Visual Timeline for Every Alert
For every alert generated in InsightIDR, a timeline filled with user and asset context is automatically built out. In this case, we don't know which user authenticated on the asset – only that remote file execution was detected. We have a few options from here. We'll start with the Evidence tab for more context, and then take a closer look at the running processes on the asset.
Detect Common Attacker Behavior
InsightIDR can detect the use of Meterpreter, along with many other stealthy tools and techniques that exploit system vulnerabilities.
Bring Multiple Types of Data to the Investigation
In addition to what is pre-populated for each alert, you can query your endpoints in real time, and search across network data and raw logs.