"realtime" job fails for Linux assets
For InsightIDR users, Linux assets with the Insight Agent must have the
auditd service disabled for the realtime job to run. If the
realtime job fails, check for and disable the
auditd service on affected Linux assets.
Blocked Outgoing Broadcasts on UPD 137 (NetBIOS)
You may see that the Rapid7 Insight Agent blocks outgoing broadcasts on UDP 137.
This is because the Insight Agent will send out an anonymously crafted NBT UDP broadcast packet in hopes that an Attacker (usually running responder) will respond by masquerading as the "resource" that the Insight Agent randomly generated.
If the Insight Agent sees a response to that crafted packet, it will trigger an event from the Insight Agent which fires off an alert in InsightIDR.