Raw Data
Copy link

Unlike user attribution event sources, Raw Data is ingested in the product to contextualize other data. Using raw logs will enhance these specific features:

  • Log search
  • Dashboards and reporting
  • Basic detection rules

Raw data is intended for log searches and allows you to look for specific details. While it is best to have an Event Log in a specific format, ultimately SIEM (InsightIDR) will accept any text based log for the Event Log from your environment.

Collected Data
Copy link

Data from raw logs may include some or all of the following information:

  • Timestamp
  • Host Name
  • Event Code
  • Description
  • Package Name
  • Target User Name
  • Workstation
  • Status

Further Recommendations
Copy link

SIEM (InsightIDR) is designed to ease Search and Analytics across your entire environment. To ensure you can perform all necessary investigative steps in one place, you should:

  1. Transmit security logs and deploy agents.
  2. Transmit any other potentially useful data for searching, such as custom application logs.