Visual Timeline for Every Alert
This is the investigation timeline for a 'Honeypot Access' alert that triggered on March 27 and March 30. Since they involve the same user, it's automatically brought together. Let's look at the information we have available to piece together what happened.
Immediate Context with Notable Behavior
As InsightIDR ties IP address > asset > user activity together, it automatically populates the investigation timeline with relevant information.
In this case, we know that Gene Bradley's account attempted a connection to the Honeypot, so any notable behavior associated with his user accounts or assets are also presented here.
There's a number of virus alerts that have triggered on his endpoint - this alert is less likely to be a false-positive.
Filter to What You Want
For every investigation, you can choose the time range to work with and what types of info appear on the timeline.
Automatic User and Asset Attribution
Whenever possible, InsightIDR displays the users and assets involved, saving you time retracing user activity.
Later in the investigation, we'll drill into Gene's user profile to see his activity in a single place.