Owned and Ignored Domains

Owned domains are domains that are either owned or controlled by your organization. InsightIDR will detect attempts to spoof these domains, like an attacker using rap1d7.com instead of rapid7.com. Once a spoof domain is detected, the tool will notify you when users visit or receive emails from those domains. Only the public suffix, like " .com", ".org", and ".co.uk", and first subdomain will be considered. This is used for the Spear Phishing URL detection incident.

Ignored domains are domains that you do not wish for InsightIDR to report. These may be similar to your owned domains, but were improperly identified by InsightIDR, or may be completely innocuous. This list can also be populated by selecting the "Ignore Domain" option when closing an investigation.

Tag a Domain

To mark a domain as owned or ignored:

  1. From the InsightIDR homepage, go to Settings > Tagged Domains.
  2. Specify owned and ignored domains as needed.
    • To tag a domain as owned, enter the domain name in the field provided under the "Owned domains" section.
    • To tag a domain to ignore, enter the domain name in the field provided under the "Ignored domains" section.

NOTE - Minimum character requirement

Any domain that you specify as either owned or ignored must be at least four characters in length.

  1. Click the appropriate Submit button.