Rapid7, Inc., a pioneer in threat detection and exposure management, announced the launch of Incident Command, a powerful new next-gen SIEM extending the capabilities of its Command Platform, purpose-built to transform how security teams detect, investigate, and respond to threats.
Incident Command unifies preventative attack and exposure management together with threat detection and response, all powered by Agentic AI workflows trained on playbooks designed by Rapid7’s own SOC experts, and refined through continuous real-world application.
Intelligence Hub to deliver a seamless user experience
Incident Command brings attack surface context through Surface Command and curated threat intelligence
Built on the Command Platform’s data mesh, Incident Command brings attack surface context through Surface Command and curated threat intelligence with Intelligence Hub to deliver a seamless user experience that enables every analyst to operate like an expert, every action to be informed by context, and every response to be faster, smarter, and simpler.
"The launch of Incident Command is a leap toward our mission to simplify access to security outcomes," said Corey Thomas, CEO of Rapid7, adding "Security teams are under scrutiny to deliver measurable impact across their risk and response programs. We built the Command Platform to unify all customer data — not just what we collect — so that organisations get the facts from the beginning and reduce their time to action."
Key features of Incident Command
Corey Thomas added: "Incident Command, our upgraded next-gen SIEM, gives customers the benefit of the Command Platform plus broadened access to our decades of SOC expertise with agentic AI integrated within the workflows they use every day."
With Incident Command, security teams operate within a closed-loop feedback model, combining AI-powered threat detection with deep exposure visibility, automating triage with 99.93% accuracy, and saving 200+ SOC hours per week. Key features of Incident Command include:
- Agentic AI, built by and for the SOC: Unlike black-box “AI” tools, Rapid7’s AI is trained on years of detection, investigation, and response data from its 24/7 MDR operations, enabling transparent, analyst-assistive triage and investigation workflows with 99.93% benign disposition accuracy. It doesn't just classify, it guides, recommends, and adapts with every use.
- Unified analyst experience: Incident Command brings together historically siloed SIEM, SOAR, ASM, and threat intelligence functions into one intuitive interface. Analysts can investigate with deep threat, exposure, and asset context in a single view — no context switching required.
- Open and integrated data mesh: Powered by Surface Command and the Command Platform’s data mesh, customers can unify Rapid7 and third-party telemetry without complex integrations, gaining end-to-end visibility across their hybrid environments.
- Deeply embedded threat intelligence: Expertly vetted threat intelligence is integrated within Incident Command for the most actionable, relevant, and context-rich insights for targeted detection, threat hunts, and incident response.
Threat intelligence and AI automation
"With Incident Command, Rapid7 is marrying exposure management capabilities with threat detection and this is a differentiator in a crowded SIEM market," said Michelle Abraham, Senior Research Director at IDC.
Michelle Abraham adds, "By bringing detection automation, internal and external attack surface visibility, threat intelligence, and AI automation into one platform, Rapid7 is offering security analysts a solution that reduces complexity, connects data, and streamlines investigations, which improves analyst workflows."
Rapid7 is showcasing Incident Command at Black Hat USA, August 6-7 in Las Vegas, both in the Business Hall (Booth #5042) and at The Border Grill in Mandalay Bay from 9 am to 6 pm on August 6.
Learn why leading casinos are upgrading to smarter, faster, and more compliant systems
