortages only amplify the issue. The result is a SOC stuck reacting to noise instead of responding to real risk.

Recent industry research reinforces what analysts already know. False positives remain one of the top challenges in detection and response, and many analysts encounter low-value alerts so frequently that it slows investigations and contributes directly to burnout. Alert fatigue isn’t just an efficiency problem. It’s an operational risk.

That’s why we created a new eBook, Alert Fatigue to Action: The SOC Analyst’s Playbook.

Why alert fatigue persists, and why it’s not your fault

Alert fatigue isn’t a reflection of weak analysts or underperforming teams. It’s the outcome of security models that haven’t kept pace with modern complexity.

Traditional SIEM approaches were built for a different era. Rule-heavy detections, manual enrichment, siloed tools, and flat log views force analysts to spend valuable time stitching together context before they can even begin investigating. Even experienced analysts end up waiting for answers instead of acting on them.

Modern SOCs need a different approach. One that prioritizes analyst efficiency, reduces friction, and brings clarity to investigations from the start.

Four moves that change how SOCs operate

In the eBook, we break down four practical shifts that high-performing SOCs are making to move beyond alert fatigue:

• Automate the noise with AI-assisted classification and enrichment so analysts can focus on what truly matters

• Investigate smarter with unified context, eliminating unnecessary pivots between tools

• Shrink the response cycle using guided workflows that make investigations faster and more consistent

• Gain confidence in coverage by understanding risk across the entire attack surface, not just known assets

These aren’t theoretical ideas. They’re grounded in real-world SOC workflows and designed to help analysts move faster without sacrificing control or trust.

A look inside a real SOC investigation

One of the most impactful sections of the eBook walks through a familiar scenario: a phishing or business email compromise investigation.

Instead of listing tools or features, it shows what the investigation actually feels like for an analyst. From the frustration of waiting on data in a traditional workflow to the clarity that comes when context is surfaced early and answers arrive faster. It’s a reminder that efficiency isn’t about removing analysts from the loop. It’s about removing the friction that slows them down.

From overwhelmed to in command

At its core, the playbook is built on a simple principle. Modern SOC efficiency comes from reducing noise, unifying context, and guiding investigations with AI-assisted workflows, all while keeping analysts firmly in control.

If you’re responsible for detection and response, or if you’re feeling the strain of alert fatigue in your SOC, this eBook is designed for you.

Download Alert Fatigue to Action: The SOC Analyst’s Playbook and see how modern SOCs are turning overwhelming alert volume into faster, more confident response.

Recently in the SOC, we were notified by a partner that they had a potential business email compromise, or BEC. We commonly catch these by identifying suspicious email forwarding rules, […]

The post Monitoring High Risk Azure Logins  appeared first on Black Hills Information Security, Inc..

Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_HowtoPrepareBeforeCompromise.pdf 00:40 Intro, background information, how to deal with […]

The post Webcast: How to Prepare Before the Compromise appeared first on Black Hills Information Security, Inc..