insightIDR

Response and Automation

Try Now

You weren’t made for monotonous, manual tasks

Everyone knows security teams are short-staffed and overworked. Efficient operation is the only way out. Automation helps reduce repetitive, manual work, while integrations help cut down on the number of tabs you might need open to handle an event. InsightIDR, offers a number of automation features, including prebuilt workflows for containing threats on an endpoint, suspending user accounts, and integration with ticketing systems. It’s also easy to kick off any workflow or response playbook with the click of a button: InsightIDR seamlessly integrates with InsightConnect. And with expert response suggestions built into our detections library, teams always know what to do next. InsightIDR remembers the R in XDR.

insightidr-alert-enrichment-feature-video.png

Automate repetitive security tasks

Multiple automation workflows allow you to respond to security events as they emerge on your network. You can configure these workflows to automate all the manual drudgery that can dominate your day.

Rely on prebuilt workflows

InsightIDR has prebuilt workflows for containing threats on an endpoint, suspending user accounts, and integration with ticketing systems. You’ll see enrichment via open source threat intelligence added to this list of workflows, as well as the ability to trigger any of these workflows (or seamlessly integrated InsightConnect workflows) off of alerts. It’s easy to kick off any workflow or response playbook with the click of a button. And with expert response suggestions built into our detections library, you’ll know what to do faster.

Get critical use cases out-of-the-box

When investigating threats in InsightIDR, you not only get important context, but you can take immediate steps to contain or respond to a threat. For example, with the Insight Agent, you can kill malicious processes or quarantine infected endpoints from the network. You can also use InsightIDR to take containment actions across Active Directory, Access Management, EDR, and firewall tools.

Provision and deprovision user accounts

Whenever you get an alert in InsightIDR, notable user and asset behavior is shown on a visual investigation timeline. Not only do you have the necessary context to make a decision regarding a user account, but you can take action directly from an investigation to contain the threat. Supported vendors include Active Directory and Okta for user-level containment.

Automatically enrich alerts

Enrich investigations and User Behavior Analytics alerts with open-source or supported threat intelligence feeds through prebuilt workflows in InsightIDR, or via InsightConnect for even more extensibility.

Customize automation with InsightConnect

Streamline and accelerate highly manual, time-intensive, processes 24 hours a day. across IT and Security cloud apps, on-premise systems, employees, and administrators. With more than 300 plugins to connect your IT and security systems — and a library of customizable workflows — you’ll free up your security team to tackle the serious challenges only they can. And when you build your own rich workflows, there’s low-to-no coding involved.

Toolkit: How to Optimize Security Operations with Automation

View Toolkit