Explore the Main Threats Page
On the main page, you'll find all of the Threat Indicators that InsightIDR is monitoring for. These are matched against multiple sources of data, including DNS queries, firewall traffic, web proxy traffic, and endpoint data collected by the Insight Agent. Here you'll see Threats that you have added for your organization, as well as Threats you've subscribed to.
Once you've explored this page, we'll head to the top right of the screen, and add a threat into InsightIDR.
How Effective Is My Threat Intel?
For each Threat, InsightIDR will highlight key metrics to help you manage your indicators.
This includes warning about older intel and tracking the overall fidelity of the alerts as seen by your org and the community.
Subscribed vs Owned Threats
In addition to adding your existing threat intel into InsightIDR, you'll have two new pools of information: intel curated by our Managed Detection and Response team, and intel shared by other InsightIDR customers!
Any threat that you create can be marked as public to share it with the community.