InsightIDR - Reviewing Alerts and Investigations

Gain a greater understanding of your InsightIDR alerts by learning:

What steps to take when reviewing an investigation
- Understanding the difference between notable events and alerts
- Reviewing the timeline of events and alert evidence
What actions you should take when you’re responding to an alert
- Update the status and priority
- Assign to a user
- Take action
How to tune alerts to better suit your environment
- Add to an allowlist
- Mark disposition as "benign" (as an example)

Desired Outcome:

Become familiar with what steps to take when reviewing alerts to understand why they were triggered and what actions to take.

Gain a greater understanding of your InsightIDR alerts by learning:

What steps to take when reviewing an investigation
- Understanding the difference between notable events and alerts
- Reviewing the timeline of events and alert evidence
What actions you should take when you’re responding to an alert
- Update the status and priority
- Assign to a user
- Take action
How to tune alerts to better suit your environment
- Add to an allowlist
- Mark disposition as "benign" (as an example)

Desired Outcome:

Become familiar with what steps to take when reviewing alerts to understand why they were triggered and what actions to take.