System Requirements

Before you can start using InsightIDR, make sure that you’ve met the following requirements in your environment:

Collector Requirements

See Collector Requirements for specific details.

Insight Agent Requirements

When you install the Insight Agent on your endpoints and assets, make sure that the agent can communicate back to the Collector through TCP on the following Collector ports:

  • 5508
  • 6608
  • 8037

If you are using the Collector for Endpoint Monitoring, please also ensure the following ports are open:

  • 5508
  • 6608
  • 20000 – 30000

See the Insight Agent for more information.

Insight Agent OS Requirements

See the Insight Agent requirements for what operating systems can support the Insight Agent.

Honeypot Requirements

The honeypot is a VMware formatted OVA running 1GB RAM and 10GB disk space. It requires a fully qualified domain name (FQDN).

A honeypot uses the following resources:

  • 1 CPU
  • 1GB RAM
  • 10 GB hard disk space

Honeypot deployment and communication with the Insight platform is very similar to a Collector. If you haven't already, you must whitelist the following URLs in firewalls and web proxies as necessary for Honeypot deployment:

See Honeypots for more deployment information.

Foundational Event Source Requirements

Please refer to the Foundational Event Sources page for detailed information.

Service Accounts Permission Requirements

InsightIDR requires that you configure at least one account in each Windows domain that has permissions to collect event logs in the domain. Depending on your environment, this account will be used to collect:

  • Domain Controller Security Logs with the Active Directory event source.
  • User and group information from the Windows domain using the LDAP event source.
  • Microsoft DHCP logs using the Microsoft DHCP event source.
  • Microsoft DNS logs using the Microsoft DNS event source.
  • Microsoft OWA/ActiveSync logs using the Microsoft Outlook Web Access/ActiveSync event source.

You may create one account and use it for the collection of all of the event sources. However, you can also create separate service accounts for each different type of log collection.

See Service Accounts for more information.