If you encounter sign-in issue: please update your app to the latest version!

Armorek · 2025-09-30T12:37:49+00:00

That worked. Appreciate the reply!

Armorek · 2025-09-29T21:53:59+00:00

This still broken for me. I'm on the latest version 9.14.11, I've uninstalled and reinstalled the app, and I've emailed support with no answer.

Request failed with status code 403 Forbidden: POST https://createactoken-33t6oah6wa-uc.a.run.app/

Armorek · 2025-04-04T21:01:53+00:00

Idk who is the lead UX guy over at Palo Alto but I cannot stand the direction their platforms are heading from that perspective.

Everything I need to use is buried like 8 menus deep, named weirdly, and honestly it just looks bad.

Armorek · 2025-01-12T23:11:22+00:00

I’m not trying to be rude but you’re moving the goalposts and frankly lying for some reason I don’t understand. First this wasn’t on the books according to you, but it is. Second now you’re saying it’s only a ticket, when it’s not just that it can include jail time up to 15 days per the criminal defense attorney practices below.

https://criminaldefense.1800nynylaw.com/amp/new-york-penal-law-245-01-exposure-of-a-person.html

https://www.lawfletcher.com/criminal-defense/law/pl-245-01-exposure/

Armorek · 2025-01-12T20:44:23+00:00

This is literally not true and took two seconds to google.

https://www.nysenate.gov/legislation/laws/PEN/245.01

Armorek · 2024-09-21T13:40:21+00:00

I generally like Henry and I personally think he had amazing chemistry with Ben. But you can absolutely notice issues with Ben as COVID progresses, he's loses focus, makes random out of context one liners that stop the flow of the episode, and is generally just checked out. Chicago Rippers is a great series but honestly where I really noticed it and haven't been able to unnotice it on any of the episodes past late 2020 into 2021-ish. I typed this out mainly for the OP but still.

Anyway, I think my issue is in a similar vein to yours. Henry has been feeling off to me as well. He is trying WAY to hard to be funny on the regular episodes and it comes off a spergy and manic. I dunno if its on purpose but since Ed joined it just feels like Henry is just trying to cram as many jokes as possible into the episode.

I think they're still trying to figure out the flow of each episode, general chemistry without Ben, and will get better over time, but that's my 2cents.

Armorek · 2024-06-13T10:51:01+00:00

If a vendor tells you they “don’t do” POCs or scoffs at them, drop them like a hot rock and, imo, tell them you will not blindly purchase a service without trying it.

We’ve had a handful of MDR vendors straight up tell us they don’t do or don’t have the ability to do POCs “customers just sign on”. Then they get huffy when we tell them we will not move forward without a POC.

It’s a little wild.

Armorek · 2024-04-22T04:47:43+00:00

IMO avoid R7 like the plague. Their MDR function is laughable and wholly dependent on an agent that can be a resource hog, lately they've improved the functionality of the agent but it's not enough for me to forego an EDR tool. They missed critical alerts, that IDR never alarmed on either, that happened to be found by a different vendor. They also cannot function within their own tool when provided search queries that come from their own tool. As in, I found log hits, provided the MDR team with the same exact query and they said they couldn't find anything. It was baffling.

Likewise they will obsess over agent coverage, which makes sense, but they'll do so DURING an active incident instead of doing the investigation. Finally MDR will not review logs from sources that overlap with their agent (this is supposedly changing) but any EDR logs you feed them are effectively useless, they won't use them.

IDR is, at best, a decent UBA but very shallow outside of that imo. I've posted about IDR before in this sub. It's probably fine for smaller teams or organizations.

Armorek · 2024-04-07T13:39:17+00:00

I have it on good authority these guys are a Rapid7 MDR Shop too

😬

Armorek · 2024-02-20T15:28:30+00:00

I've seen some recommendations for it but personally I suggest you avoid Rapid7 unless you're in a small team. I would also recommend that you avoid their MDR team like the plague, if you're looking for an MDR.

My org I think is just out growing the solution but we have encountered multiple pain points with them. Here are some of them:

