Raw Data
Unlike user attribution event sources, Raw Data is ingested in the product to contextualize other data. Using raw logs will enhance these specific features:
- Log search
- Dashboards and reporting
- Basic detection rules
Raw data is intended for log searches and allows you to look for specific details. While it is best to have an Event Log in a specific format, ultimately SIEM (InsightIDR) will accept any text based log for the Event Log from your environment.
Collected Data
Data from raw logs may include some or all of the following information:
- Timestamp
- Host Name
- Event Code
- Description
- Package Name
- Target User Name
- Workstation
- Status
Further Recommendations
SIEM (InsightIDR) is designed to ease Search and Analytics across your entire environment. To ensure you can perform all necessary investigative steps in one place, you should:
- Transmit security logs and deploy agents.
- Transmit any other potentially useful data for searching, such as custom application logs.