<!DOCTYPE html> <!-- Q6E1 --> <html class="no-js" lang="en" dir="ltr"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" charset="utf-8" /> <meta http-equiv="x-ua-compatible" content="ie=edge" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title>InsightIDR Overview | InsightIDR Documentation</title> <meta name="description" /> <meta name="google-site-verification" content="OWb2G7FKmbGyIQgzPz7zSAy6HYcWHDqEJcd0eyA0GwQ" /> <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Mulish:wght@800;900&family=Roboto:wght@400;700&display=swap"> <link rel="icon" type="image/x-icon" href="/includes/img/favicon.ico"> <script> window.dataLayer = window.dataLayer || []; window.dataLayer.push({ 'auth': false }); </script> <!-- Google Tag Manager --> <script> (function (w, d, s, l, i) { w[l] = w[l] || []; w[l].push({ 'gtm.start': new Date().getTime(), event: 'gtm.js' }); var f = d.getElementsByTagName(s)[0], j = d.createElement(s), dl = l != 'dataLayer' ? '&l=' + l : ''; j.async = true; j.src = 'https://www.googletagmanager.com/gtm.js?id=' + i + dl; f.parentNode.insertBefore(j, f); })(window, document, 'script', 'dataLayer', 'GTM-WBTPTVC');</script> <!-- End Google Tag Manager --> <link href="/areas/docs/includes/dist/app.css?91b95aada2e8e5c1bfd9" rel="stylesheet"> <meta name="facetcat" content="docs" /> <link href="https://fonts.googleapis.com/css2?family=Roboto+Mono&display=swap" rel="stylesheet" /> <meta name="productname" content="InsightIDR" /> </head> <body> <div id="r7-global-nav"> <div id="react_0HNBIFCDN5DB7"><header class="r7-nav mobile show-main--init r7-nav--wide"><section class="search-bar search-bar--mobile hide animate-out"><form action="/search"><div class="container flex flex-jc-c flex-ai-c"><div class="search-content flex flex-jc-fs flex-ai-c"><i class="r7-icon r7-icon-search-magnify"></i><input type="search" class="search-input" name="q" placeholder="Search"/><input type="submit" class="search-submit button blue" value="Search"/><input type="hidden" name="filters" value="productname_InsightIDR"/><a id="btnSearchCloseMobile" class="search-close"><i class="r7-icon r7-icon-delete-x"></i></a></div></div></form></section><div class="search-overlay search-overlay--mobile overlay "></div><nav class="main-nav "><div class="container flex flex-jc-sb flex-ai-c"><div class="flex flex-jc-c flex-ai-c"><a class="main-nav__toggle"><i class="r7-icon text-white"></i></a></div><a class="main-nav__logo flex flex-jc-c flex-ai-c text-center" href="https://www.rapid7.com/" target="_blank"><img src="/Areas/Docs/includes/img/r7-nav/Rapid7_logo.svg" alt="Rapid7 Home"/></a><a class="search flex flex-jc-c flex-ai-c"><i class="r7-icon r7-icon-search-magnify text-white"></i></a></div><div class="main-nav__links flex flex-jc-c"><ul><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="" aria-role="button" aria-haspopup="dialog" aria-controls="dfb8cf9a-7ce7-48d9-8ef8-785362b99fb6">Platform</a><div id="dfb8cf9a-7ce7-48d9-8ef8-785362b99fb6" class="dropdown-content two-col" role="dialog" aria-labelledby="Platform"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">TECHNOLOGY</div><div class="dropdown-footer-title">The Rapid7 Command Platform</div><div class="dropdown-footer-subtitle">AI-Powered Cybersecurity Platform</div></div><div class="dropdown-button column-pad"><a href="https://www.rapid7.com/products/command/attack-surface-management-asm/trial/" class="button" aria-role="button">Start Trial</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">PLATFORM</li><li class="dropdown-item"><a href="https://www.rapid7.com/platform/"><div class="dropdown-text">Platform<div class="dropdown-category">ELITE TECHNOLOGY</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/platform/artificial-intelligence-features/"><div class="dropdown-text">AI-Engine<div class="dropdown-category">INTELLIGENT TOOLS</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/research/"><div class="dropdown-text">Rapid7 Labs<div class="dropdown-category">TRUSTED INTELLIGENCE</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">SOLUTIONS</li><li class="dropdown-item"><a href="https://www.rapid7.com/services/managed-detection-and-response-mdr/"><div class="dropdown-text">Managed Threat Complete<div class="dropdown-category">MANAGED XDR</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/products/command/attack-surface-management-asm/"><div class="dropdown-text">Surface Command<div class="dropdown-category">ATTACK SURFACE MANAGEMENT</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/products/command/exposure-management/"><div class="dropdown-text">Exposure Command<div class="dropdown-category">EXPOSURE MANAGEMENT</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="https://www.rapid7.com/products/" aria-role="button" aria-haspopup="dialog" aria-controls="6d6a38af-c387-4132-b23d-0335d52d29fd">Products</a><div id="6d6a38af-c387-4132-b23d-0335d52d29fd" class="dropdown-content two-col" role="dialog" aria-labelledby="Products"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">NEW!</div><div class="dropdown-footer-title">Surface Command</div><div class="dropdown-footer-subtitle">Unlock a continuous 360掳 view of your attack surface</div></div><div class="dropdown-button column-pad"><a href="https://www.rapid7.com/products/command/attack-surface-management-asm/trial/" class="button" aria-role="button">FREE TRIAL</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">DETECTION &amp; RESPONSE</li><li class="dropdown-item"><a href="https://www.rapid7.com/products/insightidr/"><div class="dropdown-text">Next-Gen SIEM<div class="dropdown-category">INSIGHTIDR</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/products/threat-command/"><div class="dropdown-text">Threat Intelligence<div class="dropdown-category">THREAT COMMAND</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">EXPOSURE MANAGEMENT</li><li class="dropdown-item"><a href="https://www.rapid7.com/products/command/exposure-management/"><div class="dropdown-text">Exposure Management<div class="dropdown-category">EXPOSURE COMMAND</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/products/command/attack-surface-management-asm/"><div class="dropdown-text">Attack Surface Management<div class="dropdown-category">SURFACE COMMAND</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/products/insightvm/"><div class="dropdown-text">Vulnerability Management<div class="dropdown-category">INSIGHTVM</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/products/insightcloudsec/"><div class="dropdown-text">Cloud-Native Application Protection<div class="dropdown-category">INSIGHTCLOUDSEC</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/products/insightappsec/"><div class="dropdown-text">Application Security Testing<div class="dropdown-category">INSIGHTAPPSEC</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="https://www.rapid7.com/services/" aria-role="button" aria-haspopup="dialog" aria-controls="85c2b5e0-6189-4ff9-b886-ae6f15ed5f7a">Services</a><div id="85c2b5e0-6189-4ff9-b886-ae6f15ed5f7a" class="dropdown-content two-col" role="dialog" aria-labelledby="Services"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">MXDR</div><div class="dropdown-footer-title">Managed Threat Complete</div><div class="dropdown-footer-subtitle">24x7 MXDR to secure your extended ecosystem</div></div><div class="dropdown-button column-pad"><a href="https://www.rapid7.com/services/managed-detection-and-response-mdr/demo/" class="button" aria-role="button">Request Demo</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">DETECTION &amp; RESPONSE</li><li class="dropdown-item"><a href="https://www.rapid7.com/services/managed-detection-and-response-mdr/"><div class="dropdown-text">Managed XDR<div class="dropdown-category">MANAGED THREAT COMPLETE</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/services/incident-response-customer-escalation/"><div class="dropdown-text">Incident Response Services<div class="dropdown-category">EXPERIENCING A BREACH?</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">EXPOSURE MANAGEMENT</li><li class="dropdown-item"><a href="https://www.rapid7.com/services/managed-vulnerability-management/"><div class="dropdown-text">Managed Vulnerability Management<div class="dropdown-category">OPTIMIZED RISK ASSESSMENT</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/services/managed-application-security/"><div class="dropdown-text">Managed Application Security<div class="dropdown-category">MANAGED DAST</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/services/continuous-red-team-service/"><div class="dropdown-text">Continuous Red Teaming<div class="dropdown-category">VECTOR COMMAND</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/services/penetration-testing/"><div class="dropdown-text">Penetration Testing Services<div class="dropdown-category">TEST YOUR DEFENSES</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="" aria-role="button" aria-haspopup="dialog" aria-controls="83db78ed-f2e5-416c-95da-77652180061d">Resources</a><div id="83db78ed-f2e5-416c-95da-77652180061d" class="dropdown-content two-col" role="dialog" aria-labelledby="Resources"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">NEW</div><div class="dropdown-footer-title">The Take Command Summit is back!</div><div class="dropdown-footer-subtitle">Our largest virtual event returns Apr. 9</div></div><div class="dropdown-button column-pad"><a href="https://rapid7.brighttalk.com/?utm_source=referral&amp;utm_medium=website&amp;utm_campaign=global-pla-take-command-summit-prospect-eng" class="button" aria-role="button">Register</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">STAY CURRENT</li><li class="dropdown-item"><a href="https://www.rapid7.com/research/"><div class="dropdown-text">About Rapid7 Labs<div class="dropdown-category">MEET THE RESEARCH TEAM</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/about/events-webcasts/"><div class="dropdown-text">Events &amp; Webinars<div class="dropdown-category">CATCH US LIVE</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/resources/"><div class="dropdown-text">Resources Library<div class="dropdown-category">DIVE INTO THE DETAILS</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/blog/"><div class="dropdown-text">The Rapid7 Blog<div class="dropdown-category">STAY UP-TO-DATE</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/db/"><div class="dropdown-text">Exploit Database<div class="dropdown-category">SEARCH THOUSANDS OF CVES</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/fundamentals/"><div class="dropdown-text">Cybersecurity Fundamentals<div class="dropdown-category">LEARN THE BASICS</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">PRODUCT SUPPORT</li><li class="dropdown-item"><a href="https://www.rapid7.com/contact/"><div class="dropdown-text">Contact Sales<div class="dropdown-category">TALK TO AN EXPERT</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/for-customers/"><div class="dropdown-text">Customer Support Portal<div class="dropdown-category">CONTACT SUPPORT</div></div></a></li><li class="dropdown-item"><a href="https://extensions.rapid7.com/"><div class="dropdown-text">Product Integrations<div class="dropdown-category">CONNECT EVERYTHING</div></div></a></li><li class="dropdown-item"><a href="/"><div class="dropdown-text">Product Documentation<div class="dropdown-category">PRODUCT AND SERVICES GUIDES</div></div></a></li><li class="dropdown-item"><a href="/release-notes/"><div class="dropdown-text">Product Release Notes<div class="dropdown-category">LATEST FEATURES</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/product-tours/"><div class="dropdown-text">Interactive Product Tours<div class="dropdown-category">TAKE TOUR</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="https://www.rapid7.com/about/company/" aria-role="button" aria-haspopup="dialog" aria-controls="2b28f7ee-67be-4086-9642-3e6851c8af09">Company</a><div id="2b28f7ee-67be-4086-9642-3e6851c8af09" class="dropdown-content two-col" role="dialog" aria-labelledby="Company"><ul class="dropdown-menu"><li class="dropdown-title">OVERVIEW</li><li class="dropdown-item"><a href="https://www.rapid7.com/about/company/"><div class="dropdown-text">About Us<div class="dropdown-category">OUR STORY</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/about/leadership/"><div class="dropdown-text">Leadership<div class="dropdown-category">EXECUTIVE TEAM &amp; BOARD</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/about/news/"><div class="dropdown-text">News &amp; Press Releases<div class="dropdown-category">THE LATEST FROM OUR NEWSROOM</div></div></a></li><li class="dropdown-item"><a href="https://careers.rapid7.com/"><div class="dropdown-text">Careers<div class="dropdown-category">JOIN RAPID7</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/customers/"><div class="dropdown-text">Our Customers<div class="dropdown-category">Their Success Stories</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/partners/"><div class="dropdown-text">Partners<div class="dropdown-category">Rapid7 Partner Ecosystem</div></div></a></li><li class="dropdown-item"><a href="https://investors.rapid7.com/"><div class="dropdown-text">Investors<div class="dropdown-category">Investor Relations</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">COMMUNITY &amp; CULTURE</li><li class="dropdown-item"><a href="https://www.rapid7.com/about/social-good/"><div class="dropdown-text">Social Good<div class="dropdown-category">OUR COMMITMENT &amp; APPROACH</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/about/rapid7-foundation/"><div class="dropdown-text">Rapid7 Cybersecurity Foundation<div class="dropdown-category">BUILDING THE FUTURE</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/about/diversity-equity-and-inclusion/"><div class="dropdown-text">Diversity, Equity &amp; Inclusion<div class="dropdown-category">EMPOWERING PEOPLE</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/open-source/"><div class="dropdown-text">Open Source<div class="dropdown-category">STRENGTHENING CYBERSECURITY</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/about/public-policy/"><div class="dropdown-text">Public Policy<div class="dropdown-category">ENGAGEMENT &amp; ADVOCACY</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/about/rapid7-cybersecurity-partner-boston-bruins/"><div class="dropdown-text">Boston Bruins<div class="dropdown-category">Our Partnership</div></div></a></li></ul></div></li><li class="main-nav__link "><a class="" href="https://www.rapid7.com/partners/" aria-role="button" aria-haspopup="" aria-controls="e7bd2655-bdc0-48ad-9bba-eb94d9f81632">Partners</a></li><li class="main-nav__link"><a href="https://insight.rapid7.com/saml/SSO" class="has-icon"><img src="/Areas/Docs/includes/img/r7-nav/icon-lock.svg" alt=""/>聽<!-- -->Sign In</a></li></ul></div></nav><nav class="sub-nav container flex flex-ai-c"><div class="sub-nav__title"><a href="/" title="Documentation">Documentation</a></div><ul><li class="sub-nav__link dropdown "><a class="dropdown-trigger has-toggle">InsightIDR</a><div class="dropdown-content"><ul class="dropdown-menu"><li class="dropdown-item"><a href="/appspider/">AppSpider</a></li><li class="dropdown-item"><a href="/insight-agent/">Insight Agent</a></li><li class="dropdown-item"><a href="/insightappsec/">InsightAppSec</a></li><li class="dropdown-item"><a href="/insightcloudsec/">InsightCloudSec</a></li><li class="dropdown-item"><a href="/insightconnect/">InsightConnect</a></li><li class="dropdown-item"><a href="/insight/">Insight Platform</a></li><li class="dropdown-item"><a href="/insightidr/">InsightIDR</a></li><li class="dropdown-item"><a href="/sensor/">Insight Network Sensor</a></li><li class="dropdown-item"><a href="/insightops/">InsightOps</a></li><li class="dropdown-item"><a href="/insightvm/">InsightVM</a></li><li class="dropdown-item"><a href="/metasploit/">Metasploit</a></li><li class="dropdown-item"><a href="/nexpose/">Nexpose</a></li><li class="dropdown-item"><a href="/tcell/">tCell</a></li><li class="dropdown-item"><a href="/services/">Managed Services</a></li><li class="dropdown-item"><a href="/threat-command/">Threat Command</a></li><li class="dropdown-item"><a href="/surface-command/">Surface Command</a></li><li class="dropdown-item"><a href="/exposure-command/">Exposure Command</a></li></ul></div></li></ul></nav></header><div class="dropdown-overlay overlay false"></div><header class="r7-nav stuck show-main--init r7-nav--wide"><nav class="main-nav"><div class="container flex flex-jc-sb flex-ai-c"><div class="main-nav__logo"><a class="flex" href="https://www.rapid7.com/" target="_blank"><img src="/Areas/Docs/includes/img/r7-nav/Rapid7_logo.svg" alt="Rapid7 Home"/></a></div><div class="main-nav__links flex flex-jc-c"><ul><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="" aria-role="button" aria-haspopup="dialog" aria-controls="dfb8cf9a-7ce7-48d9-8ef8-785362b99fb6">Platform</a><div id="dfb8cf9a-7ce7-48d9-8ef8-785362b99fb6" class="dropdown-content two-col" role="dialog" aria-labelledby="Platform"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">TECHNOLOGY</div><div class="dropdown-footer-title">The Rapid7 Command Platform</div><div class="dropdown-footer-subtitle">AI-Powered Cybersecurity Platform</div></div><div class="dropdown-button column-pad"><a href="https://www.rapid7.com/products/command/attack-surface-management-asm/trial/" class="button" aria-role="button">Start Trial</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">PLATFORM</li><li class="dropdown-item"><a href="https://www.rapid7.com/platform/"><div class="dropdown-text">Platform<div class="dropdown-category">ELITE TECHNOLOGY</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/platform/artificial-intelligence-features/"><div class="dropdown-text">AI-Engine<div class="dropdown-category">INTELLIGENT TOOLS</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/research/"><div class="dropdown-text">Rapid7 Labs<div class="dropdown-category">TRUSTED INTELLIGENCE</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">SOLUTIONS</li><li class="dropdown-item"><a href="https://www.rapid7.com/services/managed-detection-and-response-mdr/"><div class="dropdown-text">Managed Threat Complete<div class="dropdown-category">MANAGED XDR</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/products/command/attack-surface-management-asm/"><div class="dropdown-text">Surface Command<div class="dropdown-category">ATTACK SURFACE MANAGEMENT</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/products/command/exposure-management/"><div class="dropdown-text">Exposure Command<div class="dropdown-category">EXPOSURE MANAGEMENT</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="https://www.rapid7.com/products/" aria-role="button" aria-haspopup="dialog" aria-controls="6d6a38af-c387-4132-b23d-0335d52d29fd">Products</a><div id="6d6a38af-c387-4132-b23d-0335d52d29fd" class="dropdown-content two-col" role="dialog" aria-labelledby="Products"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">NEW!</div><div class="dropdown-footer-title">Surface Command</div><div class="dropdown-footer-subtitle">Unlock a continuous 360掳 view of your attack surface</div></div><div class="dropdown-button column-pad"><a href="https://www.rapid7.com/products/command/attack-surface-management-asm/trial/" class="button" aria-role="button">FREE TRIAL</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">DETECTION &amp; RESPONSE</li><li class="dropdown-item"><a href="https://www.rapid7.com/products/insightidr/"><div class="dropdown-text">Next-Gen SIEM<div class="dropdown-category">INSIGHTIDR</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/products/threat-command/"><div class="dropdown-text">Threat Intelligence<div class="dropdown-category">THREAT COMMAND</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">EXPOSURE MANAGEMENT</li><li class="dropdown-item"><a href="https://www.rapid7.com/products/command/exposure-management/"><div class="dropdown-text">Exposure Management<div class="dropdown-category">EXPOSURE COMMAND</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/products/command/attack-surface-management-asm/"><div class="dropdown-text">Attack Surface Management<div class="dropdown-category">SURFACE COMMAND</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/products/insightvm/"><div class="dropdown-text">Vulnerability Management<div class="dropdown-category">INSIGHTVM</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/products/insightcloudsec/"><div class="dropdown-text">Cloud-Native Application Protection<div class="dropdown-category">INSIGHTCLOUDSEC</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/products/insightappsec/"><div class="dropdown-text">Application Security Testing<div class="dropdown-category">INSIGHTAPPSEC</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="https://www.rapid7.com/services/" aria-role="button" aria-haspopup="dialog" aria-controls="85c2b5e0-6189-4ff9-b886-ae6f15ed5f7a">Services</a><div id="85c2b5e0-6189-4ff9-b886-ae6f15ed5f7a" class="dropdown-content two-col" role="dialog" aria-labelledby="Services"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">MXDR</div><div class="dropdown-footer-title">Managed Threat Complete</div><div class="dropdown-footer-subtitle">24x7 MXDR to secure your extended ecosystem</div></div><div class="dropdown-button column-pad"><a href="https://www.rapid7.com/services/managed-detection-and-response-mdr/demo/" class="button" aria-role="button">Request Demo</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">DETECTION &amp; RESPONSE</li><li class="dropdown-item"><a href="https://www.rapid7.com/services/managed-detection-and-response-mdr/"><div class="dropdown-text">Managed XDR<div class="dropdown-category">MANAGED THREAT COMPLETE</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/services/incident-response-customer-escalation/"><div class="dropdown-text">Incident Response Services<div class="dropdown-category">EXPERIENCING A BREACH?</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">EXPOSURE MANAGEMENT</li><li class="dropdown-item"><a href="https://www.rapid7.com/services/managed-vulnerability-management/"><div class="dropdown-text">Managed Vulnerability Management<div class="dropdown-category">OPTIMIZED RISK ASSESSMENT</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/services/managed-application-security/"><div class="dropdown-text">Managed Application Security<div class="dropdown-category">MANAGED DAST</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/services/continuous-red-team-service/"><div class="dropdown-text">Continuous Red Teaming<div class="dropdown-category">VECTOR COMMAND</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/services/penetration-testing/"><div class="dropdown-text">Penetration Testing Services<div class="dropdown-category">TEST YOUR DEFENSES</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="" aria-role="button" aria-haspopup="dialog" aria-controls="83db78ed-f2e5-416c-95da-77652180061d">Resources</a><div id="83db78ed-f2e5-416c-95da-77652180061d" class="dropdown-content two-col" role="dialog" aria-labelledby="Resources"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">NEW</div><div class="dropdown-footer-title">The Take Command Summit is back!</div><div class="dropdown-footer-subtitle">Our largest virtual event returns Apr. 9</div></div><div class="dropdown-button column-pad"><a href="https://rapid7.brighttalk.com/?utm_source=referral&amp;utm_medium=website&amp;utm_campaign=global-pla-take-command-summit-prospect-eng" class="button" aria-role="button">Register</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">STAY CURRENT</li><li class="dropdown-item"><a href="https://www.rapid7.com/research/"><div class="dropdown-text">About Rapid7 Labs<div class="dropdown-category">MEET THE RESEARCH TEAM</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/about/events-webcasts/"><div class="dropdown-text">Events &amp; Webinars<div class="dropdown-category">CATCH US LIVE</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/resources/"><div class="dropdown-text">Resources Library<div class="dropdown-category">DIVE INTO THE DETAILS</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/blog/"><div class="dropdown-text">The Rapid7 Blog<div class="dropdown-category">STAY UP-TO-DATE</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/db/"><div class="dropdown-text">Exploit Database<div class="dropdown-category">SEARCH THOUSANDS OF CVES</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/fundamentals/"><div class="dropdown-text">Cybersecurity Fundamentals<div class="dropdown-category">LEARN THE BASICS</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">PRODUCT SUPPORT</li><li class="dropdown-item"><a href="https://www.rapid7.com/contact/"><div class="dropdown-text">Contact Sales<div class="dropdown-category">TALK TO AN EXPERT</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/for-customers/"><div class="dropdown-text">Customer Support Portal<div class="dropdown-category">CONTACT SUPPORT</div></div></a></li><li class="dropdown-item"><a href="https://extensions.rapid7.com/"><div class="dropdown-text">Product Integrations<div class="dropdown-category">CONNECT EVERYTHING</div></div></a></li><li class="dropdown-item"><a href="/"><div class="dropdown-text">Product Documentation<div class="dropdown-category">PRODUCT AND SERVICES GUIDES</div></div></a></li><li class="dropdown-item"><a href="/release-notes/"><div class="dropdown-text">Product Release Notes<div class="dropdown-category">LATEST FEATURES</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/product-tours/"><div class="dropdown-text">Interactive Product Tours<div class="dropdown-category">TAKE TOUR</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="https://www.rapid7.com/about/company/" aria-role="button" aria-haspopup="dialog" aria-controls="2b28f7ee-67be-4086-9642-3e6851c8af09">Company</a><div id="2b28f7ee-67be-4086-9642-3e6851c8af09" class="dropdown-content two-col" role="dialog" aria-labelledby="Company"><ul class="dropdown-menu"><li class="dropdown-title">OVERVIEW</li><li class="dropdown-item"><a href="https://www.rapid7.com/about/company/"><div class="dropdown-text">About Us<div class="dropdown-category">OUR STORY</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/about/leadership/"><div class="dropdown-text">Leadership<div class="dropdown-category">EXECUTIVE TEAM &amp; BOARD</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/about/news/"><div class="dropdown-text">News &amp; Press Releases<div class="dropdown-category">THE LATEST FROM OUR NEWSROOM</div></div></a></li><li class="dropdown-item"><a href="https://careers.rapid7.com/"><div class="dropdown-text">Careers<div class="dropdown-category">JOIN RAPID7</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/customers/"><div class="dropdown-text">Our Customers<div class="dropdown-category">Their Success Stories</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/partners/"><div class="dropdown-text">Partners<div class="dropdown-category">Rapid7 Partner Ecosystem</div></div></a></li><li class="dropdown-item"><a href="https://investors.rapid7.com/"><div class="dropdown-text">Investors<div class="dropdown-category">Investor Relations</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">COMMUNITY &amp; CULTURE</li><li class="dropdown-item"><a href="https://www.rapid7.com/about/social-good/"><div class="dropdown-text">Social Good<div class="dropdown-category">OUR COMMITMENT &amp; APPROACH</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/about/rapid7-foundation/"><div class="dropdown-text">Rapid7 Cybersecurity Foundation<div class="dropdown-category">BUILDING THE FUTURE</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/about/diversity-equity-and-inclusion/"><div class="dropdown-text">Diversity, Equity &amp; Inclusion<div class="dropdown-category">EMPOWERING PEOPLE</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/open-source/"><div class="dropdown-text">Open Source<div class="dropdown-category">STRENGTHENING CYBERSECURITY</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/about/public-policy/"><div class="dropdown-text">Public Policy<div class="dropdown-category">ENGAGEMENT &amp; ADVOCACY</div></div></a></li><li class="dropdown-item"><a href="https://www.rapid7.com/about/rapid7-cybersecurity-partner-boston-bruins/"><div class="dropdown-text">Boston Bruins<div class="dropdown-category">Our Partnership</div></div></a></li></ul></div></li><li class="main-nav__link "><a class="" href="https://www.rapid7.com/partners/" aria-role="button" aria-haspopup="" aria-controls="e7bd2655-bdc0-48ad-9bba-eb94d9f81632">Partners</a></li></ul></div><div class="main-nav__utility"><ul><li class="signin"><a href="https://insight.rapid7.com/saml/SSO"><img src="/Areas/Docs/includes/img/r7-nav/icon-lock.svg" alt=""/>Sign In</a></li></ul></div></div></nav><section class="search-bar hide"><div class="container flex flex-jc-c flex-ai-c"><form action="/search" class="search-content flex flex-jc-c flex-ai-c"><i class="r7-icon r7-icon-search-magnify"></i><input type="search" class="search-input" name="q" autoComplete="off" placeholder="Search"/><input type="submit" class="search-submit button blue" value="Search"/><input type="hidden" name="filters" value="productname_InsightIDR"/><a class="search-close"><i class="r7-icon r7-icon-delete-x"></i></a></form></div></section><div class="search-overlay overlay "></div><nav class="sub-nav "><div class="container flex flex-jc-sb"><a class="logo circle-button" href="https://www.rapid7.com/"><img src="/Areas/Docs/includes/img/r7-nav/Rapid7_logo-short.svg" alt="Rapid7 logo"/></a><div class="sub-nav__links flex"><ul class="flex flex-ai-c"><li class="sub-nav__title"><a href="/" title="Documentation">Documentation</a></li><li class="sub-nav__link dropdown "><a href="#" class="dropdown-trigger has-toggle">InsightIDR</a><div class="dropdown-content