Edit Event Sources

You can make changes to event source settings after completing your initial setup, provided these settings are configurable. To do so, you must have a user account that allows you to view and make changes to Data Collection Management.

Renaming an event source may impact other areas of the product. For example, in some cases you may need to update any basic detection rules (formerly known as custom alerts), custom dashboards, or saved queries that were previously linked to the renamed event source.

How to edit an event source

  1. From the InsightIDR left menu, select Data Collection. The Data Collection Management page opens.
  2. Select the Event Sources tab.
  3. Find the event source you want to update, and click Edit. This opens the configuration panel.
  4. Make your changes, and click Save.

Renaming an event source

When you rename an event source, InsightIDR synchronizes any associated logs with the renamed event source, but depending on your use case you may need to update any associated basic detection rules (formerly known as custom alerts), saved queries, and dashboards.

  • If the new name isn’t already in use and there is only 1 event source associated with your current log, InsightIDR renames the log without any additional mapping. There is no impact to your saved queries and dashboards, and no further action is needed.
  • If the new name isn’t already in use but there is more than 1 event source associated with the current log, InsightIDR creates a new log with the new name and maps all event source logs to it. In this case, you will need to update any saved queries and dashboards in order to use this new log.
  • If you rename the event source, and existing logs already use that use that name, InsightIDR maps the event source to the existing log with the new name. You will need to update any saved queries and dashboards to use this new log.