Quick Actions

Quick Actions are pre-configured automation actions you can run within InsightIDR to get the answers you need fast. Utilize Quick Actions to make the Investigative process more efficient and improve confidence in analyst decision-making while remaining in the context of the Investigation. You can leverage Quick Actions with no configuration required, without deploying an orchestrator or creating a single connection.

Requirements

To use Quick Actions, you’ll need one of the following subscriptions:

• InsightIDR Ultimate
• InsightIDR Advanced package with an InsightConnect license

How to use Quick Actions

Quick actions can be run from any page within InsightIDR by clicking the Quick Action icon located in the top navigation bar. To run a Quick Action, select a pre-configured Quick Action from the dropdown, provide the action input and click Run. Each action expects a certain input, such as an IP Address, Email Address, File Hash, Domain, Vulnerability, or some similar indicator.

Review Quick Action results

When your action completes, the results display within the Quick Action panel. From here, the results can be copied, downloaded, and toggled between formatted and raw JSON views. If you want to take additional actions from here, simply copy any relevant data to your clipboard for use as input in your next action.

You can view your InsightIDR Quick Action history through InsightConnect. To view the results of previously run actions, navigate to the History tab of the Quick Actions page. From here, you can view a record of each action that has been run, the date and time of when it was run, the user who ran the action, and the status of the action. To see the inputs and outputs of the action, click the action name.