InsightIDR Settings
The Settings page allows you to configure InsightIDR to meet your needs. The following table lists and explains the types of settings that you can define.
| Setting | Definition |
|---|---|
| Incident Settings | Incident Settings designate the types of incidents that InsightIDR tracks. |
| User Settings | User Settings allow you to assign a role to a user. You can also add new users and delete users. |
| Event Source Settings | Event Sources Settings allows you to specify the IP addresses for each event source. |
| Credential Settings | Credential Settings allow you to add new credentials for InsightIDR to monitor. |
| Application Settings | Application Settings allow you to add applications for InsightIDR to monitor. |
| Incident Modifications | Incident Modifications lists exceptions for incidents. |
| Asset Settings | Asset Settings allows you to designate which assets are restricted based on a Nexpose criticality setting. Note: You need Nexpose to use this functionality. |
| Honey Users | View, mark, or delete users as Honey Users. |
| Export Data | Export Data allows you to export account, asset, and mobile device information from InsightIDR into a CSV file. |
| Static IP Ranges | Static IP Ranges are assets that do not receive IP addresses via DHCP. Most commonly, these are servers and any other assets who have a statically assigned IP. |
| Unmanaged IP Ranges | Unmanaged IP Ranges are ranges that are outside the managed corporate network. |
| Network Zones | Network Zones allow the logical labeling of different systems or business groups based on IP ranges. |
| Network Policies | Network Policies allow you to create alerts based on rules, for example, the finance network zone can only be accessed by those in the finance group within the Active Directory. This is driven from Network Zones and Active Directory group membership. |
| Tagged Domains | Tagged Domains are owned or ignored by an organization. This is used for the Spear Phishing URL detection incident. |
| Unknown IP Addresses | InsightIDR tracks all IP addresses it receives from DHCP and VPN assignments, but sometimes logs come in with IPs that have never been seen before by any of the DHCP or VPN event sources. These IPs are reported as Unknown IP Addresses in order to help you see if you might be missing a DHCP or VPN event source in your environment somewhere that you should hook up to a Collector. |
| Running Agents | Displays a list of running agents. The hostname and last seen time are displayed. |
Incident settings
Incident settings designate the types of incidents that InsightIDR tracks. To disable the tracking of an incident, uncheck that incident’s checkbox; to enable an incident, check that incident's checkbox.
Some incident types allow you to designate information by:
- specific user type
- time period
- priority
- Ingress type
User settings
User settings allow you to assign a role to a user. You can also add new users and delete users. The following table explains the different user types and associated functionality.
| Setting | Functionality |
|---|---|
| Admin | Can perform all (Undefined variable: Variables.Project) functionality |
| Investigator | Can view incidents and start investigations |
| Read only | Can only view information |