two-col--sm"><ul class="dropdown-menu"><li class="dropdown-item"><a href="/appspider/">AppSpider</a></li><li class="dropdown-item"><a href="/insight-agent/">Insight Agent</a></li><li class="dropdown-item"><a href="/insightappsec/">InsightAppSec</a></li><li class="dropdown-item"><a href="/insightcloudsec/">InsightCloudSec</a></li><li class="dropdown-item"><a href="/insightconnect/">InsightConnect</a></li><li class="dropdown-item"><a href="/insight/">Insight Platform</a></li><li class="dropdown-item"><a href="/insightidr/">InsightIDR</a></li><li class="dropdown-item"><a href="/sensor/">Insight Network Sensor</a></li><li class="dropdown-item"><a href="/insightops/">InsightOps</a></li></ul><ul class="dropdown-menu"><li class="dropdown-item"><a href="/insightvm/">InsightVM</a></li><li class="dropdown-item"><a href="/metasploit/">Metasploit</a></li><li class="dropdown-item"><a href="/nexpose/">Nexpose</a></li><li class="dropdown-item"><a href="/tcell/">tCell</a></li><li class="dropdown-item"><a href="/services/">Managed Services</a></li><li class="dropdown-item"><a href="/threat-command/">Threat Command</a></li><li class="dropdown-item"><a href="/surface-command/">Surface Command</a></li><li class="dropdown-item"><a href="/exposure-command/">Exposure Command</a></li></ul><div class="dropdown-view-all"><a href="/release-notes/">Release Notes</a></div></div></li></ul></div><div class="sub-nav__utility"><a class="search" role="button" tabindex="0"><i class="r7-icon r7-icon-search-magnify"></i></a><a class="to-top circle-button" tabindex="0"><i class="r7-icon r7-icon-arrow-chevron-up-solid"></i></a></div></div></nav></header></div> </div> <div class="sidebar-container" id="product-doc"> <div id="react_0HNBIFCDN5DB5"><div class="nav-bar"><div class="nav-bar__content"><div class="container flex flex-jc-sb flex-ai-c"><div class="flex nav-bar__column nav-bar__column--left nav-bar__column--full subnav__nav-bar"><a class="nav-bar__toggle " role="button">Docs Menu<span role="button"></span></a><div class="nav-bar__toggle-content"><div class="subnav"><div class="subnav_group"><div class="h3 subnav_group-title">Getting Started with InsightIDR<span class="subnav_list-toggle minus"></span></div><div><ul class="subnav_list"><li class="subnav_list-item subnav_list-item--open"><a href="/insightidr/insightidr-overview/" class="active "><span class="subnav_list-text">InsightIDR Overview</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/essential-quick-start-guide/" class=" "><span class="subnav_list-text">Essential | Quick Start Guide</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/advanced-quick-start-guide/" class=" "><span class="subnav_list-text">Advanced | Quick Start Guide</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ultimate-quick-start-guide/" class=" "><span class="subnav_list-text">Ultimate | Quick Start Guide</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Setup and Deployment<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/system-requirements/" class=" "><span class="subnav_list-text">System Requirements</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/set-up-a-service-account/" class=" "><span class="subnav_list-text">Setting Up a Service Account</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/network-and-environment-audit/" class=" "><span class="subnav_list-text">Network and Environment Audit</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/core-event-sources/" class=" "><span class="subnav_list-text">Core Event Sources</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/log-collection-and-storage/" class=" "><span class="subnav_list-text">Log Data Collection and Storage</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/data-archiving/" class=" "><span class="subnav_list-text">Data Archiving</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/non-admin-domain-controller-account/" class=" "><span class="subnav_list-text">Non-Admin Domain Controller Account</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/read-only-domain-controllers/" class=" "><span class="subnav_list-text">Read-Only Domain Controllers</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ports-used-by-insightidr/" class=" "><span class="subnav_list-text">Ports Used by InsightIDR</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/collector-overview/" class=" "><span class="subnav_list-text">Collector Overview</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/collector-requirements/" class=" "><span class="subnav_list-text">Collector Requirements</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/collector-installation-and-deployment/" class=" "><span class="subnav_list-text">Collector Installation and Deployment</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/collector-troubleshooting/" class=" "><span class="subnav_list-text">Collector Troubleshooting</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/collector-proxy-configuration/" class=" "><span class="subnav_list-text">Collector Proxy Configuration</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/insight-agent/" class=" "><span class="subnav_list-text">Insight Agent</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/configure-the-insight-agent-to-send-logs/" class=" "><span class="subnav_list-text">Configure the Insight Agent to Send Additional Logs</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/microsoft-windows-defender-antivirus/" class=" "><span class="subnav_list-text">Microsoft Windows Defender Antivirus</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/velociraptor-integration/" class=" "><span class="subnav_list-text">Velociraptor Integration</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/fim-recommendations/" class=" "><span class="subnav_list-text">FIM Recommendations</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/other-deployment-options/" class=" "><span class="subnav_list-text">Other Deployment Options</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Automation<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/get-started-with-aba-automation/" class=" "><span class="subnav_list-text">Get Started with Automation</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/get-started-with-automation/" class=" "><span class="subnav_list-text">Get Started with Automation for Legacy Detection Rules and Basic Detection Rules</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/alert-triggers/" class=" "><span class="subnav_list-text">Triggers for Legacy Detection Rules and Basic Detection Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/insight-orchestrator/" class=" "><span class="subnav_list-text">Insight Orchestrator Overview</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/configure-connections/" class=" "><span class="subnav_list-text">Configure Connections For Automation</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/activate-workflow-templates/" class=" "><span class="subnav_list-text">Automation Workflow Templates</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/automate-workflows/" class=" "><span class="subnav_list-text">Automation Workflows</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/kill-a-process/" class=" "><span class="subnav_list-text">Kill a Process</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspend-or-disable-a-user/" class=" "><span class="subnav_list-text">Suspend or Disable a User</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/quarantine-an-asset/" class=" "><span class="subnav_list-text">Quarantine an Asset</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/create-a-ticket/" class=" "><span class="subnav_list-text">Create a ServiceNow or JIRA Ticket</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/automated-enrichment-workflows/" class=" "><span class="subnav_list-text">Automated Enrichment Workflows</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/enrich-alert-data-with-open-source-plugins/" class=" "><span class="subnav_list-text">Enrich Alert Data with Open Source Plugins</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/get-started-with-on-demand-response-actions/" class=" "><span class="subnav_list-text">Get Started with On Demand Response Actions</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/automation-troubleshooting/" class=" "><span class="subnav_list-text">Automation Troubleshooting</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/send-insightconnect-events-to-insightidr/" class=" "><span class="subnav_list-text">Send InsightConnect Events to InsightIDR</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">How To<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/create-and-manage-credentials/" class=" "><span class="subnav_list-text">Manage Credentials</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/search-your-logs/" class=" "><span class="subnav_list-text">Search Your Logs</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/transform-logs-to-universal-event-format/" class=" "><span class="subnav_list-text">Transform Logs to Universal Event Format</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/delete-and-reinstall-a-collector/" class=" "><span class="subnav_list-text">Delete and Reinstall a Collector</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/deploy-deception-technology/" class=" "><span class="subnav_list-text">Deploy Deception Technology</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/investigate-an-asset-or-user/" class=" "><span class="subnav_list-text">Investigate an Asset or User</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/manage-event-sources/" class=" "><span class="subnav_list-text">Manage Event Sources</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/edit-event-source/" class=" "><span class="subnav_list-text">Edit Event Sources</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/copy-event-sources-to-a-new-collector/" class=" "><span class="subnav_list-text">Copy Event Sources to a New Collector</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/export-data/" class=" "><span class="subnav_list-text">Export Data</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/access-aws-resources-with-ec2-iam-roles/" class=" "><span class="subnav_list-text">Access AWS Resources with EC2 IAM Roles</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/monitor-your-security-operations-activities/" class=" "><span class="subnav_list-text">Monitor Your Security Operations Activities</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Concepts and Usage<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/rapid7-resource-names/" class=" "><span class="subnav_list-text">Rapid7 Resource Names</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/detection-rules/" class=" "><span class="subnav_list-text">Detection Rules</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/modify-detection-rules/" class=" "><span class="subnav_list-text">Modify Detection Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/modify-uba-detection-rules/" class=" "><span class="subnav_list-text">Modify Legacy Detection Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/custom-detection-rules/" class=" "><span class="subnav_list-text">Custom Detection Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/custom-detection-rules-faq/" class=" "><span class="subnav_list-text">Custom Detection Rules FAQ</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/detection-library/" class=" "><span class="subnav_list-text">Detection Library</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/detection-rule-exceptions/" class=" "><span class="subnav_list-text">Detection Rule Exceptions</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/create-and-manage-basic-detection-rules/" class=" "><span class="subnav_list-text">Create and Manage Basic Detection Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/basic-detection-rule-details/" class=" "><span class="subnav_list-text">Basic Detection Rule Details</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/basic-detection-rules-and-insight-connect/" class=" "><span class="subnav_list-text">Basic Detection Rules and InsightConnect</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/notable-events/" class=" "><span class="subnav_list-text">Notable Events</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/alerts/" class=" "><span class="subnav_list-text">Alerts</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/take-action-on-an-alert/" class=" "><span class="subnav_list-text">Take Action on an Alert</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/anatomy-of-an-alert/" class=" "><span class="subnav_list-text">Anatomy of an Alert</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/investigations/" class=" "><span class="subnav_list-text">Investigations</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/create-an-investigation/" class=" "><span class="subnav_list-text">Create an investigation</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/analyze-an-investigation/" class=" "><span class="subnav_list-text">Analyze an investigation</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/scheduled-forensics/" class=" "><span class="subnav_list-text">Schedule endpoint queries</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/close-an-investigation/" class=" "><span class="subnav_list-text">Close an investigation</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/multi-customer-investigations/" class=" "><span class="subnav_list-text">Multi-Customer Investigations</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/threat-command-alerts/" class=" "><span class="subnav_list-text">Investigate Threat Command Alerts</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/velociraptor-alerts/" class=" "><span class="subnav_list-text">Velociraptor</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/assets-on-your-domain/" class=" "><span class="subnav_list-text">Assets on Your Domain</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/restrict-or-allow-an-asset/" class=" "><span class="subnav_list-text">Mark an asset as restricted</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/manage-your-processes-and-hashes/" class=" "><span class="subnav_list-text">Manage your Processes and Hashes</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/exploitable-vulnerabilities/" class=" "><span class="subnav_list-text">Exploitable Vulnerabilities</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/lateral-movement/" class=" "><span class="subnav_list-text">Lateral Movement</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dashboards-and-reports/" class=" "><span class="subnav_list-text">Dashboards and Reports</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/endpoint-visibility-dashboard/" class=" "><span class="subnav_list-text">R7 Managed: Endpoint Visibility Validation Dashboard</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/deception-technology/" class=" "><span class="subnav_list-text">Deception Technology</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/honeypot/" class=" "><span class="subnav_list-text">Honeypot</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/honey-users/" class=" "><span class="subnav_list-text">Honey Users</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/honey-files/" class=" "><span class="subnav_list-text">Honey Files</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/honey-credentials/" class=" "><span class="subnav_list-text">Honey Credentials</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/honey-alerts/" class=" "><span class="subnav_list-text">Honey Alerts</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/troubleshooting-honeypots/" class=" "><span class="subnav_list-text">Troubleshooting Honeypots</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/aws-honeypots/" class=" "><span class="subnav_list-text">AWS Honeypots</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/file-access-activity-monitoring/" class=" "><span class="subnav_list-text">File Access Activity Monitoring</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/file-integrity-monitoring/" class=" "><span class="subnav_list-text">File Integrity Monitoring</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/fim-for-linux/" class=" "><span class="subnav_list-text">File Integrity Monitoring for Linux</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/search-logs-for-fim-events/" class=" "><span class="subnav_list-text">Search Logs for FIM Events</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/log-search/" class=" "><span class="subnav_list-text">Log Search</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/log-sets-you-can-search/" class=" "><span class="subnav_list-text">Log Sets You Can Search</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/components-for-building-a-query/" class=" "><span class="subnav_list-text">Components for Building a Query</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/keys-to-use-in-your-queries/" class=" "><span class="subnav_list-text">Keys to Use in Your Queries</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/example-queries/" class=" "><span class="subnav_list-text">Example Queries</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/use-variables-in-queries/" class=" "><span class="subnav_list-text">Use Variables in Queries</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/tips-and-tricks-for-building-queries/" class=" "><span class="subnav_list-text">Tips and Tricks for Building Queries</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/leverage-enhanced-endpoint-telemetry-data/" class=" "><span class="subnav_list-text">Leverage Enhanced Endpoint Telemetry Data</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/create-custom-parsing-rules/" class=" "><span class="subnav_list-text">Create Custom Parsing Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/legacy-log-search/" class=" "><span class="subnav_list-text">Legacy Log Search</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ls-glossary/" class=" "><span class="subnav_list-text">Glossary</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/network-rules/" class=" "><span class="subnav_list-text">Network Rules</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/network-zones-and-policies/" class=" "><span class="subnav_list-text">Network zones and policies</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/owned-and-ignored-domains/" class=" "><span class="subnav_list-text">Owned and Ignored Domains</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/firewall-rules/" class=" "><span class="subnav_list-text">Firewall Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ip-addresses/" class=" "><span class="subnav_list-text">IP Addresses</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/network-traffic-analysis/" class=" "><span class="subnav_list-text">Network Traffic Analysis</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/threats/" class=" "><span class="subnav_list-text">Threats</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/utilize-existing-threats/" class=" "><span class="subnav_list-text">Utilize Existing Threats</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/add-and-manage-threats/" class=" "><span class="subnav_list-text">Add and Manage Threats</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/users-and-accounts-on-your-domain/" class=" "><span class="subnav_list-text">Users and Accounts</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/admin-accounts/" class=" "><span class="subnav_list-text">Admin Users</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/non-expiring-and-service-accounts/" class=" "><span class="subnav_list-text">Non-Expiring and Service Accounts</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/shared-and-linked-accounts/" class=" "><span class="subnav_list-text">Shared and Linked Accounts</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/watchlist-and-risky-users/" class=" "><span class="subnav_list-text">Watchlist and Risky Users</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/account-tags/" class=" "><span class="subnav_list-text">User Tags</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/audit-logging/" class=" "><span class="subnav_list-text">Audit Logging</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/user-attribution/" class=" "><span class="subnav_list-text">User Attribution</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/quick-actions/" class=" "><span class="subnav_list-text">Quick Actions</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/data-storage-faq/" class=" "><span class="subnav_list-text">Data Storage and Retention FAQs</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Detection Library<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/detection-library-overview/" class=" "><span class="subnav_list-text">Overview</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/aba-detections/" class=" "><span class="subnav_list-text">Rules by Rule Set</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/agrius/" class=" "><span class="subnav_list-text">Agrius</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/antlion/" class=" "><span class="subnav_list-text">Antlion</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/apt-groups/" class=" "><span class="subnav_list-text">APT Groups</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/bahamut/" class=" "><span class="subnav_list-text">BAHAMUT</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/balikbayan-foxes/" class=" "><span class="subnav_list-text">Balikbayan Foxes</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/bax-026-of-iran/" class=" "><span class="subnav_list-text">Bax 026 of Iran</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/blackoasis/" class=" "><span class="subnav_list-text">BlackOasis</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/blackshadow/" class=" "><span class="subnav_list-text">Blackshadow</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/blacktech/" class=" "><span class="subnav_list-text">BlackTech</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/blind-eagle/" class=" "><span class="subnav_list-text">Blind Eagle</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/bronze-butler/" class=" "><span class="subnav_list-text">BRONZE BUTLER</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cactuspete-apt/" class=" "><span class="subnav_list-text">CactusPete APT</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/carbanak/" class=" "><span class="subnav_list-text">Carbanak</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/chamelgang/" class=" "><span class="subnav_list-text">Chamelgang</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cloud-service-activity/" class=" "><span class="subnav_list-text">Cloud Service Activity</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cobalt-group/" class=" "><span class="subnav_list-text">Cobalt Group</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cosmic-lynx/" class=" "><span class="subnav_list-text">Cosmic Lynx</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/crouchingyeti/" class=" "><span class="subnav_list-text">CrouchingYeti</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/current-events/" class=" "><span class="subnav_list-text">Current Events</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dark-basin/" class=" "><span class="subnav_list-text">Dark Basin</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dark-caracal/" class=" "><span class="subnav_list-text">Dark Caracal</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/darkhotel/" class=" "><span class="subnav_list-text">Darkhotel</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/darkhydrus/" class=" "><span class="subnav_list-text">DarkHydrus</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/deep-panda/" class=" "><span class="subnav_list-text">Deep Panda</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/desert-falcons/" class=" "><span class="subnav_list-text">Desert Falcons</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/domestic-kitten/" class=" "><span class="subnav_list-text">Domestic Kitten</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dragonok/" class=" "><span class="subnav_list-text">DragonOK</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dustsquad/" class=" "><span class="subnav_list-text">DustSquad</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dust-storm/" class=" "><span class="subnav_list-text">Dust Storm</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/elderwood/" class=" "><span class="subnav_list-text">Elderwood</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/elephant-beetle/" class=" "><span class="subnav_list-text">Elephant Beetle</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/energetic-bear/" class=" "><span class="subnav_list-text">Energetic Bear</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/epic-manchego/" class=" "><span class="subnav_list-text">Epic Manchego</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/evil-corp/" class=" "><span class="subnav_list-text">Evil Corp</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/evilnum/" class=" "><span class="subnav_list-text">Evilnum</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/fin/" class=" "><span class="subnav_list-text">FIN Groups</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/funnydream/" class=" "><span class="subnav_list-text">FunnyDream</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/gallmaker/" class=" "><span class="subnav_list-text">Gallmaker</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/gamaredon-group/" class=" "><span class="subnav_list-text">Gamaredon Group</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/gaza-hacker-team/" class=" "><span class="subnav_list-text">Gaza Hacker Team</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/gcman/" class=" "><span class="subnav_list-text">GCMAN</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ghostemperor/" class=" "><span class="subnav_list-text">GhostEmperor</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/gorgon-group/" class=" "><span class="subnav_list-text">Gorgon Group</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/greenbug/" class=" "><span class="subnav_list-text">Greenbug</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/group5/" class=" "><span class="subnav_list-text">Group 5</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/group72/" class=" "><span class="subnav_list-text">Group 72</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/hafnium/" class=" "><span class="subnav_list-text">Hafnium</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/harvester/" class=" "><span class="subnav_list-text">Harvester</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/hexane/" class=" "><span class="subnav_list-text">Hexane</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/hidden-lynx/" class=" "><span class="subnav_list-text">Hidden Lynx</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/hive-ransomware/" class=" "><span class="subnav_list-text">Hive Ransomware</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/honeybee/" class=" "><span class="subnav_list-text">Honeybee</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/indra/" class=" "><span class="subnav_list-text">Indra</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ironhusky/" class=" "><span class="subnav_list-text">IronHusky</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/keyboy/" class=" "><span class="subnav_list-text">KeyBoy</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/killlsomeone/" class=" "><span class="subnav_list-text">KilllSomeOne</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/kimsuky/" class=" "><span class="subnav_list-text">Kimsuky</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/lazarus-group/" class=" "><span class="subnav_list-text">Lazarus Group</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/leafminer/" class=" "><span class="subnav_list-text">Leafminer</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/lebanese-cedar/" class=" "><span class="subnav_list-text">Lebanese Cedar</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/lotus-blossom/" class=" "><span class="subnav_list-text">Lotus Blossom</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/machete/" class=" "><span class="subnav_list-text">Machete</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/magnat/" class=" "><span class="subnav_list-text">Magnat</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/malsmoke/" class=" "><span class="subnav_list-text">Malsmoke</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/migrated-legacy-rules/" class=" "><span class="subnav_list-text">Migrated Legacy Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/modifiedelephant/" class=" "><span class="subnav_list-text">ModifiedElephant</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mofang/" class=" "><span class="subnav_list-text">Mofang</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/molerats/" class=" "><span class="subnav_list-text">Molerats</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/moses-staff/" class=" "><span class="subnav_list-text">Moses Staff</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/muddywater/" class=" "><span class="subnav_list-text">Muddywater</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mustang-panda/" class=" "><span class="subnav_list-text">Mustang Panda</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mythic-leopard/" class=" "><span class="subnav_list-text">Mythic Leopard</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/naikon/" class=" "><span class="subnav_list-text">Naikon</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/neodymium/" class=" "><span