Cloud services are for your SaaS products and will show ingress activity from these sources in InsightIDR.
These event sources do not use the common data collection methods, but rather look for authentication credentials, a domain, tokens and keys, and various ID types, depending on the event source. See each individual event source for more information.
InsightIDR integrates with various Enterprise Cloud Services to collect authentication events and administrative activity in the cloud environment. These events are captured using cloud service APIs - your Collector will pull these events from the cloud service API using an administrative account that you provide.
The cloud user accounts are then correlated with your Active Directory domain accounts, showing ingress activity for all users alongside their domain activity. Cloud service administrative events are also monitored and can be viewed in the Users & Accounts > Administrators > Admin Activity page.
The Insight Platform can ingest logs from cloud services. The following cloud event source types are supported and are explained in detail on their individual pages.
- AWS Cloud Trail
- Duo Security
- Google Apps
- Office 365