Simple Search with Log Entry Query Language (LEQL)
Here we've added the search query in. We're asking the question, 'For the firewall activity over the chosen time period, which users are generating the most activity?'' The answer will be displayed as a chart, going from most to least events.
This is only possible because InsightIDR enriches the log data by tying IP address > asset > user activity together.
Save Queries for Easy Access
By clicking on the star, you can save a query for future use. These saved queries highlight the simplicity and flexibility of LEQL.
Choose the Time Frame You Want
Whether it's the past hour or the past month, easily filter to the range you want.