Other Deployment Options

While gathering information about your environment before and during deployment, InsightIDR provides support for organizations that use the following:

• Azure Deployments
• Multi-Domain Environments

Azure Deployment

If you use Microsoft Azure in your environment, see the following pages for instructions on how to connect InsightIDR to your Azure infrastructure and collect the following corresponding data sources:

• LDAP user and account data
• Active Directory authentication and admin activity
• DHCP Hostname to IP mapping

InsightIDR fully supports Windows assets running in a hybrid cloud, an on-premises domain, or a cloud-only domain model. However, InsightIDR only partially supports Linux deployments in these scenarios.

Deploy in Multi-Domain Environments

If you have multiple domains in your environment, it is important that you specify a default domain for all event sources. This setting ensures that InsightIDR knows which domain should be used to attribute users to, particularly when that data is not provided in the event log. A default domain can be set for all event sources when configuring user attribution settings. To use a different default domain for a specific event source, you can customize it directly in the event source’s configuration settings.

For instance, if your company has DomainA and DomainB, but both domains have a user called John Smith, a default domain specifies which user the activity originated from. In this example, the default domain is DomainA. If InsightIDR receives data from John Smith that does not specify the domain, InsightIDR attributes data to John Smith from DomainA.

Applicable Event Sources

You can configure default domains for the following event source categories:

• VPN
• Firewall
• Cloud Services
• Virus Scan
• DHCP
• Third Party Alerts