Investigate an Asset or User
Investigate a User
- Search for a user in the top search bar, or find the user in the InsightIDR interface.
- Go to the "User Details" page.
- In the top right, select Investigate [User Name].
- Create an Investigation when the box appears.
- Add other assets or users to the investigation, and then press Save.
- Add Data to the Investigation, assign the investigation to someone on your team, or add investigation notes.
- If you need more evidence, you can configure Scheduled Forensics to gather information for you.
- Take Action by using an automated workflow to disable a user with multiple plugins or the Insight Agent.
Investigate an Asset
- Go to the Investigations page on the left hand menu of InsightIDR.
- Create an Investigation.
- Add the suspicious asset(s) to the investigation, and then press Save.
- Add other Data to the Investigation, assign the investigation to someone on your team, or add investigation notes.
- If you need more evidence, you can configure Scheduled Forensics to gather information for you.
- Take action by using an automated workflow from multiple plugins or Insight Agent actions.
Did this page help you?