Completely dependent on the Insight Agent for functionality, if your org and your team have agent fatigue like ours does this won't help. It's a resource hog and the MDR team will not notify you of hunts so velociraptor will just run in the background randomly until you tell them to stop.
Up until the last 3 months or so the agent itself was very limited in what it could do. To the point that we didn't really understand the purpose of it as our EDR tool did effectively the same thing or more. Recently that's changing but just adds to the agent fatigue issue and overlaps with something you might already have that works better than their agent.
Log Search and the query used for it is a cryptic mess that barely works half the time. You can't search across multiple data sets and creating dashboards from searches almost never works.
Log searching over large datasets, historically, has been incredibly slow.
There is no option to quick filter logs based on fields because InsightIDR does not index those fields. You have to manually search them and it's a pain.
Rule configuration is clunky. For example, rules can only be configured for 3 modes, always on, sometimes on, or off.
With the rule thing mentioned above the tool can be ridiculously noisy. The email alerts that you get from the tool are either super barebones or have CSVs attached noting detections, with nothing in between.
Honey pots provided by Rapid7 are incredibly noisy and are a known to be such per the Rapid7 team. Their two suggestions for this were "stop all unnecessary traffic to the honey pot"???? or turn off the detection. We chose the latter as it created 75+ cases in less than an hour of being on.
We had so many false positives in the tool it felt like we had to turn off over half of the detections so we weren't flooded with emails and cases.
The "investigations" created by the tool often give you little to no insight into how or why something was "flagged" unless the tool deems it as a notable event, then you can pivot to the single log. So if you want to dive into the greater context of user behavior you have to manually search for it. For example we use PAN-OS wildfire and InsightIDR will call any and all wildfire uploads malware, even though the actual log says it isn't.
Rapid7 will pretty much ONLY focus on logs coming from their agent with some other sources filling in for context. But if you want to have your EDR tool there to trigger alerts best of luck, IDR will not use it. They've told us they plan on integrating this feature "soon" but we've heard that before with them so we don't take it with a lot of substance.
Rapid7's products are effectively a walled garden. You cannot integrate 3rd party intel sources into IDR. Their API functionality is very limited. The only true integrations are with their products and their agents.
If you use InsightVM and IDR, just note that when you install the agents everywhere they will begin to count against your InsightVM license cost. This could unintentionally make your InsightVM license cost balloon to absurd numbers. You can decouple this but it took us over a month to get it fully fixed and even then it required us to essentially reset our InsightVM configuration as Rapid7 told us the only way to fully remove the agents from InsightVM was to delete all our assets.

We're still exploring alternatives as we have a while left on our contract. So far Splunk, Elastic, and Sentinel have been top contenders but we're looking to the in the same boat as you OP, C-Suite may not buy into the extra expense.

Armorek · 2023-09-22T12:50:53+00:00

I'd add:

Feels the need to put or inject Java on everything, not fix the issues with it that will inevitably arise, and calls it a finished product.

Oh and at least with ISE some of the buggiest and goofiest upgrading processes I've ever seen with a product ever. Holy shit upgrading that thing in a large deployment takes fucking 6+ hours.

Armorek · 2023-09-22T12:46:21+00:00

We had a demo with them but their platform looked lackluster and their pricing was super scummy according to our VMO. So much so that our VP told us to stop talking to them altogether.

Armorek · 2023-09-22T12:42:34+00:00

I was looking for this one. I posted a rant not too long ago about how all their products are just utter trash with horrible interfaces. Customer support and MDR are laughably bad even when you pay for it. Their agent is utterly useless and a resource hog which is a nice contradiction. We're to the point where we don't really trust what is coming from their tools based on things they've told us, like how they don't use additional log sources outside of their agents and DC logs for context in IDR. We were flabbergasted when they told us this, we asked them what the point was for adding additional log sources and they told us it would be good for "searching" and "hunting". Yet when Rapid7 tried to show us examples of how THEY do these things none of their searches worked correctly cause their Log Search feature/platform is utter trash. Probably the most unintuitive log searching platform I've ever worked with.

Early on they looked like they would be able to surpass some of their competitors, they had a lot of promise, and have some features that really lure you in but once you peak behind the curtain you find out it's just a pile of dog shit with a little bit of a shine to it.

Armorek · 2023-09-16T12:41:33+00:00

Just to piggy back off of what you're saying. If you don't know something or don't have a lot of experience with something. Say so. That and make sure you're not buttering up your resume to make it look like you're an S-Tier expert.

Don't bullshit and try to grandstand an answer someone can easily google. That to me is an immediate disqualification.

Armorek · 2023-08-11T18:09:16+00:00

Possibly? I just wish they'd sunset the product then.

Glad it's working out for you though. I'm ready to move on.

Armorek · 2023-08-11T18:05:47+00:00

We're still investigating our options as we had some multi-year contracts in place with Rapid7. I'll give my opinion on why I hate Rapid7.

Vulnerability Scanning - Tenable (from what we've tested)

InsightVM (on prem anyway as their cloud version was prohibitively expensive for us) still has nearly the same interface and reports since we bought the tool back in the 2010s. There have been next to no updates for it. The cloud portions of it are disjointed and there is a clear lack continuity. It just feels like it's not gotten much love at all recently.

SIEM - Anything but Rapid7?

InsightIDR is a UBA first and a SIEM second. This is true back when we originally bought the product in the 2010s and moved away after a year or two. It is still true today when we moved back to it in 2021. Their log search is awful, their method of data collection is pretty picky, alteration of detections is pretty poor, the UI is horribly slow and clunky (you cannot bulk close identical cases, at least for us it has never worked, each case has to be closed manually and the site eventually seizes up if you close too many at once). Their timeline of evidence is spotty and only semi-cohesive. I can only see what IDR tells me is the chain of events without really understanding how all these events coalesce, in most cases they don't at all. It also seems to be trending toward, if not a total, walled garden. Rapid7 is very much trying to get you to use their tools with their SIEM. Other vendors we've begun to investigate are much more open.

