Jan 26, 202220220126


  • The power of automation at your fingertips with Quick Actions: We introduced pre-configured automation actions you can run anywhere within InsightIDR, to get the answers you need fast. Leverage Quick Actions to improve the Investigative process by taking action while remaining in the context of an Investigation or Log Search. To use Quick Actions, you’ll need either of the following:
    • InsightIDR Advanced package with an InsightConnect license
    • InsightIDR Ultimate package
  • Chart Color Customizations: You are now able to change chart colors by choosing from a selection of colors in a drop-down. This enables you to color code data with visual indicators.


  • Investigation details: When selecting "Close all investigations of this type in this date range" in Investigation Details, the date range is now based on the calendar in the left-hand filter.
  • Enable attribution strategy config: In the event source dialog, you can now enable attribution strategy. This means the event source supports using InsightIDR’s engine and now also the event log attribution of assets and accounts, making attribution more accurate. This is available for:
    • Sophos XG
    • Cisco FTD
    • Cisco ASA
  • Cloud Event Sources: Cloud Event Sources now support using short names or fully qualified domain names when attributing user accounts.
  • Exception Match Count Total: We have added an "Exception Matches" column for ABA detection rules. This shows a running count of how often an exception has matched, making it easier to measure the effectiveness of an Exception.


  • We fixed a bug where the "My Account" link would sometimes take you back to the product's home page instead of taking you to Platform Home.
  • We fixed a bug where bulk closing investigations wouldn't prompt you to set a disposition if there wasn't one already set.
  • We fixed a bug that was preventing users from creating or editing threats.
  • We fixed a bug where the context menu in log search was generating an invalid query when you selected text from the results and clicked "Run a new query on this pattern". Now, when you select this option, a new query will be created that replaces the pattern and maintains the valid query structure.