-
Click here to register for a live workshop
-
Click here to watch a recording of this workshop
InsightIDR - Understanding Collectors and Event Sources
Learn how to detect key indicators of compromise
Ensure detection of key indicators of compromise by learning:
- What collectors do and how they work
- This is the first component to install, the most critical
- Which Event Sources to prioritize
- LDAP, AD, and DHCP (the "foundational" event sources) must be configured first
- Without these sources, user attribution will suffer
- How to configure Event Sources - Data Collection Methods
- Listen on network port
- Log Aggregator
- SQS
- WMI
- Watch Directory
- Tail File
- AWS S3
- The importance of the Insight Agent for IOC detection
Desired Outcome:
Ensure your implementation is optimized to ensure detection of Key Indications of Compromise