class="subnav_list-text">NEODYMIUM</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/network-traffic-analysis-threat/" class=" "><span class="subnav_list-text">Network Traffic Analysis</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/night-dragon/" class=" "><span class="subnav_list-text">Night Dragon</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/north-korea-dprk-actor/" class=" "><span class="subnav_list-text">North Korean State-Sponsored Actor</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/oldgremlin/" class=" "><span class="subnav_list-text">OldGremlin</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/orangeworm/" class=" "><span class="subnav_list-text">Orangeworm</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/patchwork/" class=" "><span class="subnav_list-text">Patchwork</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/platinum/" class=" "><span class="subnav_list-text">PLATINUM</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/poseidon-group/" class=" "><span class="subnav_list-text">Poseidon Group</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/promethium/" class=" "><span class="subnav_list-text">Promethium</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/pyxie/" class=" "><span class="subnav_list-text">Pyxie</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rancor/" class=" "><span class="subnav_list-text">Rancor</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/redcurl/" class=" "><span class="subnav_list-text">RedCurl</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/roaming-mantis/" class=" "><span class="subnav_list-text">Roaming Mantis</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rocke/" class=" "><span class="subnav_list-text">Rocke</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rtm/" class=" "><span class="subnav_list-text">RTM</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rocket-kitten/" class=" "><span class="subnav_list-text">Rocket Kitten</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sandworm-team/" class=" "><span class="subnav_list-text">Sandworm Team</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/scadafence-detections/" class=" "><span class="subnav_list-text">SCADAfence</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/scarlet-mimic/" class=" "><span class="subnav_list-text">Scarlet Mimic</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sidecopy/" class=" "><span class="subnav_list-text">SideCopy</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/silence/" class=" "><span class="subnav_list-text">Silence</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/silent-librarian/" class=" "><span class="subnav_list-text">Silent Librarian</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/silverterrier/" class=" "><span class="subnav_list-text">SilverTerrier</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/soft-cell/" class=" "><span class="subnav_list-text">Soft Cell</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sowbug/" class=" "><span class="subnav_list-text">Sowbug</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/spring-dragon-apt/" class=" "><span class="subnav_list-text">Spring Dragon APT</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/stealth-falcon/" class=" "><span class="subnav_list-text">Stealth Falcon</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/stolen-pencil/" class=" "><span class="subnav_list-text">Stolen Pencil</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/strider/" class=" "><span class="subnav_list-text">Strider</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/strongpity/" class=" "><span class="subnav_list-text">StrongPity</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suckfly/" class=" "><span class="subnav_list-text">Suckfly</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspicious-ingress-authentications/" class=" "><span class="subnav_list-text">Suspicious Ingress Authentications</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspicious-network-activity/" class=" "><span class="subnav_list-text">Suspicious Network Activity</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspicious-network-connections/" class=" "><span class="subnav_list-text">Suspicious Network Connections</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspicious-process-access/" class=" "><span class="subnav_list-text">Suspicious Process Access</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspicious-registry-events/" class=" "><span class="subnav_list-text">Suspicious Registry Events</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspicious-user-behavior/" class=" "><span class="subnav_list-text">Suspicious User Behavior</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspicious-web-requests/" class=" "><span class="subnav_list-text">Suspicious Web Requests</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sweed/" class=" "><span class="subnav_list-text">SWEED</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ta459/" class=" "><span class="subnav_list-text">TA459</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ta505/" class=" "><span class="subnav_list-text">TA505</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/taidoor/" class=" "><span class="subnav_list-text">Taidoor</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/teamtnt/" class=" "><span class="subnav_list-text">TeamTNT</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/the-mabna-hackers/" class=" "><span class="subnav_list-text">The Mabna Hackers</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/the-white-company/" class=" "><span class="subnav_list-text">The White Company</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/threat-command/" class=" "><span class="subnav_list-text">Threat Command</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/threat-group-1314/" class=" "><span class="subnav_list-text">Threat Group-1314</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/thrip/" class=" "><span class="subnav_list-text">Thrip</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/tropic-tropper/" class=" "><span class="subnav_list-text">Tropic Tropper</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/turbine-panda/" class=" "><span class="subnav_list-text">Turbine Panda</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/turla/" class=" "><span class="subnav_list-text">Turla</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/uac-0056/" class=" "><span class="subnav_list-text">UAC-0056</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/unc1151/" class=" "><span class="subnav_list-text">UNC1151</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/unc1945/" class=" "><span class="subnav_list-text">UNC1945</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/velvet-chollima/" class=" "><span class="subnav_list-text">Velvet Chollima</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/whitefly/" class=" "><span class="subnav_list-text">Whitefly</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/windshift/" class=" "><span class="subnav_list-text">Windshift</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/wirte/" class=" "><span class="subnav_list-text">WIRTE</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/wizard-spider/" class=" "><span class="subnav_list-text">Wizard Spider</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/xdspy/" class=" "><span class="subnav_list-text">XDSpy</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/yalishanda/" class=" "><span class="subnav_list-text">Yalishanda</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/endpoint-detection-rules/" class=" "><span class="subnav_list-text">Rules by Endpoint</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/windows-suspicious-process/" class=" "><span class="subnav_list-text">Windows Suspicious Process</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/windows-suspicious-services/" class=" "><span class="subnav_list-text">Windows Suspicious Services</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mac-suspicious-process/" class=" "><span class="subnav_list-text">Mac Suspicious Process</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/linux-suspicious-process/" class=" "><span class="subnav_list-text">Linux Suspicious Process</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/visibility-monitoring/" class=" "><span class="subnav_list-text">Visibility Monitoring</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/velociraptor-rules/" class=" "><span class="subnav_list-text">Velociraptor</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/uba-detections/" class=" "><span class="subnav_list-text">Legacy Detection Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">InsightIDR REST APIs<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/insightidr-rest-api/" class=" "><span class="subnav_list-text">InsightIDR REST APIs</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Event Source Configuration<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/insightidr-event-sources/" class=" "><span class="subnav_list-text">InsightIDR Event Sources</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/data-collection-methods/" class=" "><span class="subnav_list-text">Data Collection Methods</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/advanced-event-source-settings/" class=" "><span class="subnav_list-text">Advanced Event Source Settings</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/monitor-event-source-health/" class=" "><span class="subnav_list-text">Monitor Event Source Health</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/event-source-troubleshooting/" class=" "><span class="subnav_list-text">Event Source Troubleshooting</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/auto-configure/" class=" "><span class="subnav_list-text">Auto Configure</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rapid7-products/" class=" "><span class="subnav_list-text">Rapid7 Products</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/integrate-insightvm/" class=" "><span class="subnav_list-text">InsightVM</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/integrate-metasploit/" class=" "><span class="subnav_list-text">Metasploit</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/insightcloudsec/" class=" "><span class="subnav_list-text">InsightCloudSec</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/active-directory-overview/" class=" "><span class="subnav_list-text">Active Directory</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/active-directory/" class=" "><span class="subnav_list-text">Microsoft Active Directory Security Logs</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/active-directory-ad-domain-controller-event-source/" class=" "><span class="subnav_list-text">Troubleshooting Active Directory</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/advanced-malware/" class=" "><span class="subnav_list-text">Advanced Malware</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/fireeye-nx/" class=" "><span class="subnav_list-text">FireEye NX</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cloud-service/" class=" "><span class="subnav_list-text">Cloud Services</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/1password/" class=" "><span class="subnav_list-text">1Password</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/auth0/" class=" "><span class="subnav_list-text">Auth0</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/amazon-security-lake/" class=" "><span class="subnav_list-text">Amazon Security Lake</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/aws-appfabric/" class=" "><span class="subnav_list-text">AWS AppFabric</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/aws-cloudtrail-api/" class=" "><span class="subnav_list-text">AWS CloudTrail API</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/aws-cloudtrail-sqs/" class=" "><span class="subnav_list-text">AWS CloudTrail SQS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/boxcom/" class=" "><span class="subnav_list-text">Box.com</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/centrify-sso/" class=" "><span class="subnav_list-text">Centrify</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-amp-for-endpoints/" class=" "><span class="subnav_list-text">Cisco AMP</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cloudflare/" class=" "><span class="subnav_list-text">Cloudflare</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/duo-security/" class=" "><span class="subnav_list-text">Duo Security</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/google-apps/" class=" "><span class="subnav_list-text">Google Apps</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/google-cloud-platform/" class=" "><span class="subnav_list-text">Google Cloud Platform</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/idaptive-sso/" class=" "><span class="subnav_list-text">Idaptive</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/microsoft-azure/" class=" "><span class="subnav_list-text">Microsoft Azure</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mimecast/" class=" "><span class="subnav_list-text">Mimecast API 1.0</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mimecast-2.0/" class=" "><span class="subnav_list-text">Mimecast API 2.0</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/microsoft-office-365/" class=" "><span class="subnav_list-text">Office 365 (plus GCC and GCC High)</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/okta/" class=" "><span class="subnav_list-text">Okta.com</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/onelogin/" class=" "><span class="subnav_list-text">OneLogin</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/palo-alto-cortex-data-lake/" class=" "><span class="subnav_list-text">Palo Alto Cortex Data Lake</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/pingone/" class=" "><span class="subnav_list-text">Ping Identity PingOne</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/proofpoint-tap/" class=" "><span class="subnav_list-text">Proofpoint Targeted Attack Protection</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/salesforce/" class=" "><span class="subnav_list-text">Salesforce.com</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/workday/" class=" "><span class="subnav_list-text">Workday</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/zoom-pro/" class=" "><span class="subnav_list-text">Zoom</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/data-exporter/" class=" "><span class="subnav_list-text">Data Exporter</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/arcsight-data-exporter/" class=" "><span class="subnav_list-text">HP ArcSight</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/splunk-exporter/" class=" "><span class="subnav_list-text">Splunk</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/servicenow/" class=" "><span class="subnav_list-text">ServiceNow</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/webhook/" class=" "><span class="subnav_list-text">Universal Webhook</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/resilient-systems/" class=" "><span class="subnav_list-text">Resilient Systems</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/database/" class=" "><span class="subnav_list-text">Database</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/database-audit-logs/" class=" "><span class="subnav_list-text">Microsoft SQL Database Audit Logs</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dhcp/" class=" "><span class="subnav_list-text">DHCP</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/microsoft-dhcp/" class=" "><span class="subnav_list-text">Microsoft DHCP</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-ios/" class=" "><span class="subnav_list-text">Cisco IOS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/infoblox-trinzic/" class=" "><span class="subnav_list-text">Infoblox Trinzic</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/isc-dhcpd/" class=" "><span class="subnav_list-text">ISC dhcpd</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dhcp-troubleshooting/" class=" "><span class="subnav_list-text">DHCP Troubleshooting</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dns/" class=" "><span class="subnav_list-text">DNS</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/microsoft-dns/" class=" "><span class="subnav_list-text">Microsoft DNS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-umbrella/" class=" "><span class="subnav_list-text">Cisco Umbrella</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/isc-bind9/" class=" "><span class="subnav_list-text">ISC Bind9</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dns-troubleshooting/" class=" "><span class="subnav_list-text">DNS Troubleshooting</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/email-activesync/" class=" "><span class="subnav_list-text">Email and ActiveSync</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/owaactivesync/" class=" "><span class="subnav_list-text">Microsoft ActiveSync and Outlook Web Access</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/firewall/" class=" "><span class="subnav_list-text">Firewall</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/arista/" class=" "><span class="subnav_list-text">Arista Next Generation Firewall</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cato-networks/" class=" "><span class="subnav_list-text">Cato Networks</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/barracuda-firewall/" class=" "><span class="subnav_list-text">Barracuda Firewall</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/check-point-firewall/" class=" "><span class="subnav_list-text">Check Point</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-asa-firewall-vpn/" class=" "><span class="subnav_list-text">Cisco ASA</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-firepower-threat-defense/" class=" "><span class="subnav_list-text">Cisco FirePower Threat Defense</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-meraki/" class=" "><span class="subnav_list-text">Cisco Meraki Firewall/VPN</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/forcepoint-firewall/" class=" "><span class="subnav_list-text">Forcepoint Firewall</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/fortinet-firewall/" class=" "><span class="subnav_list-text">Fortinet Firewall</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/juniper-networks-screenos/" class=" "><span class="subnav_list-text">Juniper Networks ScreenOS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/palo-alto-firewall-vpn/" class=" "><span class="subnav_list-text">Palo Alto Networks Firewall and VPN (plus Wildfire)</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/pfsense-firewall/" class=" "><span class="subnav_list-text">pfSense Firewall</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/silverpeak-sd-wan/" class=" "><span class="subnav_list-text">SilverPeak SD WAN</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sonicwall-firewall/" class=" "><span class="subnav_list-text">SonicWALL Firewall</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sophos-utm/" class=" "><span class="subnav_list-text">Sophos UTM</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sophos-xg-firewall/" class=" "><span class="subnav_list-text">Sophos XG Firewall</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/versa-networks/" class=" "><span class="subnav_list-text">Versa Networks</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/watchguard-xtm/" class=" "><span class="subnav_list-text">WatchGuard XTM</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ids/" class=" "><span class="subnav_list-text">IDS</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/cisco-firepower/" class=" "><span class="subnav_list-text">Cisco Firepower (Sourcefire IDS, Cisco FireSIGHT)</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/f5-networks-big-ip-local-traffic-manager/" class=" "><span class="subnav_list-text">F5 Networks BIG-IP Local Traffic Manager</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mcafee-ids/" class=" "><span class="subnav_list-text">McAfee IDS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/security-onion/" class=" "><span class="subnav_list-text">Security Onion</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sentinel-ips/" class=" "><span class="subnav_list-text">Sentinel IPS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/snort/" class=" "><span class="subnav_list-text">Snort</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/insight-network-sensor-overview/" class=" "><span class="subnav_list-text">Network Sensor</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ingress-authentication/" class=" "><span class="subnav_list-text">Ingress Authentication</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/zscaler-lss/" class=" "><span class="subnav_list-text">Zscaler LSS</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ldap/" class=" "><span class="subnav_list-text">LDAP</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/ldap-troubleshooting/" class=" "><span class="subnav_list-text">LDAP Troubleshooting</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/aws-managed-microsoft-ad/" class=" "><span class="subnav_list-text">AWS Managed Microsoft AD</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rapid7-universal-event-sources/" class=" "><span class="subnav_list-text">Universal Event Sources</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/rapid7-universal-dhcp/" class=" "><span class="subnav_list-text">Rapid7 Universal DHCP</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rapid7-universal-antivirus/" class=" "><span class="subnav_list-text">Rapid7 Universal Antivirus</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rapid7-universal-ingress-authentication/" class=" "><span class="subnav_list-text">Rapid7 Universal Ingress Authentication</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rapid7-universal-vpn/" class=" "><span class="subnav_list-text">Rapid7 Universal VPN</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/raw-data/" class=" "><span class="subnav_list-text">Raw Data</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/generic-windows-event-log/" class=" "><span class="subnav_list-text">Generic Windows Event Log</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/custom-logs/" class=" "><span class="subnav_list-text">Custom Logs</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/aws-sqs/" class=" "><span class="subnav_list-text">AWS SQS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/nxlog/" class=" "><span class="subnav_list-text">NXLog</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/syslog-logging/" class=" "><span class="subnav_list-text">Syslog Logging</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/log-aggregators/" class=" "><span class="subnav_list-text">Log Aggregators</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/logrhythym/" class=" "><span class="subnav_list-text">LogRhythm</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/splunk/" class=" "><span class="subnav_list-text">Splunk</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ibm-qradar/" class=" "><span class="subnav_list-text">IBM QRadar</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/third-party-alerts/" class=" "><span class="subnav_list-text">Third Party Alerts</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/aws-guardduty/" class=" "><span class="subnav_list-text">AWS GuardDuty</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/carbon-black-edr/" class=" "><span class="subnav_list-text">Carbon Black EDR</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/code42/" class=" "><span class="subnav_list-text">Code42</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/crowdstrike-falcon-event-source/" class=" "><span class="subnav_list-text">Crowdstrike Falcon</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cyberark-pta-and-epv/" class=" "><span class="subnav_list-text">CyberArk Vault</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cybereason/" class=" "><span class="subnav_list-text">Cybereason</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cylanceprotect-cloud/" class=" "><span class="subnav_list-text">CylancePROTECT Cloud</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/darktrace/" class=" "><span class="subnav_list-text">Darktrace</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/gcp-scc/" class=" "><span class="subnav_list-text">Google Cloud Platform Security Command Center</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/microsoft-defender-atp/" class=" "><span class="subnav_list-text">Microsoft Defender for Endpoint</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/microsoft-security/" class=" "><span class="subnav_list-text">Microsoft Security</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/netskope/" class=" "><span class="subnav_list-text">Netskope</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/palo-alto-networks-cortex-xdr/" class=" "><span class="subnav_list-text">Palo Alto Networks Cortex XDR</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/palo-alto-networks-traps/" class=" "><span class="subnav_list-text">Palo Alto Networks Traps ESM</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/salesforce-threat-detection/" class=" "><span class="subnav_list-text">Salesforce Threat Detection</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/scadafence/" class=" "><span class="subnav_list-text">SCADAfence</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/varonis-datadvantage/" class=" "><span class="subnav_list-text">Varonis DatAdvantage</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/vectra-networks/" class=" "><span class="subnav_list-text">Vectra Networks</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/virus-scan/" class=" "><span class="subnav_list-text">Virus Scan</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/bitdefender/" class=" "><span class="subnav_list-text">BitDefender</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/carbon-black-cloud/" class=" "><span class="subnav_list-text">Carbon Black Cloud</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cylanceprotect/" class=" "><span class="subnav_list-text">CylancePROTECT</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/eset-antivirus/" class=" "><span class="subnav_list-text">ESET Antivirus</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/kaspersky-anti-virus/" class=" "><span class="subnav_list-text">Kaspersky Anti-Virus</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/malwarebytes-endpoint-protection/" class=" "><span class="subnav_list-text">MalwareBytes Endpoint Protection</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mcafee-epo/" class=" "><span class="subnav_list-text">McAfee ePO</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/palo-alto-traps/" class=" "><span class="subnav_list-text">Palo Alto Networks Traps TSM</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sentinelone/" class=" "><span class="subnav_list-text">SentinelOne Endpoint Detection and Response</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sophos-central/" class=" "><span class="subnav_list-text">Sophos Central</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sophos-av/" class=" "><span class="subnav_list-text">Sophos Enduser Protection</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sophos-intercept-x/" class=" "><span class="subnav_list-text">Sophos Intercept X</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/symantec-endpoint-protection/" class=" "><span class="subnav_list-text">Symantec Endpoint Protection</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/trend-micro-apex-one/" class=" "><span class="subnav_list-text">Trend Micro Apex One</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/trend-micro-deep-security/" class=" "><span class="subnav_list-text">Trend Micro Deep Security</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/trend-micro-officescan/" class=" "><span class="subnav_list-text">Trend Micro OfficeScan</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/vpn/" class=" "><span class="subnav_list-text">VPN</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/barracuda-ssl-vpn/" class=" "><span class="subnav_list-text">Barracuda SSL VPN</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-acs/" class=" "><span class="subnav_list-text">Cisco ACS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-ise/" class=" "><span class="subnav_list-text">Cisco ISE</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/microsoft-ias-radius/" class=" "><span class="subnav_list-text">Microsoft IAS (RADIUS)</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/microsoft-remote-web-access/" class=" "><span class="subnav_list-text">Microsoft Remote Web Access</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/citrix-netscaler-vpn/" class=" "><span class="subnav_list-text">NetScaler VPN</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/pulse-connect-secure/" class=" "><span class="subnav_list-text">Pulse Connect Secure</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/open-vpn/" class=" "><span class="subnav_list-text">OpenVPN</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/web-proxy/" class=" "><span class="subnav_list-text">Web Proxy</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/barracuda-web-security-gateway/" class=" "><span class="subnav_list-text">Barracuda Web Security Gateway</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/blue-coat-web-proxy/" class=" "><span class="subnav_list-text">Blue Coat Proxy</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mcafee-web-gateway/" class=" "><span class="subnav_list-text">McAfee Web Gateway</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sophos-secure-web-gateway/" class=" "><span class="subnav_list-text">Sophos Secure Web Gateway</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/websense/" class=" "><span class="subnav_list-text">Websense</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/zscaler-nss/" class=" "><span class="subnav_list-text">Zscaler NSS</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/web-server-access/" class=" "><span class="subnav_list-text">Web Server Access</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/microsoft-iis/" class=" "><span class="subnav_list-text">Microsoft IIS</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Administration<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/monthly-data-usage/" class=" "><span class="subnav_list-text">Monthly Data Usage</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/browser-settings/" class=" "><span class="subnav_list-text">Browser Settings</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/email-alerts/" class=" "><span class="subnav_list-text">Email Notifications</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/user-management/" class=" "><span class="subnav_list-text">User Management</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/single-sign-on/" class=" "><span class="subnav_list-text">Single Sign-On</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Release Notes<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="https://docs.rapid7.com/release-notes/insightidr/" target="_blank" class=" external"><span class="subnav_list-text">InsightIDR release notes<i class="r7-icon r7-icon-open-new-tab"></i></span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Support<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/contact-the-rapid7-support-team/" class=" "><span class="subnav_list-text">Contact the Rapid7 Support team</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/share-an-idea/" class=" "><span class="subnav_list-text">Share an idea with Rapid7</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div></div></div></div><div class="flex nav-bar__column nav-bar__column--right toc__nav-bar"><a class="nav-bar__toggle " role="button">On This Page<span role="button"></span></a><div class="nav-bar__toggle-content"><nav class="toc toc--is-open" aria-label="Table of contents" style="position:sticky;opacity:1;transform:none"><div class="toc__toggle" role="button" title="Close table of contents"><span class="toc__toggle-text hide-collapsed">On This Page</span><span class="toc__toggle-icon"></span></div><ul class="hide-collapsed"><li class=""><a href="#getting-started-with-insightidr" class=""><span>Getting Started with InsightIDR</span></a></li><li class=""><a href="#insightidr-is-your-cloudsiem-for-extended-detection-and-response" class=""><span>InsightIDR is your CloudSIEM for Extended Detection and Response</span></a><ul><li><a href="#insightidr-helps-customers-achieve-siem-and-xdr-outcomes" class=""><span>InsightIDR helps customers achieve SIEM and XDR outcomes</span></a></li></ul></li><li class=""><a href="#why-use-insightidr" class=""><span>Why Use InsightIDR?