Search Results

CyberArk Vault | InsightIDR Documentation

This integration allows you to: ... Perform in-depth analysis using multi-layer correlation between log data and alerts from PTA. ... Identify suspicious privileged user activity using behavioral analysis.

| InsightIDR Documentation

Crowdstrike Falcon is a cloud-based platform that provides endpoint protection across your organization. ... If you currently use Crowdstrike Falcon, you can configure the Falcon SIEM Connector to send events to InsightIDR where you can generate investigations around that data.

Code42 Cloud | InsightIDR Documentation

Code42 Cloud ... Code42 Cloud is a data protection solution that helps detect against data theft and respond to insider risk. ... You can integrate InsightIDR with the Code42 API to generate third-party alerts from the Search for alerts endpoint.

IBM QRadar | InsightIDR Documentation

IBM QRadar ... Unlike other log aggregators and SIEMs, IBM QRadar requires that logs must be forwarded to a specific destination in order to be collected. ... Configure IBM QRadar ... In order to ingest and analyze data from IBM QRadar, you must configure InsightIDR to be the specific destination of its logs.

Carbon Black EDR | InsightIDR Documentation

Configure InsightIDR to collect data from the event source ... After you complete the prerequisite steps and configure the event source to send data, you must add the event source in InsightIDR. ... To configure the new event source in InsightIDR:

AWS GuardDuty | InsightIDR Documentation

AWS GuardDuty ... AWS GuardDuty findings are alerts generated by the service when it detects potential security threats or unusual behavior in your AWS environment. ... You can integrate InsightIDR with AWS GuardDuty to receive third-party alerts.

Microsoft Defender for Endpoint | InsightIDR Documentation

Microsoft Defender for Endpoint (previously Microsoft Defender ATP) is a threat detection and response product that is available on a free trial or subscription basis. ... You can configure Microsoft Defender for Endpoint as a Third Party Alert event source in InsightIDR, which allows you to ingest onboarded system logs through an API.

Darktrace | InsightIDR Documentation

Darktrace ... Darktrace is a network traffic analyzing tool that delivers notification events to downstream systems. ... With Third Party Alert event sources in InsightIDR, you can configure your Collector to capture these notification events and generate InsightIDR investigations around them.

CylancePROTECT Cloud | InsightIDR Documentation

CylancePROTECT Cloud ... CylancePROTECT cloud is an advanced threat protection solution that uses artificial intelligence to prevent, detect, and respond to threats. ... You can configure CylancePROTECT cloud to send detection events to InsightIDR to generate virus infection and third-party alerts.

Cybereason | InsightIDR Documentation

Cybereason is an Endpoint Detection and Response (EDR) platform that detects events that comprise malicious operations, also known as Malops. ... If you use Cybereason version 20.1 or later, you can use its API to have it send events to InsightIDR in order to generate investigations around that data.

Log Aggregators | InsightIDR Documentation

A log aggregator is not an event source itself, but a place from which event source data can be pulled from the original source. ... Think of a SIEM like a "middle man" between InsightIDR and the original event source.

NXLog | InsightIDR Documentation

NXLog ... NXLog is a tool that converts files to syslog, which can be useful when an application produces log output that is not accepted by InsightIDR. ... Install and Configure NXLog ... Install NXLog locally and set the ROOT to the folder in which your NXLog was installed, otherwise NXLog will not start.

LogRhythm | InsightIDR Documentation

LogRhythm ... LogRhythm is a SIEM that collects security and event data. ... Configure LogRhythm ... You must configure LogRhythm prior to using it for data collection. ... Confirm that the configuration matches the following:

Syslog Logging | InsightIDR Documentation

Syslog Logging ... Syslog is a protocol that devices often use to transport or send events, such as log data, to a central location. ... You can learn more about syslog here: https://datatracker.ietf.org/doc/html/rfc5424

AWS SQS | InsightIDR Documentation

AWS SQS, or Amazon Simple Queue Services, is a managed queuing service that works with InsightIDR when sending messages as events. ... Before you begin, you must create an SQS queue for the exclusive use of InsightIDR.

Custom Logs | InsightIDR Documentation

Custom Logs ... Like other raw data, custom logs contextualize information throughout InsightIDR and are helpful during log search. ... Any text-based log can be ingested through InsightIDR. ... However, Rapid7 recommends using JSON or KVP format for logging as data is presented in Log Search in this form and allows for keyword search.

Third Party Alerts | InsightIDR Documentation

Rapid7 can integrate with the following third party vendors to generate alerts in InsightIDR and the Insight Platform: ... AWS GuardDuty ... Carbon Black EDR

Splunk | InsightIDR Documentation

Splunk ... Splunk is a log aggregator that allows you to pull in logs from across your network environment for querying and reporting. ... By connecting Splunk and InsightIDR, you can monitor the logs you have sent to Splunk in InsightIDR.

Generic Windows Event Log | InsightIDR Documentation

Generic Windows Event Log ... Connecting this event source to InsightIDR will allow for a highly thorough view into one or a small number of high risk assets, such as shared systems, compromised users, or assets with frequent suspicious activity.

Raw Data | InsightIDR Documentation

Unlike user attribution event sources, Raw Data is ingested in the product to contextualize other data. ... Using raw logs will enhance these specific features: ... Basic detection rules ... Raw data is intended for log searches and allows you to look for specific details.