Other Deployment Options
While gathering information about your environment before and during deployment, InsightIDR provides support for organizations that use the following:
Azure Deployment
If you use Microsoft Azure in your environment, see the following pages for instructions on how to connect InsightIDR to your Azure infrastructure and collect the following corresponding data sources:
- LDAP user and account data
- Active Directory authentication and admin activity
- DHCP Hostname to IP mapping
InsightIDR fully supports Windows assets running in a hybrid cloud, an on-premises domain, or a cloud-only domain model. However, InsightIDR only partially supports Linux deployments in these scenarios.
Deploy in Multi-Domain Environments
If you have more than one Active Directory in your Windows environment, specify which domain is your default domain in order to more accurately detect users across domains and resolve any issues with user accounts.
For instance, if your company has DomainA and DomainB, but both domains have a user called John Smith, a default domain specifies which user the activity originated from. In this example, the default domain is DomainA. If InsightIDR receives data from John Smith that does not specify the domain, InsightIDR attributes data to John Smith from DomainA.
If you do not configure a default domain, InsightIDR may incorrectly attribute user information.
Applicable Event Sources
You can configure default domains for the following event source categories:
For each configured event source, there is an option under “Advanced Event Source Settings” to specify which domain is your default.