</span></a></li><li class=""><a href="#insightidr-in-action" class=""><span>InsightIDR in Action</span></a></li><li class=""><a href="#incident-response" class=""><span>Incident Response</span></a></li></ul></nav></div></div></div></div><div class="overlay" style="display:"></div></div><div class="container flex"><div class="sidebar-content"><div class="subnav"><div class="subnav_group"><div class="h3 subnav_group-title">Getting Started with InsightIDR<span class="subnav_list-toggle minus"></span></div><div><ul class="subnav_list"><li class="subnav_list-item subnav_list-item--open"><a href="/insightidr/insightidr-overview/" class="active "><span class="subnav_list-text">InsightIDR Overview</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/essential-quick-start-guide/" class=" "><span class="subnav_list-text">Essential | Quick Start Guide</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/advanced-quick-start-guide/" class=" "><span class="subnav_list-text">Advanced | Quick Start Guide</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ultimate-quick-start-guide/" class=" "><span class="subnav_list-text">Ultimate | Quick Start Guide</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Setup and Deployment<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/system-requirements/" class=" "><span class="subnav_list-text">System Requirements</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/set-up-a-service-account/" class=" "><span class="subnav_list-text">Setting Up a Service Account</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/network-and-environment-audit/" class=" "><span class="subnav_list-text">Network and Environment Audit</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/core-event-sources/" class=" "><span class="subnav_list-text">Core Event Sources</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/log-collection-and-storage/" class=" "><span class="subnav_list-text">Log Data Collection and Storage</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/data-archiving/" class=" "><span class="subnav_list-text">Data Archiving</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/non-admin-domain-controller-account/" class=" "><span class="subnav_list-text">Non-Admin Domain Controller Account</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/read-only-domain-controllers/" class=" "><span class="subnav_list-text">Read-Only Domain Controllers</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ports-used-by-insightidr/" class=" "><span class="subnav_list-text">Ports Used by InsightIDR</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/collector-overview/" class=" "><span class="subnav_list-text">Collector Overview</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/collector-requirements/" class=" "><span class="subnav_list-text">Collector Requirements</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/collector-installation-and-deployment/" class=" "><span class="subnav_list-text">Collector Installation and Deployment</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/collector-troubleshooting/" class=" "><span class="subnav_list-text">Collector Troubleshooting</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/collector-proxy-configuration/" class=" "><span class="subnav_list-text">Collector Proxy Configuration</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/insight-agent/" class=" "><span class="subnav_list-text">Insight Agent</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/configure-the-insight-agent-to-send-logs/" class=" "><span class="subnav_list-text">Configure the Insight Agent to Send Additional Logs</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/microsoft-windows-defender-antivirus/" class=" "><span class="subnav_list-text">Microsoft Windows Defender Antivirus</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/velociraptor-integration/" class=" "><span class="subnav_list-text">Velociraptor Integration</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/fim-recommendations/" class=" "><span class="subnav_list-text">FIM Recommendations</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/other-deployment-options/" class=" "><span class="subnav_list-text">Other Deployment Options</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Automation<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/get-started-with-aba-automation/" class=" "><span class="subnav_list-text">Get Started with Automation</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/get-started-with-automation/" class=" "><span class="subnav_list-text">Get Started with Automation for Legacy Detection Rules and Basic Detection Rules</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/alert-triggers/" class=" "><span class="subnav_list-text">Triggers for Legacy Detection Rules and Basic Detection Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/insight-orchestrator/" class=" "><span class="subnav_list-text">Insight Orchestrator Overview</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/configure-connections/" class=" "><span class="subnav_list-text">Configure Connections For Automation</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/activate-workflow-templates/" class=" "><span class="subnav_list-text">Automation Workflow Templates</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/automate-workflows/" class=" "><span class="subnav_list-text">Automation Workflows</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/kill-a-process/" class=" "><span class="subnav_list-text">Kill a Process</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspend-or-disable-a-user/" class=" "><span class="subnav_list-text">Suspend or Disable a User</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/quarantine-an-asset/" class=" "><span class="subnav_list-text">Quarantine an Asset</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/create-a-ticket/" class=" "><span class="subnav_list-text">Create a ServiceNow or JIRA Ticket</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/automated-enrichment-workflows/" class=" "><span class="subnav_list-text">Automated Enrichment Workflows</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/enrich-alert-data-with-open-source-plugins/" class=" "><span class="subnav_list-text">Enrich Alert Data with Open Source Plugins</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/get-started-with-on-demand-response-actions/" class=" "><span class="subnav_list-text">Get Started with On Demand Response Actions</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/automation-troubleshooting/" class=" "><span class="subnav_list-text">Automation Troubleshooting</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/send-insightconnect-events-to-insightidr/" class=" "><span class="subnav_list-text">Send InsightConnect Events to InsightIDR</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">How To<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/create-and-manage-credentials/" class=" "><span class="subnav_list-text">Manage Credentials</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/search-your-logs/" class=" "><span class="subnav_list-text">Search Your Logs</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/transform-logs-to-universal-event-format/" class=" "><span class="subnav_list-text">Transform Logs to Universal Event Format</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/delete-and-reinstall-a-collector/" class=" "><span class="subnav_list-text">Delete and Reinstall a Collector</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/deploy-deception-technology/" class=" "><span class="subnav_list-text">Deploy Deception Technology</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/investigate-an-asset-or-user/" class=" "><span class="subnav_list-text">Investigate an Asset or User</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/manage-event-sources/" class=" "><span class="subnav_list-text">Manage Event Sources</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/edit-event-source/" class=" "><span class="subnav_list-text">Edit Event Sources</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/copy-event-sources-to-a-new-collector/" class=" "><span class="subnav_list-text">Copy Event Sources to a New Collector</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/export-data/" class=" "><span class="subnav_list-text">Export Data</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/access-aws-resources-with-ec2-iam-roles/" class=" "><span class="subnav_list-text">Access AWS Resources with EC2 IAM Roles</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/monitor-your-security-operations-activities/" class=" "><span class="subnav_list-text">Monitor Your Security Operations Activities</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Concepts and Usage<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/rapid7-resource-names/" class=" "><span class="subnav_list-text">Rapid7 Resource Names</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/detection-rules/" class=" "><span class="subnav_list-text">Detection Rules</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/modify-detection-rules/" class=" "><span class="subnav_list-text">Modify Detection Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/modify-uba-detection-rules/" class=" "><span class="subnav_list-text">Modify Legacy Detection Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/custom-detection-rules/" class=" "><span class="subnav_list-text">Custom Detection Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/custom-detection-rules-faq/" class=" "><span class="subnav_list-text">Custom Detection Rules FAQ</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/detection-library/" class=" "><span class="subnav_list-text">Detection Library</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/detection-rule-exceptions/" class=" "><span class="subnav_list-text">Detection Rule Exceptions</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/create-and-manage-basic-detection-rules/" class=" "><span class="subnav_list-text">Create and Manage Basic Detection Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/basic-detection-rule-details/" class=" "><span class="subnav_list-text">Basic Detection Rule Details</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/basic-detection-rules-and-insight-connect/" class=" "><span class="subnav_list-text">Basic Detection Rules and InsightConnect</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/notable-events/" class=" "><span class="subnav_list-text">Notable Events</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/alerts/" class=" "><span class="subnav_list-text">Alerts</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/take-action-on-an-alert/" class=" "><span class="subnav_list-text">Take Action on an Alert</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/anatomy-of-an-alert/" class=" "><span class="subnav_list-text">Anatomy of an Alert</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/investigations/" class=" "><span class="subnav_list-text">Investigations</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/create-an-investigation/" class=" "><span class="subnav_list-text">Create an investigation</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/analyze-an-investigation/" class=" "><span class="subnav_list-text">Analyze an investigation</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/scheduled-forensics/" class=" "><span class="subnav_list-text">Schedule endpoint queries</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/close-an-investigation/" class=" "><span class="subnav_list-text">Close an investigation</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/multi-customer-investigations/" class=" "><span class="subnav_list-text">Multi-Customer Investigations</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/threat-command-alerts/" class=" "><span class="subnav_list-text">Investigate Threat Command Alerts</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/velociraptor-alerts/" class=" "><span class="subnav_list-text">Velociraptor</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/assets-on-your-domain/" class=" "><span class="subnav_list-text">Assets on Your Domain</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/restrict-or-allow-an-asset/" class=" "><span class="subnav_list-text">Mark an asset as restricted</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/manage-your-processes-and-hashes/" class=" "><span class="subnav_list-text">Manage your Processes and Hashes</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/exploitable-vulnerabilities/" class=" "><span class="subnav_list-text">Exploitable Vulnerabilities</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/lateral-movement/" class=" "><span class="subnav_list-text">Lateral Movement</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dashboards-and-reports/" class=" "><span class="subnav_list-text">Dashboards and Reports</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/endpoint-visibility-dashboard/" class=" "><span class="subnav_list-text">R7 Managed: Endpoint Visibility Validation Dashboard</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/deception-technology/" class=" "><span class="subnav_list-text">Deception Technology</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/honeypot/" class=" "><span class="subnav_list-text">Honeypot</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/honey-users/" class=" "><span class="subnav_list-text">Honey Users</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/honey-files/" class=" "><span class="subnav_list-text">Honey Files</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/honey-credentials/" class=" "><span class="subnav_list-text">Honey Credentials</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/honey-alerts/" class=" "><span class="subnav_list-text">Honey Alerts</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/troubleshooting-honeypots/" class=" "><span class="subnav_list-text">Troubleshooting Honeypots</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/aws-honeypots/" class=" "><span class="subnav_list-text">AWS Honeypots</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/file-access-activity-monitoring/" class=" "><span class="subnav_list-text">File Access Activity Monitoring</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/file-integrity-monitoring/" class=" "><span class="subnav_list-text">File Integrity Monitoring</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/fim-for-linux/" class=" "><span class="subnav_list-text">File Integrity Monitoring for Linux</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/search-logs-for-fim-events/" class=" "><span class="subnav_list-text">Search Logs for FIM Events</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/log-search/" class=" "><span class="subnav_list-text">Log Search</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/log-sets-you-can-search/" class=" "><span class="subnav_list-text">Log Sets You Can Search</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/components-for-building-a-query/" class=" "><span class="subnav_list-text">Components for Building a Query</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/keys-to-use-in-your-queries/" class=" "><span class="subnav_list-text">Keys to Use in Your Queries</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/example-queries/" class=" "><span class="subnav_list-text">Example Queries</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/use-variables-in-queries/" class=" "><span class="subnav_list-text">Use Variables in Queries</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/tips-and-tricks-for-building-queries/" class=" "><span class="subnav_list-text">Tips and Tricks for Building Queries</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/leverage-enhanced-endpoint-telemetry-data/" class=" "><span class="subnav_list-text">Leverage Enhanced Endpoint Telemetry Data</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/create-custom-parsing-rules/" class=" "><span class="subnav_list-text">Create Custom Parsing Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/legacy-log-search/" class=" "><span class="subnav_list-text">Legacy Log Search</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ls-glossary/" class=" "><span class="subnav_list-text">Glossary</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/network-rules/" class=" "><span class="subnav_list-text">Network Rules</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/network-zones-and-policies/" class=" "><span class="subnav_list-text">Network zones and policies</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/owned-and-ignored-domains/" class=" "><span class="subnav_list-text">Owned and Ignored Domains</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/firewall-rules/" class=" "><span class="subnav_list-text">Firewall Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ip-addresses/" class=" "><span class="subnav_list-text">IP Addresses</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/network-traffic-analysis/" class=" "><span class="subnav_list-text">Network Traffic Analysis</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/threats/" class=" "><span class="subnav_list-text">Threats</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/utilize-existing-threats/" class=" "><span class="subnav_list-text">Utilize Existing Threats</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/add-and-manage-threats/" class=" "><span class="subnav_list-text">Add and Manage Threats</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/users-and-accounts-on-your-domain/" class=" "><span class="subnav_list-text">Users and Accounts</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/admin-accounts/" class=" "><span class="subnav_list-text">Admin Users</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/non-expiring-and-service-accounts/" class=" "><span class="subnav_list-text">Non-Expiring and Service Accounts</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/shared-and-linked-accounts/" class=" "><span class="subnav_list-text">Shared and Linked Accounts</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/watchlist-and-risky-users/" class=" "><span class="subnav_list-text">Watchlist and Risky Users</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/account-tags/" class=" "><span class="subnav_list-text">User Tags</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/audit-logging/" class=" "><span class="subnav_list-text">Audit Logging</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/user-attribution/" class=" "><span class="subnav_list-text">User Attribution</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/quick-actions/" class=" "><span class="subnav_list-text">Quick Actions</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/data-storage-faq/" class=" "><span class="subnav_list-text">Data Storage and Retention FAQs</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Detection Library<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/detection-library-overview/" class=" "><span class="subnav_list-text">Overview</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/aba-detections/" class=" "><span class="subnav_list-text">Rules by Rule Set</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/agrius/" class=" "><span class="subnav_list-text">Agrius</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/antlion/" class=" "><span class="subnav_list-text">Antlion</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/apt-groups/" class=" "><span class="subnav_list-text">APT Groups</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/bahamut/" class=" "><span class="subnav_list-text">BAHAMUT</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/balikbayan-foxes/" class=" "><span class="subnav_list-text">Balikbayan Foxes</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/bax-026-of-iran/" class=" "><span class="subnav_list-text">Bax 026 of Iran</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/blackoasis/" class=" "><span class="subnav_list-text">BlackOasis</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/blackshadow/" class=" "><span class="subnav_list-text">Blackshadow</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/blacktech/" class=" "><span class="subnav_list-text">BlackTech</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/blind-eagle/" class=" "><span class="subnav_list-text">Blind Eagle</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/bronze-butler/" class=" "><span class="subnav_list-text">BRONZE BUTLER</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cactuspete-apt/" class=" "><span class="subnav_list-text">CactusPete APT</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/carbanak/" class=" "><span class="subnav_list-text">Carbanak</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/chamelgang/" class=" "><span class="subnav_list-text">Chamelgang</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cloud-service-activity/" class=" "><span class="subnav_list-text">Cloud Service Activity</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cobalt-group/" class=" "><span class="subnav_list-text">Cobalt Group</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cosmic-lynx/" class=" "><span class="subnav_list-text">Cosmic Lynx</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/crouchingyeti/" class=" "><span class="subnav_list-text">CrouchingYeti</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/current-events/" class=" "><span class="subnav_list-text">Current Events</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dark-basin/" class=" "><span class="subnav_list-text">Dark Basin</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dark-caracal/" class=" "><span class="subnav_list-text">Dark Caracal</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/darkhotel/" class=" "><span class="subnav_list-text">Darkhotel</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/darkhydrus/" class=" "><span class="subnav_list-text">DarkHydrus</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/deep-panda/" class=" "><span class="subnav_list-text">Deep Panda</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/desert-falcons/" class=" "><span class="subnav_list-text">Desert Falcons</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/domestic-kitten/" class=" "><span class="subnav_list-text">Domestic Kitten</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dragonok/" class=" "><span class="subnav_list-text">DragonOK</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dustsquad/" class=" "><span class="subnav_list-text">DustSquad</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dust-storm/" class=" "><span class="subnav_list-text">Dust Storm</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/elderwood/" class=" "><span class="subnav_list-text">Elderwood</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/elephant-beetle/" class=" "><span class="subnav_list-text">Elephant Beetle</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/energetic-bear/" class=" "><span class="subnav_list-text">Energetic Bear</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/epic-manchego/" class=" "><span class="subnav_list-text">Epic Manchego</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/evil-corp/" class=" "><span class="subnav_list-text">Evil Corp</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/evilnum/" class=" "><span class="subnav_list-text">Evilnum</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/fin/" class=" "><span class="subnav_list-text">FIN Groups</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/funnydream/" class=" "><span class="subnav_list-text">FunnyDream</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/gallmaker/" class=" "><span class="subnav_list-text">Gallmaker</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/gamaredon-group/" class=" "><span class="subnav_list-text">Gamaredon Group</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/gaza-hacker-team/" class=" "><span class="subnav_list-text">Gaza Hacker Team</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/gcman/" class=" "><span class="subnav_list-text">GCMAN</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ghostemperor/" class=" "><span class="subnav_list-text">GhostEmperor</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/gorgon-group/" class=" "><span class="subnav_list-text">Gorgon Group</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/greenbug/" class=" "><span class="subnav_list-text">Greenbug</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/group5/" class=" "><span class="subnav_list-text">Group 5</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/group72/" class=" "><span class="subnav_list-text">Group 72</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/hafnium/" class=" "><span class="subnav_list-text">Hafnium</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/harvester/" class=" "><span class="subnav_list-text">Harvester</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/hexane/" class=" "><span class="subnav_list-text">Hexane</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/hidden-lynx/" class=" "><span class="subnav_list-text">Hidden Lynx</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/hive-ransomware/" class=" "><span class="subnav_list-text">Hive Ransomware</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/honeybee/" class=" "><span class="subnav_list-text">Honeybee</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/indra/" class=" "><span class="subnav_list-text">Indra</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ironhusky/" class=" "><span class="subnav_list-text">IronHusky</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/keyboy/" class=" "><span class="subnav_list-text">KeyBoy</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/killlsomeone/" class=" "><span class="subnav_list-text">KilllSomeOne</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/kimsuky/" class=" "><span class="subnav_list-text">Kimsuky</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/lazarus-group/" class=" "><span class="subnav_list-text">Lazarus Group</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/leafminer/" class=" "><span class="subnav_list-text">Leafminer</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/lebanese-cedar/" class=" "><span class="subnav_list-text">Lebanese Cedar</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/lotus-blossom/" class=" "><span