Visual Timeline for Every Alert

This is the investigation timeline for a 'Honeypot Access' alert that triggered on March 27 and March 30. Since they involve the same user, it's automatically brought together. Let's look at the information we have available to piece together what happened.

2 of 6

Immediate Context with Notable Behavior

As InsightIDR ties IP address > asset > user activity together, it automatically populates the investigation timeline with relevant information.

In this case, we know that Gene Bradley's account attempted a connection to the Honeypot, so any notable behavior associated with his user accounts or assets are also presented here.

There's a number of virus alerts that have triggered on his endpoint - this alert is less likely to be a false-positive.

Filter to What You Want

For every investigation, you can choose the time range to work with and what types of info appear on the timeline.

Automatic User and Asset Attribution

Whenever possible, InsightIDR displays the users and assets involved, saving you time retracing user activity.

Later in the investigation, we'll drill into Gene's user profile to see his activity in a single place.


Contact Us

We're happy to answer any questions you may have about Rapid7