Dec 17, 202120211217


Customer Requested
  • Priority for Custom Alerts: You can now set a priority level for Custom Alerts. The priority will be applied to all investigations created by the alert, helping you sort and filter investigations according to criticality.
  • CylanceProtect Cloud Event Source: You can now configure CylancePROTECT cloud to send events to InsightIDR to generate virus infection and third-party alerts.
  • Rapid7 Resource Name (RRN): InsightIDR will now automatically embed Rapid7 Resource Names (RRN) in logs with the attributed user, asset, account, or local account information, providing a guaranteed stable identifier, which can be used to make searching easier. RRNs appear in Log Search, Detection Rule exceptions, and Investigation evidence. You can find them in the logs as an object called r7_context.
  • Dashboard Chart Captions: We've added the ability to write plaintext captions on your charts so that you can share extra context about a visualization. This enables you to share contextual information about a dashboard chart quickly and easily within InsightIDR Dashboards.


  • LDAP event sources: Lightweight Directory Access Protocol (LDAP) event sources now have the option to use the global catalog, which aims to provide the event source with faster searching.
  • User interface color palette: We have updated our color palette to help improve readability, contrast, and accessibility. This aims to make it easier for you to spot patterns within your data.
  • Dashboard Filter Improvements: We have made our dashboard filters easier to use, to save you time & manual effort trying to find key insights:
    • You can populate the dashboard filter with your Saved Queries from Log Search.
    • You can save a filter to a dashboard, so you don't need to rebuild it every session.
    • You can build reports based on filtered views.
  • Log derived Metrics: We’ve added popular compliance cards as Log Derived Metrics to improve how quickly they load within Dashboards.
    • Our latest Log Derived Metric cards include: Active Directory Admin Actions, Accounts Disabled, Accounts Disabled over time, Windows File Share Access by User, Authentications over time


  • We fixed an issue on the Virus Alert page. The last seen time for the virus alert now shows up as a valid date, instead of “12/31/1969”.