class="subnav_list-text">Lotus Blossom</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/machete/" class=" "><span class="subnav_list-text">Machete</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/magnat/" class=" "><span class="subnav_list-text">Magnat</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/malsmoke/" class=" "><span class="subnav_list-text">Malsmoke</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/migrated-legacy-rules/" class=" "><span class="subnav_list-text">Migrated Legacy Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/modifiedelephant/" class=" "><span class="subnav_list-text">ModifiedElephant</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mofang/" class=" "><span class="subnav_list-text">Mofang</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/molerats/" class=" "><span class="subnav_list-text">Molerats</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/moses-staff/" class=" "><span class="subnav_list-text">Moses Staff</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/muddywater/" class=" "><span class="subnav_list-text">Muddywater</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mustang-panda/" class=" "><span class="subnav_list-text">Mustang Panda</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mythic-leopard/" class=" "><span class="subnav_list-text">Mythic Leopard</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/naikon/" class=" "><span class="subnav_list-text">Naikon</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/neodymium/" class=" "><span class="subnav_list-text">NEODYMIUM</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/network-traffic-analysis-threat/" class=" "><span class="subnav_list-text">Network Traffic Analysis</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/night-dragon/" class=" "><span class="subnav_list-text">Night Dragon</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/north-korea-dprk-actor/" class=" "><span class="subnav_list-text">North Korean State-Sponsored Actor</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/oldgremlin/" class=" "><span class="subnav_list-text">OldGremlin</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/orangeworm/" class=" "><span class="subnav_list-text">Orangeworm</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/patchwork/" class=" "><span class="subnav_list-text">Patchwork</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/platinum/" class=" "><span class="subnav_list-text">PLATINUM</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/poseidon-group/" class=" "><span class="subnav_list-text">Poseidon Group</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/promethium/" class=" "><span class="subnav_list-text">Promethium</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/pyxie/" class=" "><span class="subnav_list-text">Pyxie</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rancor/" class=" "><span class="subnav_list-text">Rancor</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/redcurl/" class=" "><span class="subnav_list-text">RedCurl</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/roaming-mantis/" class=" "><span class="subnav_list-text">Roaming Mantis</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rocke/" class=" "><span class="subnav_list-text">Rocke</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rtm/" class=" "><span class="subnav_list-text">RTM</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rocket-kitten/" class=" "><span class="subnav_list-text">Rocket Kitten</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sandworm-team/" class=" "><span class="subnav_list-text">Sandworm Team</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/scadafence-detections/" class=" "><span class="subnav_list-text">SCADAfence</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/scarlet-mimic/" class=" "><span class="subnav_list-text">Scarlet Mimic</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sidecopy/" class=" "><span class="subnav_list-text">SideCopy</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/silence/" class=" "><span class="subnav_list-text">Silence</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/silent-librarian/" class=" "><span class="subnav_list-text">Silent Librarian</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/silverterrier/" class=" "><span class="subnav_list-text">SilverTerrier</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/soft-cell/" class=" "><span class="subnav_list-text">Soft Cell</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sowbug/" class=" "><span class="subnav_list-text">Sowbug</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/spring-dragon-apt/" class=" "><span class="subnav_list-text">Spring Dragon APT</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/stealth-falcon/" class=" "><span class="subnav_list-text">Stealth Falcon</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/stolen-pencil/" class=" "><span class="subnav_list-text">Stolen Pencil</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/strider/" class=" "><span class="subnav_list-text">Strider</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/strongpity/" class=" "><span class="subnav_list-text">StrongPity</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suckfly/" class=" "><span class="subnav_list-text">Suckfly</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspicious-ingress-authentications/" class=" "><span class="subnav_list-text">Suspicious Ingress Authentications</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspicious-network-activity/" class=" "><span class="subnav_list-text">Suspicious Network Activity</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspicious-network-connections/" class=" "><span class="subnav_list-text">Suspicious Network Connections</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspicious-process-access/" class=" "><span class="subnav_list-text">Suspicious Process Access</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspicious-registry-events/" class=" "><span class="subnav_list-text">Suspicious Registry Events</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspicious-user-behavior/" class=" "><span class="subnav_list-text">Suspicious User Behavior</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/suspicious-web-requests/" class=" "><span class="subnav_list-text">Suspicious Web Requests</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sweed/" class=" "><span class="subnav_list-text">SWEED</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ta459/" class=" "><span class="subnav_list-text">TA459</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ta505/" class=" "><span class="subnav_list-text">TA505</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/taidoor/" class=" "><span class="subnav_list-text">Taidoor</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/teamtnt/" class=" "><span class="subnav_list-text">TeamTNT</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/the-mabna-hackers/" class=" "><span class="subnav_list-text">The Mabna Hackers</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/the-white-company/" class=" "><span class="subnav_list-text">The White Company</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/threat-command/" class=" "><span class="subnav_list-text">Threat Command</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/threat-group-1314/" class=" "><span class="subnav_list-text">Threat Group-1314</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/thrip/" class=" "><span class="subnav_list-text">Thrip</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/tropic-tropper/" class=" "><span class="subnav_list-text">Tropic Tropper</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/turbine-panda/" class=" "><span class="subnav_list-text">Turbine Panda</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/turla/" class=" "><span class="subnav_list-text">Turla</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/uac-0056/" class=" "><span class="subnav_list-text">UAC-0056</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/unc1151/" class=" "><span class="subnav_list-text">UNC1151</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/unc1945/" class=" "><span class="subnav_list-text">UNC1945</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/velvet-chollima/" class=" "><span class="subnav_list-text">Velvet Chollima</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/whitefly/" class=" "><span class="subnav_list-text">Whitefly</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/windshift/" class=" "><span class="subnav_list-text">Windshift</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/wirte/" class=" "><span class="subnav_list-text">WIRTE</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/wizard-spider/" class=" "><span class="subnav_list-text">Wizard Spider</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/xdspy/" class=" "><span class="subnav_list-text">XDSpy</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/yalishanda/" class=" "><span class="subnav_list-text">Yalishanda</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/endpoint-detection-rules/" class=" "><span class="subnav_list-text">Rules by Endpoint</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/windows-suspicious-process/" class=" "><span class="subnav_list-text">Windows Suspicious Process</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/windows-suspicious-services/" class=" "><span class="subnav_list-text">Windows Suspicious Services</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mac-suspicious-process/" class=" "><span class="subnav_list-text">Mac Suspicious Process</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/linux-suspicious-process/" class=" "><span class="subnav_list-text">Linux Suspicious Process</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/visibility-monitoring/" class=" "><span class="subnav_list-text">Visibility Monitoring</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/velociraptor-rules/" class=" "><span class="subnav_list-text">Velociraptor</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/uba-detections/" class=" "><span class="subnav_list-text">Legacy Detection Rules</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">InsightIDR REST APIs<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/insightidr-rest-api/" class=" "><span class="subnav_list-text">InsightIDR REST APIs</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Event Source Configuration<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/insightidr-event-sources/" class=" "><span class="subnav_list-text">InsightIDR Event Sources</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/data-collection-methods/" class=" "><span class="subnav_list-text">Data Collection Methods</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/advanced-event-source-settings/" class=" "><span class="subnav_list-text">Advanced Event Source Settings</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/monitor-event-source-health/" class=" "><span class="subnav_list-text">Monitor Event Source Health</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/event-source-troubleshooting/" class=" "><span class="subnav_list-text">Event Source Troubleshooting</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/auto-configure/" class=" "><span class="subnav_list-text">Auto Configure</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rapid7-products/" class=" "><span class="subnav_list-text">Rapid7 Products</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/integrate-insightvm/" class=" "><span class="subnav_list-text">InsightVM</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/integrate-metasploit/" class=" "><span class="subnav_list-text">Metasploit</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/insightcloudsec/" class=" "><span class="subnav_list-text">InsightCloudSec</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/active-directory-overview/" class=" "><span class="subnav_list-text">Active Directory</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/active-directory/" class=" "><span class="subnav_list-text">Microsoft Active Directory Security Logs</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/active-directory-ad-domain-controller-event-source/" class=" "><span class="subnav_list-text">Troubleshooting Active Directory</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/advanced-malware/" class=" "><span class="subnav_list-text">Advanced Malware</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/fireeye-nx/" class=" "><span class="subnav_list-text">FireEye NX</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cloud-service/" class=" "><span class="subnav_list-text">Cloud Services</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/1password/" class=" "><span class="subnav_list-text">1Password</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/auth0/" class=" "><span class="subnav_list-text">Auth0</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/amazon-security-lake/" class=" "><span class="subnav_list-text">Amazon Security Lake</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/aws-appfabric/" class=" "><span class="subnav_list-text">AWS AppFabric</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/aws-cloudtrail-api/" class=" "><span class="subnav_list-text">AWS CloudTrail API</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/aws-cloudtrail-sqs/" class=" "><span class="subnav_list-text">AWS CloudTrail SQS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/boxcom/" class=" "><span class="subnav_list-text">Box.com</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/centrify-sso/" class=" "><span class="subnav_list-text">Centrify</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-amp-for-endpoints/" class=" "><span class="subnav_list-text">Cisco AMP</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cloudflare/" class=" "><span class="subnav_list-text">Cloudflare</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/duo-security/" class=" "><span class="subnav_list-text">Duo Security</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/google-apps/" class=" "><span class="subnav_list-text">Google Apps</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/google-cloud-platform/" class=" "><span class="subnav_list-text">Google Cloud Platform</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/idaptive-sso/" class=" "><span class="subnav_list-text">Idaptive</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/microsoft-azure/" class=" "><span class="subnav_list-text">Microsoft Azure</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mimecast/" class=" "><span class="subnav_list-text">Mimecast API 1.0</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mimecast-2.0/" class=" "><span class="subnav_list-text">Mimecast API 2.0</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/microsoft-office-365/" class=" "><span class="subnav_list-text">Office 365 (plus GCC and GCC High)</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/okta/" class=" "><span class="subnav_list-text">Okta.com</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/onelogin/" class=" "><span class="subnav_list-text">OneLogin</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/palo-alto-cortex-data-lake/" class=" "><span class="subnav_list-text">Palo Alto Cortex Data Lake</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/pingone/" class=" "><span class="subnav_list-text">Ping Identity PingOne</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/proofpoint-tap/" class=" "><span class="subnav_list-text">Proofpoint Targeted Attack Protection</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/salesforce/" class=" "><span class="subnav_list-text">Salesforce.com</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/workday/" class=" "><span class="subnav_list-text">Workday</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/zoom-pro/" class=" "><span class="subnav_list-text">Zoom</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/data-exporter/" class=" "><span class="subnav_list-text">Data Exporter</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/arcsight-data-exporter/" class=" "><span class="subnav_list-text">HP ArcSight</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/splunk-exporter/" class=" "><span class="subnav_list-text">Splunk</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/servicenow/" class=" "><span class="subnav_list-text">ServiceNow</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/webhook/" class=" "><span class="subnav_list-text">Universal Webhook</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/resilient-systems/" class=" "><span class="subnav_list-text">Resilient Systems</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/database/" class=" "><span class="subnav_list-text">Database</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/database-audit-logs/" class=" "><span class="subnav_list-text">Microsoft SQL Database Audit Logs</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dhcp/" class=" "><span class="subnav_list-text">DHCP</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/microsoft-dhcp/" class=" "><span class="subnav_list-text">Microsoft DHCP</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-ios/" class=" "><span class="subnav_list-text">Cisco IOS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/infoblox-trinzic/" class=" "><span class="subnav_list-text">Infoblox Trinzic</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/isc-dhcpd/" class=" "><span class="subnav_list-text">ISC dhcpd</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dhcp-troubleshooting/" class=" "><span class="subnav_list-text">DHCP Troubleshooting</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dns/" class=" "><span class="subnav_list-text">DNS</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/microsoft-dns/" class=" "><span class="subnav_list-text">Microsoft DNS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-umbrella/" class=" "><span class="subnav_list-text">Cisco Umbrella</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/isc-bind9/" class=" "><span class="subnav_list-text">ISC Bind9</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/dns-troubleshooting/" class=" "><span class="subnav_list-text">DNS Troubleshooting</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/email-activesync/" class=" "><span class="subnav_list-text">Email and ActiveSync</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/owaactivesync/" class=" "><span class="subnav_list-text">Microsoft ActiveSync and Outlook Web Access</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/firewall/" class=" "><span class="subnav_list-text">Firewall</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/arista/" class=" "><span class="subnav_list-text">Arista Next Generation Firewall</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cato-networks/" class=" "><span class="subnav_list-text">Cato Networks</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/barracuda-firewall/" class=" "><span class="subnav_list-text">Barracuda Firewall</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/check-point-firewall/" class=" "><span class="subnav_list-text">Check Point</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-asa-firewall-vpn/" class=" "><span class="subnav_list-text">Cisco ASA</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-firepower-threat-defense/" class=" "><span class="subnav_list-text">Cisco FirePower Threat Defense</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-meraki/" class=" "><span class="subnav_list-text">Cisco Meraki Firewall/VPN</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/forcepoint-firewall/" class=" "><span class="subnav_list-text">Forcepoint Firewall</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/fortinet-firewall/" class=" "><span class="subnav_list-text">Fortinet Firewall</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/juniper-networks-screenos/" class=" "><span class="subnav_list-text">Juniper Networks ScreenOS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/palo-alto-firewall-vpn/" class=" "><span class="subnav_list-text">Palo Alto Networks Firewall and VPN (plus Wildfire)</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/pfsense-firewall/" class=" "><span class="subnav_list-text">pfSense Firewall</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/silverpeak-sd-wan/" class=" "><span class="subnav_list-text">SilverPeak SD WAN</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sonicwall-firewall/" class=" "><span class="subnav_list-text">SonicWALL Firewall</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sophos-utm/" class=" "><span class="subnav_list-text">Sophos UTM</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sophos-xg-firewall/" class=" "><span class="subnav_list-text">Sophos XG Firewall</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/versa-networks/" class=" "><span class="subnav_list-text">Versa Networks</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/watchguard-xtm/" class=" "><span class="subnav_list-text">WatchGuard XTM</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ids/" class=" "><span class="subnav_list-text">IDS</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/cisco-firepower/" class=" "><span class="subnav_list-text">Cisco Firepower (Sourcefire IDS, Cisco FireSIGHT)</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/f5-networks-big-ip-local-traffic-manager/" class=" "><span class="subnav_list-text">F5 Networks BIG-IP Local Traffic Manager</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mcafee-ids/" class=" "><span class="subnav_list-text">McAfee IDS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/security-onion/" class=" "><span class="subnav_list-text">Security Onion</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sentinel-ips/" class=" "><span class="subnav_list-text">Sentinel IPS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/snort/" class=" "><span class="subnav_list-text">Snort</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/insight-network-sensor-overview/" class=" "><span class="subnav_list-text">Network Sensor</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ingress-authentication/" class=" "><span class="subnav_list-text">Ingress Authentication</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/zscaler-lss/" class=" "><span class="subnav_list-text">Zscaler LSS</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ldap/" class=" "><span class="subnav_list-text">LDAP</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/ldap-troubleshooting/" class=" "><span class="subnav_list-text">LDAP Troubleshooting</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/aws-managed-microsoft-ad/" class=" "><span class="subnav_list-text">AWS Managed Microsoft AD</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rapid7-universal-event-sources/" class=" "><span class="subnav_list-text">Universal Event Sources</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/rapid7-universal-dhcp/" class=" "><span class="subnav_list-text">Rapid7 Universal DHCP</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rapid7-universal-antivirus/" class=" "><span class="subnav_list-text">Rapid7 Universal Antivirus</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rapid7-universal-ingress-authentication/" class=" "><span class="subnav_list-text">Rapid7 Universal Ingress Authentication</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/rapid7-universal-vpn/" class=" "><span class="subnav_list-text">Rapid7 Universal VPN</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/raw-data/" class=" "><span class="subnav_list-text">Raw Data</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/generic-windows-event-log/" class=" "><span class="subnav_list-text">Generic Windows Event Log</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/custom-logs/" class=" "><span class="subnav_list-text">Custom Logs</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/aws-sqs/" class=" "><span class="subnav_list-text">AWS SQS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/nxlog/" class=" "><span class="subnav_list-text">NXLog</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/syslog-logging/" class=" "><span class="subnav_list-text">Syslog Logging</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/log-aggregators/" class=" "><span class="subnav_list-text">Log Aggregators</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/logrhythym/" class=" "><span class="subnav_list-text">LogRhythm</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/splunk/" class=" "><span class="subnav_list-text">Splunk</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/ibm-qradar/" class=" "><span class="subnav_list-text">IBM QRadar</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/third-party-alerts/" class=" "><span class="subnav_list-text">Third Party Alerts</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/aws-guardduty/" class=" "><span class="subnav_list-text">AWS GuardDuty</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/carbon-black-edr/" class=" "><span class="subnav_list-text">Carbon Black EDR</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/code42/" class=" "><span class="subnav_list-text">Code42</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/crowdstrike-falcon-event-source/" class=" "><span class="subnav_list-text">Crowdstrike Falcon</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cyberark-pta-and-epv/" class=" "><span class="subnav_list-text">CyberArk Vault</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cybereason/" class=" "><span class="subnav_list-text">Cybereason</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cylanceprotect-cloud/" class=" "><span class="subnav_list-text">CylancePROTECT Cloud</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/darktrace/" class=" "><span class="subnav_list-text">Darktrace</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/gcp-scc/" class=" "><span class="subnav_list-text">Google Cloud Platform Security Command Center</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/microsoft-defender-atp/" class=" "><span class="subnav_list-text">Microsoft Defender for Endpoint</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/microsoft-security/" class=" "><span class="subnav_list-text">Microsoft Security</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/netskope/" class=" "><span class="subnav_list-text">Netskope</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/palo-alto-networks-cortex-xdr/" class=" "><span class="subnav_list-text">Palo Alto Networks Cortex XDR</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/palo-alto-networks-traps/" class=" "><span class="subnav_list-text">Palo Alto Networks Traps ESM</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/salesforce-threat-detection/" class=" "><span class="subnav_list-text">Salesforce Threat Detection</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/scadafence/" class=" "><span class="subnav_list-text">SCADAfence</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/varonis-datadvantage/" class=" "><span class="subnav_list-text">Varonis DatAdvantage</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/vectra-networks/" class=" "><span class="subnav_list-text">Vectra Networks</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/virus-scan/" class=" "><span class="subnav_list-text">Virus Scan</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/bitdefender/" class=" "><span class="subnav_list-text">BitDefender</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/carbon-black-cloud/" class=" "><span class="subnav_list-text">Carbon Black Cloud</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cylanceprotect/" class=" "><span class="subnav_list-text">CylancePROTECT</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/eset-antivirus/" class=" "><span class="subnav_list-text">ESET Antivirus</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/kaspersky-anti-virus/" class=" "><span class="subnav_list-text">Kaspersky Anti-Virus</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/malwarebytes-endpoint-protection/" class=" "><span class="subnav_list-text">MalwareBytes Endpoint Protection</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mcafee-epo/" class=" "><span class="subnav_list-text">McAfee ePO</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/palo-alto-traps/" class=" "><span class="subnav_list-text">Palo Alto Networks Traps TSM</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sentinelone/" class=" "><span class="subnav_list-text">SentinelOne Endpoint Detection and Response</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sophos-central/" class=" "><span class="subnav_list-text">Sophos Central</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sophos-av/" class=" "><span class="subnav_list-text">Sophos Enduser Protection</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sophos-intercept-x/" class=" "><span class="subnav_list-text">Sophos Intercept X</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/symantec-endpoint-protection/" class=" "><span class="subnav_list-text">Symantec Endpoint Protection</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/trend-micro-apex-one/" class=" "><span class="subnav_list-text">Trend Micro Apex One</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/trend-micro-deep-security/" class=" "><span class="subnav_list-text">Trend Micro Deep Security</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/trend-micro-officescan/" class=" "><span class="subnav_list-text">Trend Micro