InsightIDR

Add and Manage Cards

After creating a Dashboard, you can begin adding cards to it. Simply go to a Dashboard and press the Add a Card button. Select to add something from the card library, or build your own card using a query.

Add a Card from the Library

Pre-Configured cards are sorted into categories from your available logs.

When you select the category label, it will display all visual options available to you.

Preconfigured Cards

The following table lists all of the preconfigured cards available to you from InsightIDR:

Name
Type
Description

1.3.5 Denied Connection Attempts

Compliance

Visualize denied connections attempts as specified in PCI control 1.3.5

10.2.4 Failed Logins Over Time

Compliance

Visualize the number of failed logins over time per PCI control 10.2.4

10.2.5a Authentications Over Time

Compliance

Visualize all asset authentication over time per PCI control 10.2.5a

4.1c Potential Insecure Connections

Compliance

Visualize connections that appear to be insecure (over port 80) as specified in PCI control 4.1c

7.1.2b User authentications

Compliance

List of users who have logged in, in the specified time period per PCI control 7.1.2b

8.1.1 Shared/Linked Accounts

Compliance

List of shared/linked accounts used in the specified time period per PCI control 8.1.1

8.1.3a Deactivated Accounts

Compliance

List of deactivated accounts in the last 6 months per PCI control 8.1.3a

8.2.4a Recent Password Resets

Compliance

List of users who have had passwords reset within the specified time period per PCI control 8.2.4a

AD Admin Actions

Active Directory Admin Activity

Show all "admin actions"

Account Lockouts over Time

Active Directory Admin Activity

Shows the number of account lockouts by day

Accounts Created

Active Directory Admin Activity

Users accounts that have been created

Accounts Disabled

Active Directory Admin Activity

User accounts that have been disabled

Accounts Locked

Active Directory Admin Activity

User accounts that have been locked

Groups Users Were Added To

Active Directory Admin Activity

Groups that had users added to them

Passwords Set to Never Expire

Active Directory Admin Activity

User accounts where the password was set to never expire

Users Added to Groups

Active Directory Admin Activity

Accounts that were added to groups

Users Who Added to Groups

Active Directory Admin Activity

Accounts that added users to groups

Assets Accessing Excel & Word Files

File Access Activity

See which assets in your organization are being used to access the most text files and/or spreadsheets.

DNS Queries to Uncommon Domains By Asset

DNS Query

Quickly see which assets are making requests to domains with uncommon public suffixes. This may help you determine if a specific asset is making unwanted requests to strange domains (possibly an indicator of malware).

DNS Queries to Uncommon Domains by Public Suffix

DNS Query

Visualize request volume to domains that use an uncommon suffix.

DNS Queries to Uncommon Domains by User

DNS Query

Quickly see which users are making requests to domains with uncommon public suffixes. This may help you determine if a user is making unwanted requests to strange domains.

DNS Queries to Uncommon Domains over Time

DNS Query

Visualize traffic to uncommon domains over time. This may help you see patterns, trends or anomalies in your organizations internet activity.

Total DNS Traffic over time

DNS Query

Visualize your organization's total DNS traffic over time. This may help you see patterns, trends or anomalies.

Denied Traffic by port

Firewall Activity

Quickly visualize which destination ports have the most firewall denies.

Denied Traffic over time

Firewall Activity

Visualize the volume of firewall denies over time. This may help you see patterns, trends or anomalies in denied network traffic.

Inbound & Outbound traffic from Non-US countries by User

Firewall Activity

Track international traffic volume by user over time. This may help you see patterns, trends or anomalies in user activity.

Inbound & Outbound traffic to Non-US countries by country

Firewall Activity

Track international traffic volume by country over time. This may help you see patterns, trends or anomalies in total international network traffic.

Inbound Traffic from a Non-US Country by Port

Firewall Activity

Track international traffic volume by destination port over time. This may help you see patterns, trends or anomalies in application-specific traffic.

Traffic to or from a Non-US country

Firewall Activity

Visualize the volume of all international network traffic by country.

Traffic to or from a Non-US country ordered by User

Firewall Activity

Quickly see which users are generating the most international network traffic.

Disabled Users Authenticating

Asset Authentication

Quickly see authentication attempts to disabled users. This may help you determine if there is a misconfiguration in your organization, or show you an indicator of brute force attempts against a specific disabled user.

