Visual Timeline for Every Alert
Each alert is displayed in a timeline form, that pre-populates with any notable behaviors associated with the user and asset. Customers report completing investigations as much as 20 times faster as they don't need to consult raw log data or jump between siloed tools.
We can see that the user account Carlos Long (clong) attempted authentication to multiple assets. This detection is possible because InsightIDR is monitoring Active Directory, DHCP, and Endpoints. Next, let's look at Asset Authentication logs.
Bring Multiple Types of Data to the Investigation
In addition to what is pre-populated for each alert, you can query your endpoints in real time, and search across network data and raw logs.
Quick Access to User and Asset Profiles
With one click, you can view a full dossier on the users and assets involved. This includes authentications, running processes, leased IP addresses, and more.
It's also easy to add other users & assets into the investigation.