OfficeScan</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/vpn/" class=" "><span class="subnav_list-text">VPN</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/barracuda-ssl-vpn/" class=" "><span class="subnav_list-text">Barracuda SSL VPN</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-acs/" class=" "><span class="subnav_list-text">Cisco ACS</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/cisco-ise/" class=" "><span class="subnav_list-text">Cisco ISE</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/microsoft-ias-radius/" class=" "><span class="subnav_list-text">Microsoft IAS (RADIUS)</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/microsoft-remote-web-access/" class=" "><span class="subnav_list-text">Microsoft Remote Web Access</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/citrix-netscaler-vpn/" class=" "><span class="subnav_list-text">NetScaler VPN</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/pulse-connect-secure/" class=" "><span class="subnav_list-text">Pulse Connect Secure</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/open-vpn/" class=" "><span class="subnav_list-text">OpenVPN</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/web-proxy/" class=" "><span class="subnav_list-text">Web Proxy</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/barracuda-web-security-gateway/" class=" "><span class="subnav_list-text">Barracuda Web Security Gateway</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/blue-coat-web-proxy/" class=" "><span class="subnav_list-text">Blue Coat Proxy</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/mcafee-web-gateway/" class=" "><span class="subnav_list-text">McAfee Web Gateway</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/sophos-secure-web-gateway/" class=" "><span class="subnav_list-text">Sophos Secure Web Gateway</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/websense/" class=" "><span class="subnav_list-text">Websense</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/zscaler-nss/" class=" "><span class="subnav_list-text">Zscaler NSS</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li><li class="subnav_list-item"><a href="/insightidr/web-server-access/" class=" "><span class="subnav_list-text">Web Server Access</span><span class="subnav_list-toggle plus"></span></a><div class="subnav_list-sub"><ul><li class="subnav_list-item"><a href="/insightidr/microsoft-iis/" class=" "><span class="subnav_list-text">Microsoft IIS</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Administration<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/monthly-data-usage/" class=" "><span class="subnav_list-text">Monthly Data Usage</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/browser-settings/" class=" "><span class="subnav_list-text">Browser Settings</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/email-alerts/" class=" "><span class="subnav_list-text">Email Notifications</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/user-management/" class=" "><span class="subnav_list-text">User Management</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/single-sign-on/" class=" "><span class="subnav_list-text">Single Sign-On</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Release Notes<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="https://docs.rapid7.com/release-notes/insightidr/" target="_blank" class=" external"><span class="subnav_list-text">InsightIDR release notes<i class="r7-icon r7-icon-open-new-tab"></i></span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div><div class="subnav_group"><div class="h3 subnav_group-title">Support<span class="subnav_list-toggle plus"></span></div><div style="display:none"><ul class="subnav_list"><li class="subnav_list-item"><a href="/insightidr/contact-the-rapid7-support-team/" class=" "><span class="subnav_list-text">Contact the Rapid7 Support team</span></a><div class="subnav_list-sub"><ul></ul></div></li><li class="subnav_list-item"><a href="/insightidr/share-an-idea/" class=" "><span class="subnav_list-text">Share an idea with Rapid7</span></a><div class="subnav_list-sub"><ul></ul></div></li></ul></div></div></div></div><div class="main-content"><div class="inner-content"><div class="html-block"><h1 id="insightidr-overview" class="page-title">InsightIDR Overview<span title="Copy link to clipboard"></span></h1><p>Rapid7鈥檚 InsightIDR is your security center for incident detection and response, authentication monitoring, and endpoint visibility. Together, these form Extended Detection and Response (XDR). InsightIDR identifies unauthorized access from external and internal threats and highlights suspicious activity so you don鈥檛 have to weed through thousands of data streams. XDR accelerates more comprehensive threat detection and response. This cloud-native, cloud-scalable security solution can unify and transform multiple telemetry sources. Read more about XDR in Rapid7&#x27;s <a href="https://www.rapid7.com/fundamentals/extended-detection-response/">blog</a>.</p><p><a style="cursor:pointer" title="Expand"><img src="/api/docs/file/product-documentation__master/insightidr/images/idr-detection-response-diagram.png" alt="Insight IDR diagram"/></a></p><p>InsightIDR combines the full power of endpoint forensics, log search, and sophisticated dashboards into a single solution. It is a Software as a Service (SaaS) tool that collects data from your existing network security tools, authentication logs, and endpoint devices. InsightIDR then aggregates the data at an on-premises Collector or a dedicated host machine that centralizes your data.</p><p><a style="cursor:pointer" title="Expand"><img src="/api/docs/file/product-documentation__master/insightidr/images/insightidr-architecture.png" alt="InsightIDR Architecture Diagram"/></a></p><p>Use this Collector to gather and transmit your logs securely to Amazon Web Services (AWS), which hosts customer databases and the web interface. Rapid7 runs analytics on this data to correlate users, accounts, authentications, alerts, and privileges. The analysis provides insight into user behavior while searching for known indicators of compromise.</p><p>Rapid7 recommends keeping dedicated Collectors on-premises to collect event data, log data, and endpoint data.</p><p>For real-time endpoint data collection, install the <a href="/insightidr/insight-agent">Insight Agent</a> on your assets.</p><h2 id="getting-started-with-insightidr">Getting Started with InsightIDR<span class="copy-btn" title="Copy link to clipboard"></span></h2><p>We offer three different InsightIDR packages for you to choose from based on your security needs: InsightIDR Essential, InsightIDR Advanced, and InsightIDR Ultimate.</p><p>We&#x27;ve created individualized Quick Start Guides to help you get started with InsightIDR. Navigate to the version that aligns with your product!</p><ul><li><strong><a href="https://docs.rapid7.com/insightidr/essential-quick-start-guide" target="_blank">InsightIDR Essential | Quick Start Guide</a></strong>: Your basic security incident and event management tool to meet your compliance requirements.</li><li><strong><a href="https://docs.rapid7.com/insightidr/advanced-quick-start-guide" target="_blank">InsightIDR Advanced | Quick Start Guide</a></strong>: Your core security incident and event management tool for detection and response.</li><li><strong><a href="https://docs.rapid7.com/insightidr/ultimate-quick-start-guide" target="_blank">InsightIDR Ultimate | Quick Start Guide</a></strong>: Your security incident and event management tool for extended detection and response (XDR).</li></ul><div class="block-callout info"><h3 id="Unsure-about-which-Quick-Start-Guide-is-for-you" class="block-callout__title">Unsure about which Quick Start Guide is for you?<span class="copy-btn" title="Copy link to clipboard"></span></h3><p>If you purchased InsightIDR (not designated as Essential, Advanced, or Ultimate), please follow <strong><a href="insightidr/advanced-quick-start-guide">InsightIDR Quick Start Guide | Advanced</a></strong> for tasks and materials suited to your product.</p></div><h2 id="insightidr-is-your-cloudsiem-for-extended-detection-and-response">InsightIDR is your CloudSIEM for Extended Detection and Response<span class="copy-btn" title="Copy link to clipboard"></span></h2><p>InsightIDR鈥擱apid7鈥檚 natively cloud Security Information and Event Monitoring (SIEM) and Extended Detection and Response (XDR) solution鈥攄elivers accelerated detection and response through:</p><ul><li>A frictionless deployment experience</li><li>Intuitive SaaS interface</li><li>Comprehensive environment visibility</li><li>Expertly vetted detections</li><li>Embedded threat intelligence</li><li>Powerful investigation tools</li><li>Automated response capabilities</li></ul><p>XDR unifies and transforms relevant security data from across your modern environment to detect real attacks and provide security teams with high-context, actionable insights to investigate and extinguish threats faster.</p><h3 id="insightidr-helps-customers-achieve-siem-and-xdr-outcomes">InsightIDR helps customers achieve SIEM and XDR outcomes<span class="copy-btn" title="Copy link to clipboard"></span></h3><p><a style="cursor:pointer" title="Expand"><img src="/api/docs/file/product-documentation__master/insightidr/images/Advanced_CloudSIEM_XDR_graphic.png" alt="InsightIDR Advanced Cloud SIEM and XDR"/></a></p><h2 id="why-use-insightidr">Why Use InsightIDR?<span class="copy-btn" title="Copy link to clipboard"></span></h2><p>When you connect all of the various data streams to InsightIDR, you can take advantage of all the following built-in features made with users in mind:</p><ul><li><strong>Unify Your Data Into a Single Security View</strong>: Track user network resources, their devices, and their visited cloud services. InsightIDR normalizes network data and attributes it to users, so you know the origin, owner, and time of event.</li><li><strong>Analyze Raw Logs, Endpoint Data, and Network Traffic</strong>: InsightIDR collects data streams from every possible place and brings them together in one convenient place for you to analyze. Sift through raw logs, visualize your endpoint data, or organize your network traffic from users.</li><li><strong>Receive Alerts for Suspicious Activity</strong>: Whether or not suspicious activity is happening on your network, InsightIDR sets up traps that alert you of security gaps.</li><li><strong>Prioritize Events</strong>: Because traffic and data is normalized, InsightIDR automatically prioritizes network events and brings notable events to your attention. InsightIDR filters out non-critical events so you can focus on the important ones.</li><li><strong>Investigate Events</strong>: In the event of a breach, security teams will have contextual information of compromised data, time of event, and possible next actions of the intruder.</li><li><strong>Monitor Your Security Operations Activities</strong>: The Security Operations Activity dashboard synthesizes your data into actionable insights, making it easier to respond to alerts, report on threat trends, and analyze the overall effectiveness of your security team.</li></ul><h2 id="insightidr-in-action">InsightIDR in Action<span class="copy-btn" title="Copy link to clipboard"></span></h2><p>Various Operation departments use InsightIDR at companies large and small, but an Information Security (InfoSec) team, uses InsightIDR everyday to keep a network safe. <strong>To keep their network safe, the InfoSec team might:</strong></p><ul><li>Investigate an alert and confirm suspicious behavior on the Investigations page.</li><li>Look over details and activity collected in an incident, such as time, users, activity, and assets involved.</li><li>Gather evidence and monitor users and assets by using the Watchlist or Restricted Asset list.</li><li>Contextualize suspicious behavior by searching logs, browsing through firewall activity, or combing through IP addresses.</li></ul><h2 id="incident-response">Incident Response<span class="copy-btn" title="Copy link to clipboard"></span></h2><p>While many incidents can be false alarms, InsightIDR contextualizes malicious events so that an InfoSec team can properly respond. If they need to, InfoSec can wipe an asset, reinstall a clean OS, and start over. In extreme cases, InfoSec can destroy an asset that is beyond repair.</p></div><div class="feedback adjusted"><div class="feedback__title">Did this page help you?</div><button class="feedback__yes flex flex-ai-c"><img src="/Areas/Docs/includes/img/icon-thumbs-up.svg"/> Yes</button><button class="feedback__no flex flex-ai-c"><img src="/Areas/Docs/includes/img/icon-thumbs-up.svg"/> No</button></div><div class="postnav"><a href="/insightidr/essential-quick-start-guide" class="postnav__link next"><div class="postnav__text"><div class="postnav__parent">Getting Started with InsightIDR</div><div class="postnav__post">Essential | Quick Start Guide</div></div><div class="postnav__icon"><i class="r7-icon r7-icon-arrow-chevron-right"></i></div></a></div></div></div><aside class="gutter"><nav class="toc toc--is-open" aria-label="Table of contents" style="position:sticky;opacity:1;transform:none"><div class="toc__toggle" role="button" title="Close table of contents"><span class="toc__toggle-text hide-collapsed">On This Page</span><span class="toc__toggle-icon"></span></div><ul class="hide-collapsed"><li class=""><a href="#getting-started-with-insightidr" class=""><span>Getting Started with InsightIDR</span></a></li><li class=""><a href="#insightidr-is-your-cloudsiem-for-extended-detection-and-response" class=""><span>InsightIDR is your CloudSIEM for Extended Detection and Response</span></a><ul><li><a href="#insightidr-helps-customers-achieve-siem-and-xdr-outcomes" class=""><span>InsightIDR helps customers achieve SIEM and XDR outcomes</span></a></li></ul></li><li class=""><a href="#why-use-insightidr" class=""><span>Why Use InsightIDR?</span></a></li><li class=""><a href="#insightidr-in-action" class=""><span>InsightIDR in Action</span></a></li><li class=""><a href="#incident-response" class=""><span>Incident Response</span></a></li></ul></nav></aside></div><div class="postnav-border"></div></div> </div> <footer class="footer"> <div class="container wrapper"> <section class="footer__links"> <div class="footer__links-wrapper"> <div class="footer__links-col"> <div class="footer__links-section footer__contact"> <a href="https://www.rapid7.com"> <img alt="Rapid7 logo" class="logo" data-src="/Areas/Docs/includes/img/r7-nav/Rapid7_logo.svg" src="/Areas/Docs/includes/img/r7-nav/Rapid7_logo.svg"> </a> <div class="footer__links-title">CUSTOMER SUPPORT</div> <a class="link" href="tel:1-866-390-8113">+1-866-390-8113 (Toll Free)</a> <div class="footer__links-title">SALES SUPPORT</div> <a class="link" href="tel:866-772-7437">+1-866-772-7437 (Toll Free)</a> <div class="footer__breach"> <div class="footer__breach-title">Need to report an Escalation or a Breach?</div> <div class="footer__breach-contact"> <div class="footer__breach-icon"></div> <div class="footer__breach-phone"><a href="https://www.rapid7.com/services/incident-response-customer-escalation/">Get Help</a></div> </div> </div> </div> <div class="footer__links-section footer__solutions"> <div class="footer__links-title">SOLUTIONS</div> <a class="link" href="https://www.rapid7.com/platform/">The Command Platform</a> <a class="link" href="https://www.rapid7.com/products/command/exposure-management/">Exposure Command</a> <a class="link" href="https://www.rapid7.com/services/managed-detection-and-response-mdr/">Managed Threat Complete</a> </div> </div> <div class="footer__links-col"> <div class="footer__links-section footer__support"> <div class="footer__links-title">SUPPORT & RESOURCES</div> <a class="link" href="https://www.rapid7.com/for-customers/">Product Support</a> <a class="link" href="https://www.rapid7.com/resources/">Resource Library</a> <a class="link" href="https://www.rapid7.com/customers/">Our Customers</a> <a class="link" href="https://www.rapid7.com/about/events-webcasts/">Events & Webcasts</a> <a class="link" href="https://www.rapid7.com/services/training-certification/">Training & Certification</a> <a class="link" href="https://www.rapid7.com/fundamentals/">Cybersecurity Fundamentals</a> <a class="link" href="https://www.rapid7.com/db/">Vulnerability & Exploit Database</a> </div> <div class="footer__links-section footer__about"> <div class="footer__links-title">ABOUT US</div> <a class="link" href="https://www.rapid7.com/about/company/">Company</a> <a class="link" href="https://www.rapid7.com/about/diversity-equity-and-inclusion/">Diversity, Equity, and Inclusion</a> <a class="link" href="https://www.rapid7.com/about/leadership/">Leadership</a> <a class="link" href="https://www.rapid7.com/about/news/">News & Press Releases</a> <a class="link" href="https://www.rapid7.com/about/public-policy/">Public Policy</a> <a class="link" href="https://www.rapid7.com/open-source/">Open Source</a> <a class="link" href="https://investors.rapid7.com/overview/default.aspx">Investors</a> </div> </div> <div class="footer__links-col"> <div class="footer__links-section footer__connect"> <div class="footer__links-title">CONNECT WITH US</div> <a class="link" href="https://www.rapid7.com/contact/">Contact</a> <a class="link" href="https://www.rapid7.com/blog/">Blog</a> <a class="link" href="https://insight.rapid7.com/login">Support Login</a> <a class="link" href="https://careers.rapid7.com/careers-home">Careers</a> <div class="footer__links-social"> <a class="linkedin" href="https://www.linkedin.com/company/39624" target="_blank"></a> <a class="twitter" href="https://twitter.com/Rapid7" target="_blank"></a> <a class="facebook" href="https://www.facebook.com/rapid7" target="_blank"></a> <a class="instagram" href="https://www.instagram.com/rapid7/" target="_blank"></a> </div> <div class="footer__links-partner"> <a class="bruins-link no-new-open" href="https://www.rapid7.com/about/rapid7-cybersecurity-partner-boston-bruins/" target="_blank"> <img class="bruins" src="/includes/img/rapid7-officialpartner-darkbg.png" title="Rapid7 Official Cybersecurity Partner of the Boston Bruins" alt="Rapid7 Official Cybersecurity Partner of the Boston Bruins" /> </a> </div> </div> </div> </div> </section> </div> <section class="footer__legal"> <div class="container wrapper"> <div class="footer__legal-copyright">漏 Rapid7</div> <div class="footer__legal-link"><a href="https://www.rapid7.com/legal">Legal Terms</a></div> &nbsp; | &nbsp; <div class="footer__legal-link"><a href="https://www.rapid7.com/privacy-policy">Privacy Policy</a></div> &nbsp; | &nbsp; <div class="footer__legal-link"><a href="https://www.rapid7.com/export-notice">Export Notice</a></div> &nbsp; | &nbsp; <div class="footer__legal-link"><a href="https://www.rapid7.com/trust">Trust</a> </div> </div> </section> </footer> <script src="/areas/docs/includes/dist/runtime.bundle.js?91b95aada2e8e5c1bfd9"></script><script src="/areas/docs/includes/dist/vendor.bundle.js?91b95aada2e8e5c1bfd9"></script><script src="/areas/docs/includes/dist/app.bundle.js?91b95aada2e8e5c1bfd9"></script> <script>ReactDOM.hydrate(React.createElement(Components.ProductDocPage, {"basePath":"insightidr","product":"InsightIDR","productFolder":"insightidr","pagePath":"/insightidr-overview","navItems":[{"title":"Getting Started with InsightIDR","navItems":[{"text":"InsightIDR Overview","href":"/insightidr-overview","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":true,"reqIpimsAuth":false},{"text":"Essential | Quick Start Guide","href":"/essential-quick-start-guide","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":"Getting Started with InsightIDR","children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Advanced | Quick Start Guide","href":"/advanced-quick-start-guide","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Ultimate | Quick Start Guide","href":"/ultimate-quick-start-guide","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHeader":false},{"title":"Setup and Deployment","navItems":[{"text":"System Requirements","href":"/system-requirements","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Setting Up a Service Account","href":"/set-up-a-service-account","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Network and Environment Audit","href":"/network-and-environment-audit","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Core Event Sources","href":"/core-event-sources","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Log Data Collection and Storage","href":"/log-collection-and-storage","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Data Archiving","href":"/data-archiving","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Non-Admin Domain Controller Account","href":"/non-admin-domain-controller-account","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Read-Only Domain Controllers","href":"/read-only-domain-controllers","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Ports Used by InsightIDR","href":"/ports-used-by-insightidr","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Collector Overview","href":"/collector-overview","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Collector Requirements","href":"/collector-requirements","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Collector Installation and Deployment","href":"/collector-installation-and-deployment","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Collector Troubleshooting","href":"/collector-troubleshooting","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Collector Proxy Configuration","href":"/collector-proxy-configuration","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Insight Agent","href":"/insight-agent","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Configure the Insight Agent to Send Additional Logs","href":"/configure-the-insight-agent-to-send-logs","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Microsoft Windows Defender Antivirus","href":"/microsoft-windows-defender-antivirus","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Velociraptor Integration","href":"/velociraptor-integration","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"FIM Recommendations","href":"/fim-recommendations","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Other Deployment Options","href":"/other-deployment-options","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHeader":false},{"title":"Automation","navItems":[{"text":"Get Started with Automation","href":"/get-started-with-aba-automation","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Get Started with Automation for Legacy Detection Rules and Basic Detection Rules","href":"/get-started-with-automation","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Triggers for Legacy Detection Rules and Basic Detection Rules","href":"/alert-triggers","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Insight Orchestrator Overview","href":"/insight-orchestrator","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Configure Connections For Automation","href":"/configure-connections","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Automation Workflow Templates","href":"/activate-workflow-templates","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Automation Workflows","href":"/automate-workflows","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Kill a Process","href":"/kill-a-process","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Suspend or Disable a User","href":"/suspend-or-disable-a-user","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Quarantine an Asset","href":"/quarantine-an-asset","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Create a ServiceNow or JIRA Ticket","href":"/create-a-ticket","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Automated Enrichment Workflows","href":"/automated-enrichment-workflows","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Enrich Alert Data with Open Source Plugins","href":"/enrich-alert-data-with-open-source-plugins","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Get Started with On Demand Response Actions","href":"/get-started-with-on-demand-response-actions","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Automation Troubleshooting","href":"/automation-troubleshooting","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Send InsightConnect Events to InsightIDR","href":"/send-insightconnect-events-to-insightidr","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHeader":false},{"title":"How To","navItems":[{"text":"Manage Credentials","href":"/create-and-manage-credentials","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Search Your Logs","href":"/search-your-logs","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Transform Logs to Universal Event Format","href":"/transform-logs-to-universal-event-format","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Delete and Reinstall a Collector","href":"/delete-and-reinstall-a-collector","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Deploy Deception Technology","href":"/deploy-deception-technology","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Investigate an Asset or User","href":"/investigate-an-asset-or-user","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Manage Event Sources","href":"/manage-event-sources","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Edit Event Sources","href":"/edit-event-source","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Copy Event Sources to a New Collector","href":"/copy-event-sources-to-a-new-collector","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Export Data","href":"/export-data","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Access AWS Resources with EC2 IAM Roles","href":"/access-aws-resources-with-ec2-iam-roles","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Monitor Your Security Operations Activities","href":"/monitor-your-security-operations-activities","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHeader":false},{"title":"Concepts and Usage","navItems":[{"text":"Rapid7 Resource Names","href":"/rapid7-resource-names","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Detection Rules","href":"/detection-rules","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Modify Detection Rules","href":"/modify-detection-rules","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Modify Legacy Detection Rules","href":"/modify-uba-detection-rules","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Custom Detection Rules","href":"/custom-detection-rules","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Custom Detection Rules FAQ","href":"/custom-detection-rules-faq","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Detection Library","href":"/detection-library","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Detection Rule Exceptions","href":"/detection-rule-exceptions","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Create and Manage Basic Detection Rules","href":"/create-and-manage-basic-detection-rules","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Basic Detection Rule Details","href":"/basic-detection-rule-details","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Basic Detection Rules and InsightConnect","href":"/basic-detection-rules-and-insight-connect","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Notable Events","href":"/notable-events","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Alerts","href":"/alerts","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Take Action on an Alert","href":"/take-action-on-an-alert","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Anatomy of an Alert","href":"/anatomy-of-an-alert","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Investigations","href":"/investigations","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Create an investigation","href":"/create-an-investigation","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Analyze an investigation","href":"/analyze-an-investigation","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Schedule endpoint queries","href":"/scheduled-forensics","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Close an investigation","href":"/close-an-investigation","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Multi-Customer Investigations","href":"/multi-customer-investigations","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Investigate Threat Command Alerts","href":"/threat-command-alerts","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Velociraptor","href":"/velociraptor-alerts","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Assets on Your Domain","href":"/assets-on-your-domain","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Mark an asset as restricted","href":"/restrict-or-allow-an-asset","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Manage your Processes and Hashes","href":"/manage-your-processes-and-hashes","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Exploitable Vulnerabilities","href":"/exploitable-vulnerabilities","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Lateral Movement","href":"/lateral-movement","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Dashboards and Reports","href":"/dashboards-and-reports","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"R7 Managed: Endpoint Visibility Validation Dashboard","href":"/endpoint-visibility-dashboard","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Deception Technology","href":"/deception-technology","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Honeypot","href":"/honeypot","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Honey Users","href":"/honey-users","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Honey Files","href":"/honey-files","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Honey Credentials","href":"/honey-credentials","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Honey