Raw Data

Unlike user attribution event sources, Raw Data is ingested in the product to contextualize other data. Using raw logs will enhance these specific features:

  • Log search
  • Dashboards and reporting
  • Basic detection rules

Raw data is intended for log searches and allows you to look for specific details. While it is best to have an Event Log in a specific format, ultimately InsightIDR will accept any text based log for the Event Log from your environment.

Collected Data

Data from raw logs may include some or all of the following information:

  • Timestamp
  • Host Name
  • Event Code
  • Description
  • Package Name
  • Target User Name
  • Workstation
  • Status

Further Recommendations

InsightIDR is designed to ease Search and Analytics across your entire environment. To ensure you can perform all necessary investigative steps in one place, you should:

  1. Transmit security logs and deploy agents.
  2. Transmit any other potentially useful data for searching, such as custom application logs.