Rapid7 Managed Threat Complete

MDR ยท XDR

Rapid7 Managed Threat Complete is Rapid7's MDR service, delivered through its SIEM and exposure-management stack with 24/7 monitoring, triage, investigation, threat hunting and incident-response support. After a validated alert, Rapid7 analysts can contain endpoints or user accounts through Active Response and supported integrations, while the buyer still owns asset scope, telemetry quality, approvals, exclusions, recovery and remediation outside the contracted workflow.

Service
MDR
Handles
Contain threats
Price
AWS Marketplace lists a 12-month Managed Threat Complete Essential contract from $73,000.
  • Contain threats
  • Boston, Massachusetts
  • 1000+
  • Founded 2000
Visit website

Shortlist fit

Mid-market and enterprise teams that want MDR, SIEM and vulnerability context in one Rapid7-led workflow

Provider handles

Service can take or orchestrate containment actions within the approved scope.

Check before buying

Scoping protected endpoints, servers, networks and third-party event sources

Also fits

  • Buyers that value asset-based pricing instead of SIEM data-volume pricing
  • Security teams that want provider-led containment for endpoints and user accounts but still retain response governance
  • Microsoft Defender or mixed-EDR environments that can use Rapid7-supported event and Active Response integrations

Can replace

  • Some 24/7 alert monitoring and first-pass triage work
  • Some endpoint and user containment actions through configured Active Response
  • Some incident-response retainer demand inside the MDR scope
  • Some SIEM data-volume budgeting uncertainty when Rapid7 SIEM is the monitoring layer

Coverage

Provider covers

  • 24/7/365 SOC monitoring, triage and investigation through Rapid7 MDR
  • Exposure-informed investigations that use vulnerability and asset context to prioritize response
  • Rapid7 SIEM visibility into validated threats, response actions and resolution

Your team still owns

  • Maintaining telemetry quality, agent coverage and third-party alert integrations
  • Defining Active Response permissions, exclusions and approval rules
  • Handling business remediation, recovery and changes outside Rapid7-managed workflows

Tradeoffs

Works well

  • Documented containment actions make it stronger than alert-only or advice-only MDR
  • Rapid7's exposure-management context can help prioritize which alerts and weaknesses matter most
  • Public AWS Marketplace pricing gives buyers a better starting point than quote-only MDR profiles

Watch out for

  • The service is centered on Rapid7 SIEM, so buyers committed to another SIEM should verify workflow fit
  • Third-party alert response is bounded by supported integrations, source-system APIs and configured data flow
  • Public package pages do not expose every entitlement boundary, add-on cost or response authority rule

Reviews

Review synthesis

Public review signals are positive but uneven in depth. Gartner and PeerSpot show meaningful MDR review surfaces, G2 has a smaller MDR-specific review set, and Reddit comments praise analyst quality, retention and vulnerability bundling while flagging cost, automation, portal workflow and third-party integration limits.

Customers like

  • Reviewers commonly value 24/7 monitoring, analyst support and investigation help
  • Customers point to useful SIEM visibility, vulnerability context and long retention
  • PeerSpot and G2 reviews describe Rapid7 as useful for both mid-market and enterprise teams

Watch out for

  • MDR-specific G2 review volume is small
  • Community discussion raises pricing, automation and portal workflow concerns
  • Third-party alert handling can be limited by source-system APIs and data-flow reliability

Pricing

Price
AWS Marketplace lists a 12-month Managed Threat Complete Essential contract from $73,000.
Billing
Per-asset, Tiered, Custom
Contract
12 months
Proof of concept
Available
Onboarding
Rapid7 service material says MDR monitoring starts detecting threats within the first 60 days of onboarding.

Questions to ask

  1. Which containment and remediation actions can Rapid7 execute in our environment without waiting for approval?
  2. Which third-party tools will Rapid7 only triage inside Rapid7 SIEM, and which systems receive bidirectional updates?
  3. How do Essential, Advanced and Ultimate differ for threat hunting, third-party monitoring, advisors, Velociraptor and breach protection?

Integrations

SIEM
  • Rapid7 SIEM (InsightIDR)
  • Rapid7 Command Platform
EDR / Endpoint
  • Rapid7 Insight Agent
  • Microsoft Defender for Endpoint
  • CrowdStrike Falcon
  • SentinelOne
  • Carbon Black Cloud
  • Cisco Secure Endpoint
Cloud
  • AWS GuardDuty
  • Microsoft Defender for Cloud
  • Google Cloud Security Command Center
Other
  • InsightVM / Exposure Management
  • InsightConnect SOAR
  • Velociraptor DFIR
  • Microsoft Defender XDR
  • Microsoft Defender for Identity
  • Microsoft Defender for Office 365
  • CyberArk Vault
  • Netskope
  • Palo Alto Networks Cortex XDR
  • Sophos Central
  • Trend Vision One
  • Varonis DatAdvantage

Editorial notes

Why contain threats

Rapid7 publishes Active Response documentation showing SOC analysts can isolate endpoints and disable compromised user accounts through supported agents and EDR tools. That supports the Contain threats lane, but not full SOC ownership.

Not a neutral managed SIEM

The public MDR page says the service is delivered on Rapid7's SIEM and uses Rapid7 platform context. Enterprise MDR can ingest custom event sources, but the normal operating model still centers Rapid7's platform rather than any customer-owned SIEM.

Third-party boundary

Rapid7 documentation says the SOC can triage, investigate and respond to selected third-party security alerts within Rapid7 SIEM, while also noting that Rapid7 does not control disruptions in third-party data flow or universally close alerts in source systems.

Pricing boundary

Rapid7 publishes package names and asset-based pricing logic, while AWS Marketplace exposes public 12-month contract starting prices. The profile uses those marketplace amounts as indicative procurement signals and keeps final pricing quote-dependent.

Review caveat

Public customer sentiment is mostly favorable on analyst quality, visibility and bundled vulnerability context, but review volume for the MDR-specific G2 surface is small and community comments include pricing, automation, portal and integration caveats.

Questions

Does Rapid7 MDR contain threats for the buyer?
Yes, within configured scope. Rapid7 Active Response lets SOC analysts quarantine endpoints and contain compromised user accounts through the Insight Agent or supported EDR integrations. Buyers still need to define exclusions, approvals and what happens after initial containment.
Is Rapid7 MDR a co-managed SOC?
This profile classifies Rapid7 MDR as Contain threats, not Co-manage the SOC. Rapid7 can investigate and take containment actions, but the standard MDR buying model is centered on Rapid7's SIEM and SOC workflow rather than shared day-to-day operation of the buyer's whole SOC.
How is Rapid7 MDR priced?
Rapid7 says pricing is based on protected endpoints, servers and networks rather than SIEM data volume or incident count. AWS Marketplace lists 12-month Managed Threat Complete options starting at $73,000 for Essential, but buyers should request a scoped quote or private offer.