Alerts","href":"/honey-alerts","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Troubleshooting Honeypots","href":"/troubleshooting-honeypots","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"AWS Honeypots","href":"/aws-honeypots","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"File Access Activity Monitoring","href":"/file-access-activity-monitoring","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"File Integrity Monitoring","href":"/file-integrity-monitoring","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"File Integrity Monitoring for Linux","href":"/fim-for-linux","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Search Logs for FIM Events","href":"/search-logs-for-fim-events","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Log Search","href":"/log-search","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Log Sets You Can Search","href":"/log-sets-you-can-search","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Components for Building a Query","href":"/components-for-building-a-query","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Keys to Use in Your Queries","href":"/keys-to-use-in-your-queries","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Example Queries","href":"/example-queries","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Use Variables in Queries","href":"/use-variables-in-queries","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Tips and Tricks for Building Queries","href":"/tips-and-tricks-for-building-queries","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Leverage Enhanced Endpoint Telemetry Data","href":"/leverage-enhanced-endpoint-telemetry-data","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Create Custom Parsing Rules","href":"/create-custom-parsing-rules","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Legacy Log Search","href":"/legacy-log-search","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Glossary","href":"/ls-glossary","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Automatic Log Structuring","href":"/automatic-log-structuring","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":true,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Network Rules","href":"/network-rules","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Network zones and policies","href":"/network-zones-and-policies","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Owned and Ignored Domains","href":"/owned-and-ignored-domains","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Firewall Rules","href":"/firewall-rules","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"IP Addresses","href":"/ip-addresses","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Network Traffic Analysis","href":"/network-traffic-analysis","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Threats","href":"/threats","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Utilize Existing Threats","href":"/utilize-existing-threats","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Add and Manage Threats","href":"/add-and-manage-threats","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Users and Accounts","href":"/users-and-accounts-on-your-domain","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Admin Users","href":"/admin-accounts","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Non-Expiring and Service Accounts","href":"/non-expiring-and-service-accounts","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Shared and Linked Accounts","href":"/shared-and-linked-accounts","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Watchlist and Risky Users","href":"/watchlist-and-risky-users","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"User Tags","href":"/account-tags","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Audit Logging","href":"/audit-logging","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"User Attribution","href":"/user-attribution","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Quick Actions","href":"/quick-actions","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Data Storage and Retention FAQs","href":"/data-storage-faq","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHeader":false},{"title":"Detection Library","navItems":[{"text":"Overview","href":"/detection-library-overview","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Rules by Rule Set","href":"/aba-detections","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Agrius","href":"/agrius","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Antlion","href":"/antlion","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"APT Groups","href":"/apt-groups","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"BAHAMUT","href":"/bahamut","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Balikbayan Foxes","href":"/balikbayan-foxes","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Bax 026 of Iran","href":"/bax-026-of-iran","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"BlackOasis","href":"/blackoasis","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Blackshadow","href":"/blackshadow","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"BlackTech","href":"/blacktech","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Blind Eagle","href":"/blind-eagle","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"BRONZE BUTLER","href":"/bronze-butler","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"CactusPete APT","href":"/cactuspete-apt","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Carbanak","href":"/carbanak","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Chamelgang","href":"/chamelgang","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cloud Service Activity","href":"/cloud-service-activity","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cobalt Group","href":"/cobalt-group","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cosmic Lynx","href":"/cosmic-lynx","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"CrouchingYeti","href":"/crouchingyeti","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Current Events","href":"/current-events","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Dark Basin","href":"/dark-basin","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Dark Caracal","href":"/dark-caracal","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Darkhotel","href":"/darkhotel","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"DarkHydrus","href":"/darkhydrus","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Deep Panda","href":"/deep-panda","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Desert Falcons","href":"/desert-falcons","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Domestic Kitten","href":"/domestic-kitten","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"DragonOK","href":"/dragonok","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"DustSquad","href":"/dustsquad","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Dust Storm","href":"/dust-storm","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Elderwood","href":"/elderwood","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Elephant Beetle","href":"/elephant-beetle","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Energetic Bear","href":"/energetic-bear","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Epic Manchego","href":"/epic-manchego","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Evil Corp","href":"/evil-corp","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Evilnum","href":"/evilnum","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"FIN Groups","href":"/fin","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"FunnyDream","href":"/funnydream","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Gallmaker","href":"/gallmaker","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Gamaredon Group","href":"/gamaredon-group","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Gaza Hacker Team","href":"/gaza-hacker-team","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"GCMAN","href":"/gcman","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"GhostEmperor","href":"/ghostemperor","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Gorgon Group","href":"/gorgon-group","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Greenbug","href":"/greenbug","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Group 5","href":"/group5","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Group 72","href":"/group72","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Hafnium","href":"/hafnium","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Harvester","href":"/harvester","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Hexane","href":"/hexane","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Hidden Lynx","href":"/hidden-lynx","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Hive Ransomware","href":"/hive-ransomware","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Honeybee","href":"/honeybee","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Indra","href":"/indra","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"IronHusky","href":"/ironhusky","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"KeyBoy","href":"/keyboy","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"KilllSomeOne","href":"/killlsomeone","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Kimsuky","href":"/kimsuky","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Lazarus Group","href":"/lazarus-group","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Leafminer","href":"/leafminer","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Lebanese Cedar","href":"/lebanese-cedar","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Lotus Blossom","href":"/lotus-blossom","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Machete","href":"/machete","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Magnat","href":"/magnat","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Malsmoke","href":"/malsmoke","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Migrated Legacy Rules","href":"/migrated-legacy-rules","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"ModifiedElephant","href":"/modifiedelephant","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Mofang","href":"/mofang","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Molerats","href":"/molerats","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Moses Staff","href":"/moses-staff","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Muddywater","href":"/muddywater","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Mustang Panda","href":"/mustang-panda","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Mythic Leopard","href":"/mythic-leopard","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Naikon","href":"/naikon","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"NEODYMIUM","href":"/neodymium","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Network Traffic Analysis","href":"/network-traffic-analysis-threat","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Night Dragon","href":"/night-dragon","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"North Korean State-Sponsored Actor","href":"/north-korea-dprk-actor","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"OldGremlin","href":"/oldgremlin","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Orangeworm","href":"/orangeworm","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Patchwork","href":"/patchwork","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"PLATINUM","href":"/platinum","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Poseidon Group","href":"/poseidon-group","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Promethium","href":"/promethium","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Pyxie","href":"/pyxie","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Rancor","href":"/rancor","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"RedCurl","href":"/redcurl","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Roaming Mantis","href":"/roaming-mantis","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Rocke","href":"/rocke","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"RTM","href":"/rtm","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Rocket Kitten","href":"/rocket-kitten","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Sandworm Team","href":"/sandworm-team","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"SCADAfence","href":"/scadafence-detections","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Scarlet Mimic","href":"/scarlet-mimic","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"SideCopy","href":"/sidecopy","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Silence","href":"/silence","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Silent Librarian","href":"/silent-librarian","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"SilverTerrier","href":"/silverterrier","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Soft Cell","href":"/soft-cell","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Sowbug","href":"/sowbug","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Spring Dragon APT","href":"/spring-dragon-apt","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Stealth Falcon","href":"/stealth-falcon","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Stolen Pencil","href":"/stolen-pencil","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Strider","href":"/strider","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"StrongPity","href":"/strongpity","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Suckfly","href":"/suckfly","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Suspicious Ingress Authentications","href":"/suspicious-ingress-authentications","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Suspicious Network Activity","href":"/suspicious-network-activity","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Suspicious Network Connections","href":"/suspicious-network-connections","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Suspicious Process Access","href":"/suspicious-process-access","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Suspicious Registry Events","href":"/suspicious-registry-events","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Suspicious User Behavior","href":"/suspicious-user-behavior","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Suspicious Web Requests","href":"/suspicious-web-requests","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"SWEED","href":"/sweed","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"TA459","href":"/ta459","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"TA505","href":"/ta505","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Taidoor","href":"/taidoor","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"TeamTNT","href":"/teamtnt","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"The Mabna Hackers","href":"/the-mabna-hackers","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"The White Company","href":"/the-white-company","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Threat Command","href":"/threat-command","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Threat Group-1314","href":"/threat-group-1314","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Thrip","href":"/thrip","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Tropic Tropper","href":"/tropic-tropper","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Turbine Panda","href":"/turbine-panda","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Turla","href":"/turla","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"UAC-0056","href":"/uac-0056","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"UNC1151","href":"/unc1151","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"UNC1945","href":"/unc1945","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Velvet Chollima","href":"/velvet-chollima","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Whitefly","href":"/whitefly","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Windshift","href":"/windshift","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"WIRTE","href":"/wirte","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Wizard Spider","href":"/wizard-spider","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"XDSpy","href":"/xdspy","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Yalishanda","href":"/yalishanda","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Rules by Endpoint","href":"/endpoint-detection-rules","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Windows Suspicious Process","href":"/windows-suspicious-process","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Windows Suspicious Services","href":"/windows-suspicious-services","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Mac Suspicious Process","href":"/mac-suspicious-process","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Linux Suspicious Process","href":"/linux-suspicious-process","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Visibility Monitoring","href":"/visibility-monitoring","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Velociraptor","href":"/velociraptor-rules","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Legacy Detection Rules","href":"/uba-detections","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHeader":false},{"title":"InsightIDR REST APIs","navItems":[{"text":"InsightIDR REST APIs","href":"/insightidr-rest-api","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHeader":false},{"title":"Event Source Configuration","navItems":[{"text":"InsightIDR Event Sources","href":"/insightidr-event-sources","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Data Collection Methods","href":"/data-collection-methods","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Advanced Event Source Settings","href":"/advanced-event-source-settings","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Monitor Event Source Health","href":"/monitor-event-source-health","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Event Source Troubleshooting","href":"/event-source-troubleshooting","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Auto Configure","href":"/auto-configure","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Rapid7 Products","href":"/rapid7-products","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"InsightVM","href":"/integrate-insightvm","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Metasploit","href":"/integrate-metasploit","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"InsightCloudSec","href":"/insightcloudsec","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Active Directory","href":"/active-directory-overview","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Microsoft Active Directory Security Logs","href":"/active-directory","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Troubleshooting Active Directory","href":"/active-directory-ad-domain-controller-event-source","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Advanced Malware","href":"/advanced-malware","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"FireEye NX","href":"/fireeye-nx","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cloud Services","href":"/cloud-service","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"1Password","href":"/1password","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Auth0","href":"/auth0","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Amazon Security Lake","href":"/amazon-security-lake","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"AWS AppFabric","href":"/aws-appfabric","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"AWS CloudTrail API","href":"/aws-cloudtrail-api","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"AWS CloudTrail SQS","href":"/aws-cloudtrail-sqs","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Box.com","href":"/boxcom","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Centrify","href":"/centrify-sso","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cisco AMP","href":"/cisco-amp-for-endpoints","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cloudflare","href":"/cloudflare","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Duo Security","href":"/duo-security","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Google Apps","href":"/google-apps","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Google Cloud Platform","href":"/google-cloud-platform","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Idaptive","href":"/idaptive-sso","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"JumpCloud","href":"/jumpcloud","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":true,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Microsoft Azure","href":"/microsoft-azure","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Mimecast API 1.0","href":"/mimecast","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Mimecast API 2.0","href":"/mimecast-2.0","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Office 365 (plus GCC and GCC High)","href":"/microsoft-office-365","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Okta.com","href":"/okta","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"OneLogin","href":"/onelogin","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Palo Alto Cortex Data Lake","href":"/palo-alto-cortex-data-lake","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Ping Identity PingOne","href":"/pingone","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Proofpoint Targeted Attack Protection","href":"/proofpoint-tap","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Salesforce.com","href":"/salesforce","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Workday","href":"/workday","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Zoom","href":"/zoom-pro","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Data Exporter","href":"/data-exporter","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"HP ArcSight","href":"/arcsight-data-exporter","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Splunk","href":"/splunk-exporter","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"ServiceNow","href":"/servicenow","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Universal Webhook","href":"/webhook","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Resilient Systems","href":"/resilient-systems","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Database","href":"/database","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Microsoft SQL Database Audit Logs","href":"/database-audit-logs","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"DHCP","href":"/dhcp","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Microsoft DHCP","href":"/microsoft-dhcp","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cisco IOS","href":"/cisco-ios","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Infoblox Trinzic","href":"/infoblox-trinzic","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"ISC dhcpd","href":"/isc-dhcpd","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"DHCP Troubleshooting","href":"/dhcp-troubleshooting","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"DNS","href":"/dns","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Microsoft DNS","href":"/microsoft-dns","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cisco Umbrella","href":"/cisco-umbrella","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"ISC Bind9","href":"/isc-bind9","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"DNS Troubleshooting","href":"/dns-troubleshooting","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Email and ActiveSync","href":"/email-activesync","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Microsoft ActiveSync and Outlook Web Access","href":"/owaactivesync","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Firewall","href":"/firewall","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Arista Next Generation Firewall","href":"/arista","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cato Networks","href":"/cato-networks","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Barracuda Firewall","href":"/barracuda-firewall","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Check Point","href":"/check-point-firewall","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cisco ASA","href":"/cisco-asa-firewall-vpn","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cisco FirePower Threat Defense","href":"/cisco-firepower-threat-defense","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cisco Meraki Firewall/VPN","href":"/cisco-meraki","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Forcepoint Firewall","href":"/forcepoint-firewall","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Fortinet Firewall","href":"/fortinet-firewall","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Juniper Networks ScreenOS","href":"/juniper-networks-screenos","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Palo Alto Networks Firewall and VPN (plus Wildfire)","href":"/palo-alto-firewall-vpn","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"pfSense Firewall","href":"/pfsense-firewall","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"SilverPeak SD WAN","href":"/silverpeak-sd-wan","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"SonicWALL Firewall","href":"/sonicwall-firewall","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Sophos UTM","href":"/sophos-utm","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Sophos XG Firewall","href":"/sophos-xg-firewall","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Versa Networks","href":"/versa-networks","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"WatchGuard XTM","href":"/watchguard-xtm","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"IDS","href":"/ids","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Cisco Firepower (Sourcefire IDS, Cisco FireSIGHT)","href":"/cisco-firepower","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"F5 Networks BIG-IP Local Traffic Manager","href":"/f5-networks-big-ip-local-traffic-manager","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"McAfee IDS","href":"/mcafee-ids","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Security Onion","href":"/security-onion","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Sentinel IPS","href":"/sentinel-ips","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Snort","href":"/snort","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Network Sensor","href":"/insight-network-sensor-overview","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Ingress Authentication","href":"/ingress-authentication","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Zscaler LSS","href":"/zscaler-lss","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"LDAP","href":"/ldap","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"LDAP Troubleshooting","href":"/ldap-troubleshooting","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"AWS Managed Microsoft AD","href":"/aws-managed-microsoft-ad","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Universal Event Sources","href":"/rapid7-universal-event-sources","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Rapid7 Universal DHCP","href":"/rapid7-universal-dhcp","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Rapid7 Universal Antivirus","href":"/rapid7-universal-antivirus","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Rapid7 Universal Ingress Authentication","href":"/rapid7-universal-ingress-authentication","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Rapid7 Universal VPN","href":"/rapid7-universal-vpn","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Raw Data","href":"/raw-data","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Generic Windows Event Log","href":"/generic-windows-event-log","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Custom Logs","href":"/custom-logs","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"AWS SQS","href":"/aws-sqs","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"NXLog","href":"/nxlog","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Generic Syslog","href":"/generic-syslog","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":true,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Syslog Logging","href":"/syslog-logging","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Log Aggregators","href":"/log-aggregators","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"LogRhythm","href":"/logrhythym","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Splunk","href":"/splunk","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"IBM QRadar","href":"/ibm-qradar","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Third Party Alerts","href":"/third-party-alerts","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"AWS GuardDuty","href":"/aws-guardduty","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Carbon Black EDR","href":"/carbon-black-edr","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Code42","href":"/code42","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Crowdstrike Falcon","href":"/crowdstrike-falcon-event-source","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"CyberArk Vault","href":"/cyberark-pta-and-epv","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cybereason","href":"/cybereason","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"CylancePROTECT Cloud","href":"/cylanceprotect-cloud","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Darktrace","href":"/darktrace","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Google Cloud Platform Security Command Center","href":"/gcp-scc","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Microsoft Defender