Automate repetitive security tasks
Multiple automation workflows allow you to respond to security events as they emerge on your network. You can configure these workflows to automate all the manual drudgery that can dominate your day.
Rely on prebuilt workflows
InsightIDR has prebuilt workflows for containing threats on an endpoint, suspending user accounts, and integration with ticketing systems.
You’ll see enrichment via open source threat intelligence added to this list of workflows, as well as the ability to trigger any of these workflows (or seamlessly integrated InsightConnect workflows) off of alerts.
It’s easy to kick off any workflow or response playbook with the click of a button. And with expert response suggestions built into our detections library, you’ll know what to do faster.
Get critical use cases out-of-the-box
When investigating threats in InsightIDR, you not only get important context, but you can take immediate steps to contain or respond to a threat. For example, with the Insight Agent, you can kill malicious processes or quarantine infected endpoints from the network. You can also use InsightIDR to take containment actions across Active Directory, Access Management, EDR, and firewall tools.
Provision and deprovision user accounts
Whenever you get an alert in InsightIDR, notable user and asset behavior is shown on a visual investigation timeline. Not only do you have the necessary context to make a decision regarding a user account, but you can take action directly from an investigation to contain the threat. Supported vendors include Active Directory and Okta for user-level containment.
Automatically enrich alerts
Enrich investigations and User Behavior Analytics alerts with open-source or supported threat intelligence feeds through prebuilt workflows in InsightIDR, or via InsightConnect for even more extensibility.
Customize automation with InsightConnect
Streamline and accelerate highly manual, time-intensive, processes 24 hours a day. across IT and Security cloud apps, on-premise systems, employees, and administrators.
With more than 300 plugins to connect your IT and security systems — and a library of customizable workflows — you’ll free up your security team to tackle the serious challenges only they can. And when you build your own rich workflows, there’s low-to-no coding involved.