Investigate an Asset or User

Investigate a User

  1. Search for a user in the top search bar, or find the user in the InsightIDR interface.
  2. Go to the "User Details" page.
  3. In the top right, select Investigate [User Name].
  4. Create an Investigation when the box appears.
  5. Add other assets or users to the investigation, and then press Save.
  6. Add Data to the Investigation, assign the investigation to someone on your team, or add investigation notes.
  7. If you need more evidence, you can configure Scheduled Forensics to gather information for you.
  8. Take Action by using an automated workflow to disable a user with multiple plugins or the Insight Agent.

Investigate an Asset

  1. Go to the Investigations page on the left hand menu of InsightIDR.
  2. Create an Investigation.
  3. Add the suspicious asset(s) to the investigation, and then press Save.
  4. Add other Data to the Investigation, assign the investigation to someone on your team, or add investigation notes.
  5. If you need more evidence, you can configure Scheduled Forensics to gather information for you.
  6. Take action by using an automated workflow from multiple plugins or Insight Agent actions.