User Tags
Copy link

SIEM (InsightIDR) applies tags to users in your network to help you quickly identify useful information.

SIEM (InsightIDR) User Tags
Copy link

These tags may be applied by SIEM (InsightIDR) to all types of users:

  • Watchlist: This tag identifies users that are on the User Watchlist.
  • Never Expires: This tag identifies users with non-expiring passwords.
  • Present: This tag identifies users that have been present across identity providers in the last 30 days. This also provides an overview of the identity directories the user is present in.
  • Active: This tag identifies users who are active in your directories. This also provides an overview of the identity directories the user is active in.
  • Disabled: This tag identifies users that have been disabled in identity directories. This also provides an overview of the identity directories the user has been disabled in.
  • Removed: This tag identifies users that have not been present across identity directories in the last 30 days. This also provides an overview of the identity directories the user is removed from.
  • Admin groups: This tag identifies users who belong to admin groups with elevated privileges. This also provides an overview of the various identity directories that the user has admin permissions in.

Admin Account Tags
Copy link

These tags may be applied by SIEM (InsightIDR) to admin users:

  • AWS Admins: This tag identifies users that are AWS admins.
  • OKTA Admins: This tag identifies users that are OKTA admins.
  • O365 Admins: This tag identifies users that are Microsoft Office 365 admins.
  • Google Admins: This tag identifies users that are Google admins.
  • Box Administrators: This tag identifies users that are Box.com admins.
  • LDAP Admins: This tag identifies users that are LDAP admins. If an account is an LDAP admin, SIEM (InsightIDR) displays the admin groups they’re in. If an admin user is in multiple admin groups, SIEM (InsightIDR) will display a tag with the number of groups the user is in. You can hover over this tag to see which groups the admin user is in.
  • Azure AD Admins: This tag identifies users that are Azure AD admins.
  • ZScaler Admins: This tag identifies users that are ZScaler admins.
Admin account tags