Investigate a Triggered Alert

Every alert generated by InsightIDR will appear here on this page. Each alert is prioritized based on where the behavior typically falls in the attack chain. Instead of IP addresses, InsightIDR always shows you the users and assets involved, as well as any notable behaviors exhibited by those entities.

In the next step, we'll drill into a Lateral Movement alert and investigate.

2 of 7

Detect the Use of Stolen Credentials

Because InsightIDR ingests and correlates data across network, endpoint, and cloud, it is uniquely positioned to detect the use of compromised credentials.

If Bob logs onto the corporate VPN in Boston, and 15 minutes later, there's an Office 365 authentication from France, you'll be alerted, even though it's different accounts across different services.

Detect Unauthorized Users Accessing Restricted Assets

Any asset can be tagged as 'Restricted' in InsightIDR. An alert will fire for any new users, at which point they can be whitelisted or blacklisted.

Note that InsightIDR is smart – if it's an approved user, but from a never-before-seen asset, you'll receive an alert as well!

Automatic User and Asset Attribution

Whenever possible, InsightIDR displays the users and assets involved, saving you time retracing user activity. This is clear in every investigation created in InsightIDR.

Add and Manage Threat Intel

In addition to the pre-built detections in InsightIDR, you can also add and manage threat intelligence.

You can import your own threat feeds as well as subscribe to feeds added by our Managed Detection and Response team or other InsightIDR customers.

Learn more in our use-case: Add and Manage Threat Intelligence.

Create Custom Alerts and Scheduled Hunts

InsightIDR gives you the flexibility to create custom alerts for your environment, as well as Scheduled Hunts, which allow you to run pre-built queries on your endpoints.

Scheduled Hunts allow you to ask questions like, 'Has anyone stuck a USB key into servers?'' or 'Have there been any changes to the registry or installed services?'


Contact Us

We're happy to answer any questions you may have about Rapid7