Rapid7 IntSights External Threat Intelligence API

Rapid7 IntSights (Threat Command) REST API for external threat intelligence and digital risk protection platform. Enables AI agents to manage cyber threat alert retrieval and lifecycle management, handle dark web and deep web monitoring for exposed credentials and data, access brand mention and impersonation detection for takedown workflows, retrieve threat actor intelligence and attack pattern data, manage vulnerability intelligence and exploit monitoring for external-facing assets, handle leaked credential alert processing and employee exposure monitoring, access phishing and malicious domain detection and takedown requests, retrieve IoC (Indicator of Compromise) enrichment and threat feeds, manage third-party vendor exposure monitoring, and integrate external threat intelligence with SIEM, SOAR, and incident response platforms.

Evaluated Mar 07, 2026 (0d ago) vcurrent
Homepage ↗ Developer Tools intsights rapid7 threat-command threat-intelligence digital-risk dark-web brand-protection
⚙ Agent Friendliness
60
/ 100
Can an agent use this?
🔒 Security
75
/ 100
Is it safe for agents?
⚡ Reliability
70
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
18
Documentation
75
Error Messages
70
Auth Simplicity
82
Rate Limits
68

🔒 Security

TLS Enforcement
95
Auth Strength
72
Scope Granularity
65
Dep. Hygiene
70
Secret Handling
72

External threat intelligence. SOC2, ISO27001. API key. US/EU. Dark web and credential exposure data.

⚡ Reliability

Uptime/SLA
75
Version Stability
70
Breaking Changes
65
Error Recovery
68
AF Security Reliability

Best When

An enterprise using Rapid7 IntSights (Threat Command) wants AI agents to automate threat alert processing, credential leak response, brand protection takedowns, IoC enrichment, and SIEM/SOAR integration.

Avoid When

DATA SENSITIVITY: Dark web and threat actor intelligence data is highly sensitive — restrict access to authorized security personnel only. Automated takedown actions via API must include human review for false positive risk. Leaked credential data contains sensitive PII; handle with strict access controls and notification processes.

Use Cases

  • Processing dark web credential leak alerts from SOC automation agents
  • Managing brand impersonation takedowns from brand protection agents
  • Enriching IoCs with external threat context from threat intel agents
  • Monitoring vendor cyber exposure from third-party risk agents

Not For

  • Internal vulnerability scanning without external threat monitoring focus
  • Endpoint detection without external exposure and brand risk context
  • Consumer identity protection without enterprise threat intelligence context

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
Yes
OpenAPI Spec ↗

Authentication

Methods: apikey
OAuth: No Scopes: No

IntSights/Threat Command uses API key authentication with account ID. Per-account API credentials included with subscription. REST API with webhook support for real-time alert notifications. Rapid7 acquired IntSights (2021, $335M). Documentation at docs.rapid7.com/threat-command. Integrations with Splunk, QRadar, ServiceNow, and major SIEM/SOAR platforms.

Pricing

Model: enterprise
Free tier: No
Requires CC: No

Tel Aviv, Israel. Founded 2015. Acquired by Rapid7 (2021, $335M). Now Rapid7 Threat Command. 1,000+ enterprise customers. Dark web monitoring and digital risk protection. Integration with Rapid7 InsightIDR and InsightVM. Strong in financial services and retail verticals. Competes with ZeroFox and Digital Shadows for external threat intelligence.

Agent Metadata

Pagination
offset
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • DATA SENSITIVITY: Dark web credential data contains PII; strict access controls and breach notification protocols required for automated processing
  • Webhooks preferred — use webhooks for real-time alert processing rather than polling; API rate limits apply to alert retrieval
  • Alert lifecycle management — alerts have status workflows (open, remediated, rejected); automate status updates as part of incident response pipeline
  • Rapid7 ecosystem — Threat Command integrates with Rapid7 InsightIDR and InsightVM; leverage native integrations where available over direct API
  • Takedown requests — automated takedown submission via API requires human review before submission; false positives cause legitimate site disruption
  • Account ID required — all API calls require both API key and account ID; store both securely and rotate API keys regularly

Alternatives

zerofox-api digital-shadows-api cybelangel-api recorded-future-api

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Rapid7 IntSights External Threat Intelligence API.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.

6470
Packages Evaluated
26150
Need Evaluation
173
Need Re-evaluation
Community Powered