Failed Authentications - Users

Asset Authentication

Show all failed authentication activity by user

Failed Authentications by Type

Asset Authentication

Show all failed authentication activity by type

Failed Logins by Destination Asset

Asset Authentication

Quickly see which assets have the most failed authentications. This may be a misconfiguration or an indicator of a brute force attack on a specific asset.

Failed Logins by User

Asset Authentication

Quickly see which users have the most failed authentications.

Failed Logins over time

Asset Authentication

Track failed authentications over time. This may help you see patterns, trends or anomalies in overall failed authentications within your organization.

First Time Authentication from Unfamiliar Source Asset

Asset Authentication

Shows users who have logged into an asset from an unfamiliar source asset

First Time Authentications by User

Asset Authentication

Shows the number of first time authentications, sorted by user

Interactive Authentications by System

Asset Authentication

Show which systems users have logged into interactively or remotely (remote here means via Remote Desktop)

Local Administrator Network Logon Activity

Asset Authentication

Visualize local administrator authentications by asset.

Login Count by Type

Asset Authentication

Quickly see the number of successful authentications by asset type.

Logon Types

Asset Authentication

Show all the different types of authentication

File Access by Name & Extension

File Access Activity

Quickly see the most accessed files in your network by filename and extension.

File Access over time

File Access Activity

Visualize your organization's total file access activity over time. This may help you see patterns, trends or anomalies.

File Share Access by Source Asset

File Access Activity

Quickly see which assets connect to your organization's file shares most often.

File Share Access by User

File Access Activity

Quickly see which users access your organization's file shares most often.

Users Accessing Excel & Word Files

File Access Activity

See which users in your organization are accessing the most text files and/or spreadsheets.

High Severity IDS Alerts

IDS Alert

The number of high severity IDS alerts that have fired

Medium Severity IDS Alerts

IDS Alert

The number of medium severity IDS alerts that have fired

Low Severity IDS Alerts

IDS Alert

The number of low severity IDS alerts that have fired

IDS Alert by Rule

IDS Alert

Breakdown your IDS alerts by rule

IDS Alerts by Country

IDS Alert

Quickly see which countries are associated with IDS alerts in your environment

IDS Alerts by User

IDS Alert

Visualize which users have IDS alerts attributed to them

IDS Alerts for Unknown User by Source IP

IDS Alert

Visualize your IDS alerts which did not have a known User attributed to them

IDS alerts by Asset

IDS Alert

Breakdown your IDS alerts by Asset

IDS alerts for unknown Assets by IP

IDS Alert

Visualize your IDS alerts which did not have a known Asset attributed to them

Ingress Authentications by ISP

Ingress Authentication

Breakdown ingress activity by which Service Provider the activity is originating from

Ingress Authentications by Location

Ingress Authentication

See where in the world your users are connecting to your network from

Ingress Authentications by Service

Ingress Authentication

Visualize ingress into your network by the cloud service it originated from

Ingress Authentications from China

Ingress Authentication

Quickly see which users are ingressing into your network from China

Ingress Authentications from Russia

Ingress Authentication

Quickly see which users are ingressing into your network from Russia

Ingress Authentications from outside the US by user

Ingress Authentication

Quickly see which users are ingressing into your network from outside the United States

Ingress Authentications over the last 24 hours

Ingress Authentication

Visualize trends in ingress activity over 24 hours

Ingress Authentications over the last 24 hours from Outside the US

Ingress Authentication

Visualize international ingress activity over 24 hours

Virus Alerts Over Last 24 Hours

Virus Alert

Visualize AV trends over time

Virus Alerts by Asset

Virus Alert

See which assets in your network are potentially infected

Virus Alerts by File

Virus Alert

Breakdown the virus alerts in your network by the files being alerted upon

Virus Alerts by User

Virus Alert

Quickly see which users have the most AV activity associated with them

Build Your Own

If you decide to build your own visual card, you need to provide a query and select the log(s) you want to apply the query to. Learn how to Build a Query or use Example Queries when building your own card.

After selecting an option, you will see a live preview of the results of your query. Visualizations that are not compatible with your query are greyed out.

Manage Cards

Each visual card has a cogwheel of options. From here, you can:

  • view applicable logs
  • edit the card
  • copy the card
  • remove the card from the dashboard
  • export the card to PDF
  • export the log data to a CSV file

Exported Log Data and Exported PDFs are available in the Report Archive.

Add and Manage Cards


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.