Investigate a Triggered Alert
On the Investigations page, we've filtered down to a few alert types. Luckily, this alert has only fired one time on May 10, but we can see that the attack was detected 30 times on the asset. After looking at some of the pre-built detections in InsightIDR, let's click into the Remote File Execution alert to investigate.
Pre-built Detections, no Rule Writing Required
When you're spending so much time writing and tuning detection rules in your environment, you might report feeling like a vendor developer.
InsightIDR uses multiple detection technologies – UBA, Deception, and EDR – all with the goal of finding intruders quickly.
No writing rules or parsing through hundreds of false-positive alerts required.
Create Custom Alerts and Scheduled Hunts
InsightIDR gives you the flexibility to create custom alerts for your environment, as well as Scheduled Hunts, which allows you to run pre-built queries on your endpoints.
Scheduled Hunts allows you to ask questions like, 'Has anyone stuck a USB key in servers?' or 'Have there been any changes to the registry or installed services?'
Detect Horizontal Bruteforcing with Honey Users
We've learned from our pen test teams & incident responders that attackers often guess common passwords (e.g. Spring2017!) across many accounts.
As it only shows up as a single failed authentication on each account, no lockouts occur.
With Honey Users in InsightIDR, you are alerted as soon as a single guess is made against fake accounts.
Detect Anomalous Lateral Movement
When an attacker moves from machine to machine in your environment, looking to loot valuable information, that's lateral movement.
InsightIDR baselines normal authentication patterns on your network and will immediately alert you on suspicious behavior.
For more, check out our use case on Investigating Lateral Movement.