During Investigations, you can now add notes to each investigation as you see fit. On the investigations page, you can see how many notes an open investigation has.
Click into the Investigation details to see the exact note, or add notes yourself.
Take advantage of the AWS S3 Archiving by sending your InsightIDR Logs directly to the cloud. To configure this, go to Settings > S3 Archiving and follow the instructions, or read more about it here.
InsightIDR enables security analysts to deeply investigate and close out incidents surfaced by the solution. As these actions involve working with sensitive data, we've now given you the ability to distinguish what a user can and cannot do in InsightIDR.
To get to this page, go to Settings > User settings.
- Admin - This is an admin product role. This user can view all data, perform all edit functions, and access any admin functions within InsightIDR.
- Read Write - This is a product role and can be assigned to a single or multiple products. This user can view and edit all data within InsightIDR.
- Read Only - This is a product role and can be assigned to a single or multiple products. This user can view all data but cannot edit the data in any way within the assigned product(s).
#Single Sign On (SSO)
This allows the option for users to only log in once to the new InsightIDR Platform.
InsightIDR will now use a multi-factor authentication platform with lots of flexible options. This is to ensure that your data is heavily secured. You can configure MFA to hold for a maximum of six months before requiring your users to authenticate again.
Go to Settings, User Management, and select MFA Settings at the bottom of the list. Then, configure the following options:
User Prompted for MFA
- Every time
- Per session (choose a session length up to 90 days)
- Per Device
MFA Options Available
- Okta Verify App
- Okta Push
- SMS Authentication
- Google Authenticator App
- Security Question
- Include All Users
- Exclude Individual Users (type or search for users)
If a user loses access to their MFA app or device, request that the InsightIDR admin do the following:
- Go to user management
- Find that user in the user list
- Click edit
- Reset MFA
- Instruct the user to set up their new MFA on their next login