Immediate Insight KnowledgeBase

2507, 2016

Update Process – Immediate Insight

By |July 25th, 2016|Categories: Immediate Insight KnowledgeBase, Installation|0 Comments

  This document outlines how Immediate Insight can be kept up-to-date for the latest features and performance enhancements. The product is designed to update seamlessly and automatically via the command-line interface (CLI). However, this methodology requires direct Internet access from the Immediate Insight node – [...]

2507, 2016

Streaming Copy over WAN – Immediate Insight

By |July 25th, 2016|Categories: Configuration, Immediate Insight KnowledgeBase|0 Comments

This document outlines how you can securely forward/copy data from one Immediate Insight server to another over the WAN (or Internet). As an example: this can be utilized to send data from a remote site to a central Immediate Insight in environments such as MSSP. [...]

2507, 2016

Security Manager Changes and Firewall Log Collection – Immediate Insight

By |July 25th, 2016|Categories: Data Collection, Immediate Insight KnowledgeBase|0 Comments

The purpose of this document is to walk the user through the integration for collecting Security Manager firewall change events and logs into Immediate Insight (also note: Security Manager activity, such as configuration collection via SSH, will also be collected). Now all of the log [...]

2507, 2016

Advanced Commands – Immediate Insight

By |July 25th, 2016|Categories: Immediate Insight KnowledgeBase, Installation|0 Comments

  This document highlights valuable installation and setup-related commands and other command-line interface (CLI) commands for advanced users. Installation Script – “install” When you first install Immediate Insight, you initiate the “install” command. This command is a collection of the scripts outlined below (along with [...]

504, 2016

Enhance Windows Anomaly Detection with Sysmon

By |April 5th, 2016|Categories: Configuration, Data Collection, Immediate Insight KnowledgeBase, Use Cases|Tags: , , , , , , |0 Comments

In my last post I covered how you can centralize your Windows logs on one system, send them as JSON for full detail, and use Immediate Insight's fast search and analytics to investigate alerts and discover the unknown. Now - let's take it a step further and use Sysinternals' [...]

2903, 2016

Anatomy of an Immediate Insight Proof-of-Concept

By |March 29th, 2016|Categories: Immediate Insight KnowledgeBase, Use Cases|0 Comments

Background Today’s reality for IT Security and Operations teams is there are more activities to be performed than there are hours in the day. Before evaluating any product it’s helpful to understand the scope of effort and time required to evaluate a product’s value to [...]

2903, 2016

Centralizing Windows Logs in JSON with Security Analytics

By |March 29th, 2016|Categories: Data Collection, Immediate Insight KnowledgeBase, Use Cases|Tags: , , , , , |0 Comments

In this post I will show how you can centralize your enterprise-wide Windows logs with zero cost and via one agent to Immediate Insight - security analytics for data discovery. We will output the logs in JSON (they show up a lot more rich than any other method that [...]

2303, 2016

How do I change the system name shown in the Immediate Insight GUI?

By |March 23rd, 2016|Categories: Configuration, Immediate Insight KnowledgeBase|0 Comments

The most recent version of Immediate Insight allows renaming of the system name in the GUI (by default the name is blank). To do this you can complete the following steps. From the GUI click the gear icon near the top right corner, then select [...]

2203, 2016

What Hypervisor is used for Immediate Insight installation?

By |March 22nd, 2016|Categories: Immediate Insight KnowledgeBase, Installation|0 Comments

VMWare ESXi version 5 or above is the recommended Hypervisor for production deployments. For evaluation or demonstration purposes the following may also be used; VMWare Workstation version 8 and above VMWare Fusion version 6 and above Installation instructions for ESXi & VMWare Workstation are available [...]

2203, 2016

How do I increase the disk size of my Immediate Insight storage?

By |March 22nd, 2016|Categories: Configuration, Immediate Insight KnowledgeBase|Tags: |0 Comments

Note: do not use VMWare tools to adjust the size of the disk, this will not work. Instead follow the following process;  Shut down by powering down the Immediate Insight VM from the VMware console  Add a new drive to the Immediate Insight VM using [...]