Add and Manage Threat Intelligence with InsightIDR
InsightIDR integrates with your existing network and security stack to relentlessly hunt threats. Once InsightIDR starts ingesting data from across your environment, you can add and manage threat intel. This includes intelligence you've gathered from your business, third parties, or intel we have curated from our Managed Detection and Response team.
In this use-case, we'll head to Configure Threats on the top right, add new intel, check out the Threat Community, and investigate an alert generated by threat intelligence.
Detect Anomalous Lateral Movement
When an attacker moves from machine to machine in your environment, looking to loot valuable information, that's lateral movement.
InsightIDR baselines normal authentication patterns on your network and will immediately alert you on suspicious behavior.
For more, check out our use-case on Investigating Lateral Movement.
Detect the Use of Stolen Credentials
Because InsightIDR ingests and correlates data across network, endpoint, and cloud, it is uniquely positioned to detect the use of compromised credentials.
If Bob logs onto the corporate VPN in Boston, and 15 minutes later, there's an Office 365 authentication from France, you'll be alerted, even though it's different accounts across different services.
Detect unauthorized users accessing restricted assets
Any asset can be tagged as 'Restricted' in InsightIDR. An alert will fire for any new users, at which point they can be whitelisted or blacklisted.
Note that InsightIDR is smart – if it's an approved user, but from a never-before-seen asset, you'll receive an alert as well!
Automatic User and Asset Attribution
Whenever possible, InsightIDR displays the users and assets involved, saving you time retracing user activity.
Later in this use case, we'll investigate an alert generated by threat intelligence.