for Endpoint","href":"/microsoft-defender-atp","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Microsoft Security","href":"/microsoft-security","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Netskope","href":"/netskope","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Palo Alto Networks Cortex XDR","href":"/palo-alto-networks-cortex-xdr","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Palo Alto Networks Traps ESM","href":"/palo-alto-networks-traps","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Salesforce Threat Detection","href":"/salesforce-threat-detection","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"SCADAfence","href":"/scadafence","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Varonis DatAdvantage","href":"/varonis-datadvantage","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Vectra Networks","href":"/vectra-networks","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Virus Scan","href":"/virus-scan","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"BitDefender","href":"/bitdefender","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Carbon Black Cloud","href":"/carbon-black-cloud","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"CylancePROTECT","href":"/cylanceprotect","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"ESET Antivirus","href":"/eset-antivirus","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Kaspersky Anti-Virus","href":"/kaspersky-anti-virus","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"MalwareBytes Endpoint Protection","href":"/malwarebytes-endpoint-protection","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"McAfee ePO","href":"/mcafee-epo","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Palo Alto Networks Traps TSM","href":"/palo-alto-traps","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"SentinelOne Endpoint Detection and Response","href":"/sentinelone","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Sophos Central","href":"/sophos-central","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Sophos Enduser Protection","href":"/sophos-av","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Sophos Intercept X","href":"/sophos-intercept-x","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Symantec Endpoint Protection","href":"/symantec-endpoint-protection","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Trend Micro Apex One","href":"/trend-micro-apex-one","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Trend Micro Deep Security","href":"/trend-micro-deep-security","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Trend Micro OfficeScan","href":"/trend-micro-officescan","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"VPN","href":"/vpn","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Barracuda SSL VPN","href":"/barracuda-ssl-vpn","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cisco ACS","href":"/cisco-acs","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Cisco ISE","href":"/cisco-ise","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Microsoft IAS (RADIUS)","href":"/microsoft-ias-radius","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Microsoft Remote Web Access","href":"/microsoft-remote-web-access","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"NetScaler VPN","href":"/citrix-netscaler-vpn","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Pulse Connect Secure","href":"/pulse-connect-secure","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"OpenVPN","href":"/open-vpn","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Web Proxy","href":"/web-proxy","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Barracuda Web Security Gateway","href":"/barracuda-web-security-gateway","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Blue Coat Proxy","href":"/blue-coat-web-proxy","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"McAfee Web Gateway","href":"/mcafee-web-gateway","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Sophos Secure Web Gateway","href":"/sophos-secure-web-gateway","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Websense","href":"/websense","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Zscaler NSS","href":"/zscaler-nss","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Web Server Access","href":"/web-server-access","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[{"text":"Microsoft IIS","href":"/microsoft-iis","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHeader":false},{"title":"Administration","navItems":[{"text":"Monthly Data Usage","href":"/monthly-data-usage","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Browser Settings","href":"/browser-settings","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Email Notifications","href":"/email-alerts","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"User Management","href":"/user-management","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Single Sign-On","href":"/single-sign-on","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHeader":false},{"title":"Release Notes","navItems":[{"text":"InsightIDR release notes","href":"https://docs.rapid7.com/release-notes/insightidr/","basePath":"insightidr","productFolder":"insightidr","isExternal":true,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHeader":false},{"title":"Support","navItems":[{"text":"Contact the Rapid7 Support team","href":"/contact-the-rapid7-support-team","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},{"text":"Share an idea with Rapid7","href":"/share-an-idea","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":null,"children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false}],"isHeader":false}],"htmlDoc":{"html":"\u003cp\u003eRapid7鈥檚 InsightIDR is your security center for incident detection and response, authentication monitoring, and endpoint visibility. Together, these form Extended Detection and Response (XDR). InsightIDR identifies unauthorized access from external and internal threats and highlights suspicious activity so you don鈥檛 have to weed through thousands of data streams. XDR accelerates more comprehensive threat detection and response. This cloud-native, cloud-scalable security solution can unify and transform multiple telemetry sources. Read more about XDR in Rapid7\u0027s \u003ca href=\u0022https://www.rapid7.com/fundamentals/extended-detection-response/\u0022\u003eblog\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\u0022/api/docs/file/product-documentation__master/insightidr/images/idr-detection-response-diagram.png\u0022 alt=\u0022Insight IDR diagram\u0022 /\u003e\u003c/p\u003e\n\u003cp\u003eInsightIDR combines the full power of endpoint forensics, log search, and sophisticated dashboards into a single solution. It is a Software as a Service (SaaS) tool that collects data from your existing network security tools, authentication logs, and endpoint devices. InsightIDR then aggregates the data at an on-premises Collector or a dedicated host machine that centralizes your data.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\u0022/api/docs/file/product-documentation__master/insightidr/images/insightidr-architecture.png\u0022 alt=\u0022InsightIDR Architecture Diagram\u0022 /\u003e\u003c/p\u003e\n\u003cp\u003eUse this Collector to gather and transmit your logs securely to Amazon Web Services (AWS), which hosts customer databases and the web interface. Rapid7 runs analytics on this data to correlate users, accounts, authentications, alerts, and privileges. The analysis provides insight into user behavior while searching for known indicators of compromise.\u003c/p\u003e\n\u003cp\u003eRapid7 recommends keeping dedicated Collectors on-premises to collect event data, log data, and endpoint data.\u003c/p\u003e\n\u003cp\u003eFor real-time endpoint data collection, install the \u003ca href=\u0022/insightidr/insight-agent\u0022\u003eInsight Agent\u003c/a\u003e on your assets.\u003c/p\u003e\n\u003ch2 id=\u0022getting-started-with-insightidr\u0022\u003eGetting Started with InsightIDR\u003c/h2\u003e\n\u003cp\u003eWe offer three different InsightIDR packages for you to choose from based on your security needs: InsightIDR Essential, InsightIDR Advanced, and InsightIDR Ultimate.\u003c/p\u003e\n\u003cp\u003eWe\u0027ve created individualized Quick Start Guides to help you get started with InsightIDR. Navigate to the version that aligns with your product!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\u0022https://docs.rapid7.com/insightidr/essential-quick-start-guide\u0022 target=\u0022_blank\u0022\u003eInsightIDR Essential | Quick Start Guide\u003c/a\u003e\u003c/strong\u003e: Your basic security incident and event management tool to meet your compliance requirements.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\u0022https://docs.rapid7.com/insightidr/advanced-quick-start-guide\u0022 target=\u0022_blank\u0022\u003eInsightIDR Advanced | Quick Start Guide\u003c/a\u003e\u003c/strong\u003e: Your core security incident and event management tool for detection and response.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\u0022https://docs.rapid7.com/insightidr/ultimate-quick-start-guide\u0022 target=\u0022_blank\u0022\u003eInsightIDR Ultimate | Quick Start Guide\u003c/a\u003e\u003c/strong\u003e: Your security incident and event management tool for extended detection and response (XDR).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cdiv class=\u0022block-callout info\u0022\u003e\u003ch3 id=\u0022Unsure-about-which-Quick-Start-Guide-is-for-you\u0022 class=\u0022block-callout__title\u0022\u003eUnsure about which Quick Start Guide is for you?\u003c/h3\u003e\u003cp\u003eIf you purchased InsightIDR (not designated as Essential, Advanced, or Ultimate), please follow \u003cstrong\u003e\u003ca href=\u0022insightidr/advanced-quick-start-guide\u0022\u003eInsightIDR Quick Start Guide | Advanced\u003c/a\u003e\u003c/strong\u003e for tasks and materials suited to your product.\u003c/p\u003e\n\u003c/div\u003e\u003ch2 id=\u0022insightidr-is-your-cloudsiem-for-extended-detection-and-response\u0022\u003eInsightIDR is your CloudSIEM for Extended Detection and Response\u003c/h2\u003e\n\u003cp\u003eInsightIDR鈥擱apid7鈥檚 natively cloud Security Information and Event Monitoring (SIEM) and Extended Detection and Response (XDR) solution鈥攄elivers accelerated detection and response through:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eA frictionless deployment experience\u003c/li\u003e\n\u003cli\u003eIntuitive SaaS interface\u003c/li\u003e\n\u003cli\u003eComprehensive environment visibility\u003c/li\u003e\n\u003cli\u003eExpertly vetted detections\u003c/li\u003e\n\u003cli\u003eEmbedded threat intelligence\u003c/li\u003e\n\u003cli\u003ePowerful investigation tools\u003c/li\u003e\n\u003cli\u003eAutomated response capabilities\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eXDR unifies and transforms relevant security data from across your modern environment to detect real attacks and provide security teams with high-context, actionable insights to investigate and extinguish threats faster.\u003c/p\u003e\n\u003ch3 id=\u0022insightidr-helps-customers-achieve-siem-and-xdr-outcomes\u0022\u003eInsightIDR helps customers achieve SIEM and XDR outcomes\u003c/h3\u003e\n\u003cp\u003e\u003cimg src=\u0022/api/docs/file/product-documentation__master/insightidr/images/Advanced_CloudSIEM_XDR_graphic.png\u0022 alt=\u0022InsightIDR Advanced Cloud SIEM and XDR\u0022 /\u003e\u003c/p\u003e\n\u003ch2 id=\u0022why-use-insightidr\u0022\u003eWhy Use InsightIDR?\u003c/h2\u003e\n\u003cp\u003eWhen you connect all of the various data streams to InsightIDR, you can take advantage of all the following built-in features made with users in mind:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUnify Your Data Into a Single Security View\u003c/strong\u003e: Track user network resources, their devices, and their visited cloud services. InsightIDR normalizes network data and attributes it to users, so you know the origin, owner, and time of event.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAnalyze Raw Logs, Endpoint Data, and Network Traffic\u003c/strong\u003e: InsightIDR collects data streams from every possible place and brings them together in one convenient place for you to analyze. Sift through raw logs, visualize your endpoint data, or organize your network traffic from users.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReceive Alerts for Suspicious Activity\u003c/strong\u003e: Whether or not suspicious activity is happening on your network, InsightIDR sets up traps that alert you of security gaps.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrioritize Events\u003c/strong\u003e: Because traffic and data is normalized, InsightIDR automatically prioritizes network events and brings notable events to your attention. InsightIDR filters out non-critical events so you can focus on the important ones.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInvestigate Events\u003c/strong\u003e: In the event of a breach, security teams will have contextual information of compromised data, time of event, and possible next actions of the intruder.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMonitor Your Security Operations Activities\u003c/strong\u003e: The Security Operations Activity dashboard synthesizes your data into actionable insights, making it easier to respond to alerts, report on threat trends, and analyze the overall effectiveness of your security team.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\u0022insightidr-in-action\u0022\u003eInsightIDR in Action\u003c/h2\u003e\n\u003cp\u003eVarious Operation departments use InsightIDR at companies large and small, but an Information Security (InfoSec) team, uses InsightIDR everyday to keep a network safe.\n\u003cstrong\u003eTo keep their network safe, the InfoSec team might:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eInvestigate an alert and confirm suspicious behavior on the Investigations page.\u003c/li\u003e\n\u003cli\u003eLook over details and activity collected in an incident, such as time, users, activity, and assets involved.\u003c/li\u003e\n\u003cli\u003eGather evidence and monitor users and assets by using the Watchlist or Restricted Asset list.\u003c/li\u003e\n\u003cli\u003eContextualize suspicious behavior by searching logs, browsing through firewall activity, or combing through IP addresses.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\u0022incident-response\u0022\u003eIncident Response\u003c/h2\u003e\n\u003cp\u003eWhile many incidents can be false alarms, InsightIDR contextualizes malicious events so that an InfoSec team can properly respond. If they need to, InfoSec can wipe an asset, reinstall a clean OS, and start over. In extreme cases, InfoSec can destroy an asset that is beyond repair.\u003c/p\u003e\n","metadata":{"title":"InsightIDR Overview","excerpt":null,"DateModified":null,"isHidden":false,"canonicalUrl":"https://docs.rapid7.com/insightidr/"},"hasContent":true,"errorsList":[],"prevLink":null,"nextLink":{"text":"Essential | Quick Start Guide","href":"/essential-quick-start-guide","basePath":"insightidr","productFolder":"insightidr","isExternal":false,"group":"Getting Started with InsightIDR","children":[],"isHidden":false,"isToggled":false,"isSelected":false,"reqIpimsAuth":false},"expandedNavGroupTitle":"Getting Started with InsightIDR","expandedSubNavTitle":"","statusCode":200,"redirectUrl":null,"headings":[{"id":"getting-started-with-insightidr","title":"Getting Started with InsightIDR","items":[]},{"id":"insightidr-is-your-cloudsiem-for-extended-detection-and-response","title":"InsightIDR is your CloudSIEM for Extended Detection and Response","items":[{"id":"insightidr-helps-customers-achieve-siem-and-xdr-outcomes","title":"InsightIDR helps customers achieve SIEM and XDR outcomes","items":[]}]},{"id":"why-use-insightidr","title":"Why Use InsightIDR?","items":[]},{"id":"insightidr-in-action","title":"InsightIDR in Action","items":[]},{"id":"incident-response","title":"Incident Response","items":[]}]},"dateUpdated":null,"productName":"InsightIDR","branch":"master","isAuthenticated":false}), document.getElementById("react_0HNBIFCDN5DB5")); ReactDOM.hydrate(React.createElement(Common.GlobalNav, {"logo":{"imagePath":"/Areas/Docs/includes/img/r7-nav/Rapid7_logo.svg","text":"Rapid7 Home","url":"https://www.rapid7.com/","target":"_blank"},"navItems":[{"id":"dfb8cf9a-7ce7-48d9-8ef8-785362b99fb6","link":{"text":"Platform","url":"","target":null},"columns":[{"title":"PLATFORM","links":[{"description":"ELITE TECHNOLOGY","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Platform","url":"https://www.rapid7.com/platform/","target":null},{"description":"INTELLIGENT TOOLS","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"AI-Engine","url":"https://www.rapid7.com/platform/artificial-intelligence-features/","target":null},{"description":"TRUSTED INTELLIGENCE","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Rapid7 Labs","url":"https://www.rapid7.com/research/","target":null}]},{"title":"SOLUTIONS","links":[{"description":"MANAGED XDR","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Managed Threat Complete","url":"https://www.rapid7.com/services/managed-detection-and-response-mdr/","target":null},{"description":"ATTACK SURFACE MANAGEMENT","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Surface Command","url":"https://www.rapid7.com/products/command/attack-surface-management-asm/","target":null},{"description":"EXPOSURE MANAGEMENT","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Exposure Command","url":"https://www.rapid7.com/products/command/exposure-management/","target":null}]}],"footerContent":{"columns":[{"pretitle":"TECHNOLOGY","title":"The Rapid7 Command Platform","subtitle":"AI-Powered Cybersecurity Platform","link":{"text":"Start Trial","url":"https://www.rapid7.com/products/command/attack-surface-management-asm/trial/","target":null}}]},"isSelected":false},{"id":"6d6a38af-c387-4132-b23d-0335d52d29fd","link":{"text":"Products","url":"https://www.rapid7.com/products/","target":null},"columns":[{"title":"DETECTION \u0026 RESPONSE","links":[{"description":"INSIGHTIDR","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Next-Gen SIEM","url":"https://www.rapid7.com/products/insightidr/","target":null},{"description":"THREAT COMMAND","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Threat Intelligence","url":"https://www.rapid7.com/products/threat-command/","target":null}]},{"title":"EXPOSURE MANAGEMENT","links":[{"description":"EXPOSURE COMMAND","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Exposure Management","url":"https://www.rapid7.com/products/command/exposure-management/","target":null},{"description":"SURFACE COMMAND","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Attack Surface Management","url":"https://www.rapid7.com/products/command/attack-surface-management-asm/","target":null},{"description":"INSIGHTVM","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Vulnerability Management","url":"https://www.rapid7.com/products/insightvm/","target":null},{"description":"INSIGHTCLOUDSEC","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Cloud-Native Application Protection","url":"https://www.rapid7.com/products/insightcloudsec/","target":null},{"description":"INSIGHTAPPSEC","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Application Security Testing","url":"https://www.rapid7.com/products/insightappsec/","target":null}]}],"footerContent":{"columns":[{"pretitle":"NEW!","title":"Surface Command","subtitle":"Unlock a continuous 360掳 view of your attack surface","link":{"text":"FREE TRIAL","url":"https://www.rapid7.com/products/command/attack-surface-management-asm/trial/","target":null}}]},"isSelected":false},{"id":"85c2b5e0-6189-4ff9-b886-ae6f15ed5f7a","link":{"text":"Services","url":"https://www.rapid7.com/services/","target":null},"columns":[{"title":"DETECTION \u0026 RESPONSE","links":[{"description":"MANAGED THREAT COMPLETE","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Managed XDR","url":"https://www.rapid7.com/services/managed-detection-and-response-mdr/","target":null},{"description":"EXPERIENCING A BREACH?","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Incident Response Services","url":"https://www.rapid7.com/services/incident-response-customer-escalation/","target":null}]},{"title":"EXPOSURE MANAGEMENT","links":[{"description":"OPTIMIZED RISK ASSESSMENT","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Managed Vulnerability Management","url":"https://www.rapid7.com/services/managed-vulnerability-management/","target":null},{"description":"MANAGED DAST","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Managed Application Security","url":"https://www.rapid7.com/services/managed-application-security/","target":null},{"description":"VECTOR COMMAND","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Continuous Red Teaming","url":"https://www.rapid7.com/services/continuous-red-team-service/","target":null},{"description":"TEST YOUR DEFENSES","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Penetration Testing Services","url":"https://www.rapid7.com/services/penetration-testing/","target":null}]}],"footerContent":{"columns":[{"pretitle":"MXDR","title":"Managed Threat Complete","subtitle":"24x7 MXDR to secure your extended ecosystem","link":{"text":"Request Demo","url":"https://www.rapid7.com/services/managed-detection-and-response-mdr/demo/","target":null}}]},"isSelected":false},{"id":"83db78ed-f2e5-416c-95da-77652180061d","link":{"text":"Resources","url":"","target":null},"columns":[{"title":"STAY CURRENT","links":[{"description":"MEET THE RESEARCH TEAM","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"About Rapid7 Labs","url":"https://www.rapid7.com/research/","target":null},{"description":"CATCH US LIVE","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Events \u0026 Webinars","url":"https://www.rapid7.com/about/events-webcasts/","target":null},{"description":"DIVE INTO THE DETAILS","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Resources Library","url":"https://www.rapid7.com/resources/","target":null},{"description":"STAY UP-TO-DATE","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"The Rapid7 Blog","url":"https://www.rapid7.com/blog/","target":null},{"description":"SEARCH THOUSANDS OF CVES","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Exploit Database","url":"https://www.rapid7.com/db/","target":null},{"description":"LEARN THE BASICS","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Cybersecurity Fundamentals","url":"https://www.rapid7.com/fundamentals/","target":null}]},{"title":"PRODUCT SUPPORT","links":[{"description":"TALK TO AN EXPERT","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Contact Sales","url":"https://www.rapid7.com/contact/","target":null},{"description":"CONTACT SUPPORT","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Customer Support Portal","url":"https://www.rapid7.com/for-customers/","target":null},{"description":"CONNECT EVERYTHING","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Product Integrations","url":"https://extensions.rapid7.com/","target":null},{"description":"PRODUCT AND SERVICES GUIDES","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Product Documentation","url":"/","target":null},{"description":"LATEST FEATURES","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Product Release Notes","url":"/release-notes/","target":null},{"description":"TAKE TOUR","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Interactive Product Tours","url":"https://www.rapid7.com/product-tours/","target":null}]}],"footerContent":{"columns":[{"pretitle":"NEW","title":"The Take Command Summit is back!","subtitle":"Our largest virtual event returns Apr. 9","link":{"text":"Register","url":"https://rapid7.brighttalk.com/?utm_source=referral\u0026utm_medium=website\u0026utm_campaign=global-pla-take-command-summit-prospect-eng","target":null}}]},"isSelected":false},{"id":"2b28f7ee-67be-4086-9642-3e6851c8af09","link":{"text":"Company","url":"https://www.rapid7.com/about/company/","target":null},"columns":[{"title":"OVERVIEW","links":[{"description":"OUR STORY","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"About Us","url":"https://www.rapid7.com/about/company/","target":null},{"description":"EXECUTIVE TEAM \u0026 BOARD","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Leadership","url":"https://www.rapid7.com/about/leadership/","target":null},{"description":"THE LATEST FROM OUR NEWSROOM","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"News \u0026 Press Releases","url":"https://www.rapid7.com/about/news/","target":null},{"description":"JOIN RAPID7","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Careers","url":"https://careers.rapid7.com/","target":null},{"description":"Their Success Stories","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Our Customers","url":"https://www.rapid7.com/customers/","target":null},{"description":"Rapid7 Partner Ecosystem","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Partners","url":"https://www.rapid7.com/partners/","target":null},{"description":"Investor Relations","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Investors","url":"https://investors.rapid7.com/","target":null}]},{"title":"COMMUNITY \u0026 CULTURE","links":[{"description":"OUR COMMITMENT \u0026 APPROACH","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Social Good","url":"https://www.rapid7.com/about/social-good/","target":null},{"description":"BUILDING THE FUTURE","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Rapid7 Cybersecurity Foundation","url":"https://www.rapid7.com/about/rapid7-foundation/","target":null},{"description":"EMPOWERING PEOPLE","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Diversity, Equity \u0026 Inclusion","url":"https://www.rapid7.com/about/diversity-equity-and-inclusion/","target":null},{"description":"STRENGTHENING CYBERSECURITY","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Open Source","url":"https://www.rapid7.com/open-source/","target":null},{"description":"ENGAGEMENT \u0026 ADVOCACY","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Public Policy","url":"https://www.rapid7.com/about/public-policy/","target":null},{"description":"Our Partnership","iconPath":"/Areas/Docs/includes/img/r7-nav/icon-cloud.svg","text":"Boston Bruins","url":"https://www.rapid7.com/about/rapid7-cybersecurity-partner-boston-bruins/","target":null}]}],"footerContent":{"columns":[]},"isSelected":false},{"id":"e7bd2655-bdc0-48ad-9bba-eb94d9f81632","link":{"text":"Partners","url":"https://www.rapid7.com/partners/","target":null},"links":[],"isSelected":false}],"languageLinks":[],"userNav":{"contextUser":null,"signIn":{"text":"Sign In","url":"https://insight.rapid7.com/saml/SSO","target":null},"signOut":{"text":"Sign out","url":"/account/logout?redirectUri=https%3a%2f%2finsight.rapid7.com%2fsaml%2flogout%3flocal%3dfalse%26fromURI%3dhttps%3a%2f%2fdocs.rapid7.com%2finsightidr%2f","target":null}},"labels":{"search":"Search","searchPlaceholder":"Search"},"subNav":{"title":{"text":"Documentation","url":"/","target":null},"navItems":[{"id":"f12bbd7f-128a-4291-b7f8-17da39dd4261","link":{"text":"AppSpider","url":"/appspider/","target":null}},{"id":"ad1f9e72-21ef-43b1-877a-3fe2a88baa19","link":{"text":"Insight Agent","url":"/insight-agent/","target":null}},{"id":"05832ab4-3980-4598-9f58-f3d4df9e98ac","link":{"text":"InsightAppSec","url":"/insightappsec/","target":null}},{"id":"77479bb8-0856-4391-b346-a50368f7ed26","link":{"text":"InsightCloudSec","url":"/insightcloudsec/","target":null}},{"id":"435718c6-8b0e-418a-9e31-cc00a3bdc092","link":{"text":"InsightConnect","url":"/insightconnect/","target":null}},{"id":"ad91ba66-4df7-4d43-99a5-8856a8e0e311","link":{"text":"Insight Platform","url":"/insight/","target":null}},{"id":"fc90fec4-5e64-4d6d-b3a9-fda117fe6236","link":{"text":"InsightIDR","url":"/insightidr/","target":null}},{"id":"a80775fe-4ffe-4137-85b7-f477ae877c71","link":{"text":"Insight Network Sensor","url":"/sensor/","target":null}},{"id":"0d3ce8d3-05d9-45da-8978-a81334c88d59","link":{"text":"InsightOps","url":"/insightops/","target":null}},{"id":"cd89a8d0-0f2f-4340-b2e6-b94640d81cd1","link":{"text":"InsightVM","url":"/insightvm/","target":null}},{"id":"d438a47f-3e2f-4d0f-836c-43df8e529572","link":{"text":"Metasploit","url":"/metasploit/","target":null}},{"id":"b31f3abe-7c09-4e13-8d0f-48fe446cb9e3","link":{"text":"Nexpose","url":"/nexpose/","target":null}},{"id":"97e5d2c7-d3a3-4435-b2b7-622b960d73db","link":{"text":"tCell","url":"/tcell/","target":null}},{"id":"6b1acbc9-f8a2-4df9-84d8-24d954838dda","link":{"text":"Managed Services","url":"/services/","target":null}},{"id":"e5c93272-ed99-4b67-928a-f212d81d2519","link":{"text":"Threat Command","url":"/threat-command/","target":null}},{"id":"36c97554-4b1b-40a8-8985-a1fb3fe7f978","link":{"text":"Surface Command","url":"/surface-command/","target":null}},{"id":"dc122b90-bca4-4949-8224-97c7f66ef65b","link":{"text":"Exposure Command","url":"/exposure-command/","target":null}}],"ctaLink":null,"logo":{"imagePath":"/Areas/Docs/includes/img/r7-nav/Rapid7_logo-short.svg","text":"Rapid7 logo","url":"https://www.rapid7.com/","target":null},"selectedSubNavItemId":null,"activeSubNavItemId":"fc90fec4-5e64-4d6d-b3a9-fda117fe6236","singleDropdownItemCount":5,"doubleDropdownItemCount":8,"footerLink":{"text":"Release Notes","url":"/release-notes/","target":null},"defaultNavItemText":"All Products"},"searchSettings":{"enabled":true,"searchUrl":"/search","querystringKey":"q","params":{"filters":"productname_InsightIDR"}},"cssClass":"r7-nav--wide","hideSubNav":false}), document.getElementById("react_0HNBIFCDN5DB7")); </script> <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-WBTPTVC" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <!-- End Google Tag Manager (noscript) --> </body> </html>