InsightIDR

Supported Event Sources

To send your logs to InsightIDR, you can forward them from a Security Information and Event Management system (SIEM) or you can collect the log events directly from the log sources, described below. Note that you can combine these two methods and forward some log event types from the SIEM and then collect the rest directly.

A Rapid7 collector requires each stream of syslog logs to be sent to it on a unique TCP or UDP port. You will need to configure each device that will send logs using syslog to send the logs over a TCP or UDP port that is unique on that collector. It is common to start sending the logs using port 10000, although you may use any open unique port. For Linux collectors, the ports used must be higher than 1024.

Supported Event Sources

Active Directory

Advanced Malware

Cloud Services

Data Exporters

Deception Technology

DHCP

DNS

E-mail & ActiveSync

Firewall

IDS/IPS

LDAP

SIEMs/Log Aggregators

Virus Scanners

VPN

Web Proxy

Rapid7 Universal Event Sources

InsightIDR can now universally support selected data types from any product’s logs, so long as you convert the log output from your product to JSON that matches the Universal Event Format (UEF) contract.

Raw Data Event Sources

Raw Data event sources allow you to collect log events that do not fit InsightIDR's user behavior model or are otherwise unsupported at this time. Raw Data event sources allow you to collect and ingest data for log centralization, search, and data visualization from any event source in your network.

Raw Logs

You can also utilize NXLog to transform logs from your application.

Third Party Alerts

Supported Event Sources


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.