Other Deployment Options

While gathering information about your environment before and during deployment, InsightIDR provides support for organizations that use the following:

• Azure Deployments
• Multi-Domain Environments

Azure Deployment

If you use Microsoft Azure in your environment, see the following pages for instructions on how to connect InsightIDR to your Azure infrastructure and collect the following corresponding data sources:

• LDAP user and account data
• Active Directory authentication and admin activity
• DHCP Hostname to IP mapping

InsightIDR fully supports Windows assets running in a hybrid cloud, an on-premises domain, or a cloud-only domain model. However, InsightIDR only partially supports Linux deployments in these scenarios.

Deploy in Multi-Domain Environments

If you have more than one Active Directory in your Windows environment, specify which domain is your default domain in order to more accurately detect users across domains and resolve any issues with user accounts.

For instance, if your company has DomainA and DomainB, but both domains have a user called John Smith, a default domain specifies which user the activity originated from. In this example, the default domain is DomainA. If InsightIDR receives data from John Smith that does not specify the domain, InsightIDR attributes data to John Smith from DomainA.

Applicable Event Sources

You can configure default domains for the following event source categories:

• VPN
• Firewall
• Cloud Services
• Virus Scan
• DHCP
• Third Party Alerts

For each configured event source, there is an option under “Advanced Event Source Settings” to specify which domain is your default.