Rapid7 incident

InsightIDR – Missing SentinelOne and CrowdStrike Alerts for some MDR customers

Minor Resolved View vendor source →

Rapid7 experienced a minor incident on July 29, 2025, lasting 2h 29m. The incident has been resolved; the full update timeline is below.

Started
Jul 29, 2025, 03:59 AM UTC
Resolved
Jul 29, 2025, 06:28 AM UTC
Duration
2h 29m
Detected by Pingoru
Jul 29, 2025, 03:59 AM UTC

Update timeline

  1. investigating Jul 29, 2025, 03:59 AM UTC

    We have identified an issue that began on July 24, 2025, at 17:21 UTC, where High and Critical alerts from SentinelOne and CrowdStrike are not populating correctly in InsightIDR for a subset of MDR customers who have opted to have the Rapid7 SOC monitor third-party alerts from these event sources.

  2. identified Jul 29, 2025, 05:44 AM UTC

    The issue affecting alerts for SentinelOne and CrowdStrike for MDR customers has now been mitigated. Work is ongoing to replay missed alerts for MDR SOC analyst triage and investigation.

  3. resolved Jul 29, 2025, 06:28 AM UTC

    Delayed alerts for SentinelOne and CrowdStrike for MDR customers have now been resolved. Replay of the delayed alerts is now complete. The MDR SOC will reach out via standard methods if investigation reveals any alerts requiring customer awareness or response.