The Insight Agent will start collecting data immediately after installation. From that point forward, collection intervals vary by product on a per-asset basis:
Every 6 hours
Every 2 minutes
Every 30 seconds*
Console sync interval with Insight platform
* The Insight Agent collects data for InsightOps in certain non-interval situations:
Log following is triggered when the log is actively being written.
This console sync interval is adjustable up to 12 hours
You can configure your Security Console to synchronize with the Insight platform at a different rate than is shown in this table. See the Modify Security Console Sync Interval page for instructions.
The Insight Agent authenticates using TLS 1.2 client authentication. When you deploy the Insight Agent, the deployment includes a private SSL key representing your organization. This key is used to authenticate and authorize your agent with the Insight platform.
For InsightOps log data, an API token is used to authenticate the Insight Agent instead of TLS client authentication. Log data is encrypted in transit via TLS.
The agent can communicate directly to the Insight platform, or proxy communication through Insight collectors on your network. Finding the best route to the Insight platform occurs automatically or can be configured in advanced use cases.
Data collected by the Insight Agent varies by product:
Select security log event codes
Select system event codes
Protocol poisoning traps
File audit logs
Basic asset identification information
File version and package information
Log file contents
Resource utilization metrics
*- Windows only.
**- Applies to edits, moves, and deletions of Windows file shares and create, write, and delete activities on Linux machines.
***- Endpoint job.
****- The InsightOps component of the Insight Agent does not currently support the collection of event logs from assets acting as domain controllers. See the Windows section of the InsightOps - Configure the Insight Agent to Send Logs page for alternative methods for this use case.
File Integrity Monitoring
If you are an InsightIDR customer, you can track file event logs, such as when a file is edited, moved, or deleted if you configure File Integrity Monitoring (FIM). Learn more about FIM.