An Interactive Profile for Each of Your Users
For each user, you can pull a complete dossier of recent activity across the endpoint, network, and cloud services. This comes from correlating multiple data sources, including Active Directory, the Insight Agent, and cloud services.
Next, we'll scroll down to see asset data and investigate Rebecca's primary asset.
Detect unauthorized users accessing restricted assets
Any asset can be tagged as 'Restricted' in InsightIDR. After defining the users authorized to access the asset, an alert will fire for any new users. Note that InsightIDR is smart – if it's an approved user, but from a never-before-seen asset, you'll also receive an alert.
Alert on Geographically Impossible Access
Since InsightIDR ingests data from multiple sources, it can detect the use of stolen credentials, even if the accounts aren't directly related.
If Rebecca logs in from corporate HQ in Boston, MA, and then 20 mins later, has an authentication to her Office 365 from Russia, InsightIDR will fire an automatic alert.
Track Notable Behavior for Faster Context
In addition to alerts and authentication behavior, InsightIDR tracks notable behavior for every user on the network. This provides valuable context during investigations and can help quickly validate alerts generated or ingested by InsightIDR.