Ahoy! In this Blackbeard-inspired blog, we will tell ye’ a tale of navigating your SS SIEM, InsightIDR, through the unpredictable waters of cybersecurity to reach a tropical paradise we call Remediation Island. What does it take to start this journey off right? What supplies do you need to be successful? And how do you survive your quest in both clear skies and stormy seas?
Key components of InsightIDR
Just like any ship, InsightIDR relies on key pillars to ensure smooth-sailing deployments and a clear path to success. Foundational data sources such as LDAP, Active Directory, and DHCP will help you map out the behavior of your crew and what you’re facing out on the open ocean. Without these three streams flowing into your tenant accurately, you can expect to hit some rough waters and deep swells on your journey. However, just like the ocean, InsightIDR will normalize itself if anything was missed upon initial deployment or rollout, so don’t worry!
Let’s break down each of these pillars one by one, discuss how they power analytics, and explain how to implement them:
LDAP
Lightweight Directory Access Protocol (LDAP) data helps InsightIDR track user, admin, and security group activity across your domain. As LDAP automatically mirrors data across all LDAP servers, you only need to feed one LDAP event source into InsightIDR. Our trial walks you step-by-step, along with our help docs for event source configuration.
Active Directory
Next up is Active Directory (AD), which focuses its efforts on Security Logs coming from the Domain Controllers. Not to be confused ..
Support the originator by clicking the read the rest link below.