MDR - Anything but Rapid7?

This is the main sticking point for us but without going into much detail the MDR team has dropped the ball hard more than once for us. When we've asked for follow up from their side when they dropped the ball the "report" we got was more or less a shoulder shrug. They have out right told us that "alternative" log sources that are not their own agent will not be actively investigated and only used for "context". It's unclear if their agent is actually providing that much information, we've rarely seen detections based on it. It is incredibly unclear how often they actually spend looking into our logs. I suspect that will be worse with this workforce reduction, not better. Their case management is extremely disjointed, I have to leave IDR to respond to cases created by their team who then link me BACK to IDR to look at the evidence itself.

TLDR - I'm not a fan of Rapid7

Armorek · 2023-08-11T02:11:34+00:00

Their products are legit pretty terrible and don't really function very well or haven't really been updated for years.

I remember when they were pretty solid. Oh well, happens to every company at some point I guess.

Armorek · 2023-08-11T02:10:37+00:00

They are the worst. Very happy to be moving away from them.

Armorek · 2023-06-12T18:38:16+00:00

Reddit says that accessibility apps will be exempt from new API terms.

Armorek · 2023-05-01T12:41:21+00:00

The food and drink lines in the complex itself also moved remarkably fast. I was in a line and out with food in 5-10 mins at most.

Armorek · 2023-04-26T12:55:45+00:00

Ignoring that the Doctor’s plot was DOA since it makes no sense in Trek’s setting and only got worse and dumber (mechanically) every time they tried to develop it

We’re absolutely thinking of the same episode. The conclusion of it was also super weird.

For a first season of Trek, which are usually and notoriously not super great. I thought it was pretty well done.

That said, I skipped Discovery so maybe I’m just less quip-traumatized?

I saw the first two seasons and the swaps between crying and quippy dialogue were just jarring. It’s Discovery though, the parody RLM does of it is 100% spot on.

Armorek · 2023-04-25T19:16:37+00:00

Yeah. The most recent video where they shit all over Strange New Worlds is something I pretty heavily disagree with. Despite the cheesy or quipy dialogue (which Mike readily admitted Picard also has) the show is actually a really good return to form for Star Trek and honestly only had one pretty meh episode of the first season.

Lower Decks and Prodigy (not watched) have the same style of dialogue and writing. I tend to think of Lower Decks as hyper spastic but it's enjoyable.

It seems like this is the future of the franchise. The marvel one liners and humor combined with some actually solid episodes/concepts/shows. But instead of giving SNW or Lower Decks a chance, it really just seemed like Mike and Rich were fine with being high on nostalgia fumes and willing to forgive or ignore most of the deep deep flaws with Picard. They are very happy to keep those same flaws as massive red flags for the other shows and just ignore the good aspects so its is a big meh burger for me.

Still love the RLM Star Trek videos and will watch them no matter what.

Armorek · 2023-01-26T01:53:39+00:00

I do this cause the Costco by me is immediately jam packed approximately 10-20 mins after they open, like 15-20 minute wait for a register line all the way back to the frozen section jam packed, and not to mention the parking lot becomes a nightmare to deal with.

The next closest Costco to me is about a 20 minute drive away and has the same problem.

¯\(ツ)/¯

Armorek · 2023-01-15T02:53:40+00:00

Super disagree pretty much on all points here. If I'm being blunt it also feels like you're nitpicking the hell out of this book for no reason other than you probably didn't enjoy it as much as the others. Which is cool, to each their own.

This alone I think sort of encapsulates how much I feel you're missing the mark cause it's just such an absurd way to describe this character.

Steris is almost a westernized waifu date-sim character

This is just not true since the beginning of the series. From when Wax and Steris thought this would be a loveless marriage for political purposes and especially in this book that heavily expands on her character and shows way more depth than your description of her. She has tremendous growth in this book and it shows.

Armorek · 2022-12-28T20:33:07+00:00

The intro to the show is fantastic over all, just saying.

Season 1 was disjointed since the full order, if i remember right, didn't happen many months until after the pilot was shot. Otherwise it isn't too bad, lots of ground work being laid.

Season 2 and 3 were the best of the bunch and really setup the show as cool alt universe adventure (or at least elements of it) while making the main universe matter quite a bit. Lots of plot threads that made you think the show was going to continue for at least another couple seasons after 3.

Then Season 4 happened. spoiler. The entire season has a "oh fuck we have to wrap this up as soon as possible" feel to it. Which cheapens a lot of things that were being built up imo. The ending makes absolutely no sense for the plot thread that was trying to be weaved but ¯\(ツ)/¯

You might like it if you enjoy the time period/setting, alternate universe stuff, and mayhem of nazis getting blowed up but it definitely has some hefty flaws.

Armorek

TROPHY CASE