Products
- Cloud Risk Complete
  Cloud Security with Unlimited Vulnerability Management
  Explore Offer
- Managed Threat Complete
  MDR with Unlimited Risk Coverage
  Explore offer
Services
Support & Resources
Company
RESEARCH
Sign In

InsightIDR

Products
- Cloud Risk Complete
  Cloud Security with Unlimited Vulnerability Management
  Explore Offer
- Managed Threat Complete
  MDR with Unlimited Risk Coverage
  Explore offer
Services
Support & Resources
Company
RESEARCH

Sign In

Documentation
InsightIDR
Release Notes

Getting Started with InsightIDR

InsightIDR Overview
Essential | Quick Start Guide
Advanced | Quick Start Guide
Ultimate | Quick Start Guide

Setup and Deployment

System Requirements
- Setting Up a Service Account
Network and Environment Audit
Ports Used by InsightIDR
Collector Overview
Insight Agent
- Configure the Insight Agent to Send Additional Logs
- Microsoft Windows Defender Antivirus
Endpoint Scan
FIM Recommendations
Other Deployment Options

Automation

Get Started with ABA Automation
Get Started with UBA and Custom Alert Automation
- Alert Triggers for UBA detection rules and Custom Alerts
Insight Orchestrator Overview
- Configure Connections For Automation
- Automation Workflow Templates
Automation Workflows
Automated Enrichment Workflows
- Enrich Alert Data with Open Source Plugins
Automation Troubleshooting
Send InsightConnect Events to InsightIDR

How To

Manage Credentials
Search Your Logs
Transform Logs to Universal Event Format
Delete and Reinstall a Collector
Deploy Deception Technology
Investigate an Asset or User
Integrate Other Rapid7 Products
- Integrate Metasploit
- Integrate InsightVM
Manage Event Sources
- Edit Event Sources
- Copy Event Sources to a New Collector
Export Data
Access AWS Resources with EC2 IAM Roles
Monitor Your Security Operations Activities

Concepts and Usage

Rapid7 Resource Names
Detection Rules
Alerts
Investigations
Investigate Threat Command Alerts
Assets on Your Domain
Dashboards and Reports
Deception Technology
File Access Activity Monitoring
File Integrity Monitoring
- File Integrity Monitoring for Linux
- Search Logs for FIM Events
Log Search
Network Rules
Network Traffic Analysis
InsightIDR REST API
- Platform Audit Logs API
Threats
- Utilize Existing Threats
- Add and Manage Threats
Users and Accounts on Your Domain
Quick Actions
Data Storage and Retention FAQs

Detection Library

Overview
ABA: Rules by Threat
ABA: Rules by Endpoint
UBA Detection Rules

Event Source Configuration

InsightIDR Event Sources
Data Collection Methods
Advanced Event Source Settings
Monitor Event Source Health
Event Source Troubleshooting
Auto Configure
Active Directory
- Troubleshooting Active Directory
Advanced Malware
- FireEye NX
Cloud Services
Data Exporter
Microsoft SQL Database Audit Logs
DHCP
DNS
Email & ActiveSync
- OWA/ActiveSync
Firewall
IDS
Ingress Authentication
- Zscaler LSS
LDAP
- LDAP Troubleshooting
- AWS Managed Microsoft AD
Universal Event Sources
Raw Data
Log Aggregators
Third Party Alerts
Virus Scan
VPN
Web Proxy

Administration

Monthly Data Usage
Browser Settings
Email Alerts
User Management
Single Sign-On

Release Notes

InsightIDR release notes

Support

Contact the Rapid7 Support team
Share an idea with Rapid7

Getting Started with InsightIDR

InsightIDR Overview
Essential | Quick Start Guide
Advanced | Quick Start Guide
Ultimate | Quick Start Guide

Setup and Deployment

System Requirements
- Setting Up a Service Account
Network and Environment Audit
Ports Used by InsightIDR
Collector Overview
Insight Agent
- Configure the Insight Agent to Send Additional Logs
- Microsoft Windows Defender Antivirus
Endpoint Scan
FIM Recommendations
Other Deployment Options

Automation

Get Started with ABA Automation
Get Started with UBA and Custom Alert Automation
- Alert Triggers for UBA detection rules and Custom Alerts
Insight Orchestrator Overview
- Configure Connections For Automation
- Automation Workflow Templates
Automation Workflows
Automated Enrichment Workflows
- Enrich Alert Data with Open Source Plugins
Automation Troubleshooting
Send InsightConnect Events to InsightIDR

How To

Manage Credentials
Search Your Logs
Transform Logs to Universal Event Format
Delete and Reinstall a Collector
Deploy Deception Technology
Investigate an Asset or User
Integrate Other Rapid7 Products
- Integrate Metasploit
- Integrate InsightVM
Manage Event Sources
- Edit Event Sources
- Copy Event Sources to a New Collector
Export Data
Access AWS Resources with EC2 IAM Roles
Monitor Your Security Operations Activities

Concepts and Usage

Rapid7 Resource Names
Detection Rules
Alerts
Investigations
Investigate Threat Command Alerts
Assets on Your Domain
Dashboards and Reports
Deception Technology
File Access Activity Monitoring
File Integrity Monitoring
- File Integrity Monitoring for Linux
- Search Logs for FIM Events
Log Search
Network Rules
Network Traffic Analysis
InsightIDR REST API
- Platform Audit Logs API
Threats
- Utilize Existing Threats
- Add and Manage Threats
Users and Accounts on Your Domain
Quick Actions
Data Storage and Retention FAQs

Detection Library

Overview
ABA: Rules by Threat
ABA: Rules by Endpoint
UBA Detection Rules

Event Source Configuration

InsightIDR Event Sources
Data Collection Methods
Advanced Event Source Settings
Monitor Event Source Health
Event Source Troubleshooting
Auto Configure
Active Directory
- Troubleshooting Active Directory
Advanced Malware
- FireEye NX
Cloud Services
Data Exporter
Microsoft SQL Database Audit Logs
DHCP
DNS
Email & ActiveSync
- OWA/ActiveSync
Firewall
IDS
Ingress Authentication
- Zscaler LSS
LDAP
- LDAP Troubleshooting
- AWS Managed Microsoft AD
Universal Event Sources
Raw Data
Log Aggregators
Third Party Alerts
Virus Scan
VPN
Web Proxy

Administration

Monthly Data Usage
Browser Settings
Email Alerts
User Management
Single Sign-On

Release Notes

InsightIDR release notes

Support

Contact the Rapid7 Support team
Share an idea with Rapid7

ESET Antivirus

ESET Antivirus has reached end of life

The ESET Antivirus event source is no longer sending logs to InsightIDR as the product has reached end of life. For more information, visit: https://support-eol.eset.com/en/

Did this page help you?

Event Source Configuration

Event Source Configuration

Kaspersky Anti-Virus

CUSTOMER SUPPORT

+1-866-390-8113 (Toll Free)

SALES SUPPORT

+1-866-772-7437 (Toll Free)

Need to report an Escalation or a Breach?

SOLUTIONS

All Solutions Industry Solutions Compliance Solutions

SUPPORT & RESOURCES

Product Support Resource Library Our Customers Events & Webcasts Training & Certification IT & Security Fundamentals Vulnerability & Exploit Database

ABOUT US

Company Diversity, Equity, and Inclusion Leadership News & Press Releases Public Policy Open Source Investors

CONNECT WITH US

Contact Blog Support Login Careers

© Rapid7

|

|

|

Trust