How Insight Products Use Network Sensor Data

Multiple Insight products can use the data produced by the Insight Network Sensor for their own use cases. This article breaks down how each Insight product uses network sensor data.

InsightIDR

InsightIDR can use network sensor data to generate investigations and alerts based on the network traffic traversing your environment, one of which is a new investigation data source based on IPv4 flow data. InsightIDR also leverages DNS and DHCP information that the network sensor extracts from network packets to produce other actionable alerts.

After the data becomes available in InsightIDR, you can view processed network traffic in the Log Search feature. Additionally, you can use your network sensor data as a foundation for custom-built reports and dashboards listing top applications, top external clients making inbound connections, and other data points.

Check out the Network Traffic Analysis Help page for InsightIDR documentation!