Unlike user attribution event sources, Raw Data is ingested in the product to contextualize other data. Using raw logs will enhance these specific features:
- Log search
- Dashboards and reporting
- Custom alerts
Raw data is intended for log searches and allows you to look for specific details. While it is best to have an Event Log in a specific format, ultimately InsightIDR will accept any text based log for the Event Log from your environment.
Data from raw logs may include some or all of the following information:
- Host Name
- Event Code
- Package Name
- Target User Name
InsightIDR is designed to ease Search and Analytics across your entire environment. To ensure you can perform all necessary investigative steps in one place, you should:
- transmit security logs and deploy agents
- transmit any other potentially useful data for searching, such as custom application logs.
Updated about a year ago