Time
24 minutes
Difficulty
Beginner

Video Description

Learn how your team can add high-priority alerts to Rapid7 InsightIDR with less than a minute of effort.

Video Transcription

00:07
all right. So a big piece of detection and inside I d. R can also come from your team and wanted to find custom lights. So I'm just going to show how easy that is. If you have something that's unique to your organization or even if you know across the entire stack that we help unify in the one place you have something that's just short term in nature, like the example I'm about to show.
00:27
So in this case, I just clicked on manage alerts. It brings me to built in alerts all the things that come right out of the box. But also I can define custom alerts, and there are some defined here already eso things like if somebody's using cloud storage. But what I want to learn on
00:44
in this case is the recent application that was disclosed by Rapid seven research team that there you can be subjected to manage the middle attacks from nine email application. So I want to say
00:56
in this case, vulnerable application. That's the name my alert. And whenever I see the pattern of nine
01:04
dash slash I, um, in a specific set of logs, I know that that means somebody. One of my users is connecting to exchange server with the nine email application. So I'm just gonna give that vulnerable tag and say I'm concerned because of the risk posed by this,
01:21
and I'm gonna just click on the entire ingress of dedication, said a log. So anything that's coming over various different ways, whether it's VPN or elsewhere elsewhere but really just ingress dedications what could be to exchange server things like that connecting to my network from that application? I'm going to say,
01:38
just once one matches enough and that's good enough to concern me. So
01:44
that's it. I've already defined it in basically a minute there. Minutes work. I've defined exactly what customers love I want, and so I can. Just from now on, whenever there's any sort of connection through the nine application, I'll get an incident the same way I do elsewhere
02:01
from all the pre baked analytics. I'll get that alert right here and also to my email,
02:08
and that's really all there is to it. And that's why we tried to make it extremely simple for you to define.
02:15
And hopefully this is helpful that anybody that wants to detect a specific application being used

Up Next