Our team started out 2020 with a renewed focus on our ongoing commitment to provide customers with the complete approach to threat detection and response. Throughout the first half of the year, we released updates and features to help security teams work more effectively and efficiently, enabling them to focus on the data and threats that matter most. This post offers a closer look at select highlights of what’s new in InsightIDR, our cloud-based SIEM tool, from the first half of 2020.

Eliminate blind spots on your network with Network Traffic Analysis

With many organizations having abruptly shifted to remote workforces this spring, there’s a heightened focus on ensuring continuous visibility everywhere, especially on remote endpoints. With our release of Network Traffic Analysis, customers are able to eliminate blind spots—including those traditionally in the network edge and perimeter—for increased visibility across the attack surface.

With the simple installation of the Insight Network Sensor, customers can monitor known bad behavior with IDS alerts curated by our MDR services team and gain visibility into who and what is on your network with DNS and DHCP data—all for free and accessible out-of-the-box. Customers also have the option of adding on flow data, which gives a rich picture of all network traffic, providing maximum visibility and fueling investigations.

Additional resources:

You can now find Visual Search in the new Visualizations tab within Log Search. Visualizations allow us to show complicated data in an easily digestible way and help when it comes to sharing data cross-functionally or with stakeholders. This is why we recently added the Visualizations tab to our search feature, which allows customers to:

  • Visualize their search results alongside log entries and tables.
  • Easily make new data cards in the visualizations tab.
  • Search faster by filtering data right from visualizations. Just click on the segment or result of interest, and data is quickly filtered.


Additional resources:

Find partial and case insensitive matches with Loose Search


We’ve made several updates to our Log Search feature to make it more efficient and customizable to customers’ needs:

  • Focus on what’s important by hiding keys that are not relevant to you while in either the Entries or Table View tab of Log Search, and reordering and resizing columns in Table View.
  • You can now use the Loose Search feature to find partial and case insensitive matches.
  • Compare the values of two fields in your log data—now accessible in Table View by clicking on a column heading and selecting the key or value you want to compare.
  • Filter and pivot on your log data directly from the Entry Inspector, without manually building a query.
  • Search for a range of IP addresses on your network with IP Search.
  • For a comprehensive list of all Log Search updates, see the InsightIDR release notes.

Additional resources:

Manipulate custom data with the Custom Parsing Tool

We’ve continued to make enhancements around our Custom Parsing Tool. Most recently, we’ve made it easier for customers to define what they’d like to parse from their logs, so they can extract the log data that is most relevant to their organization. With the Custom Parsing Tool, customers can parse logs in a format that is unknown to InsightIDR or further parse log entries in common formats.

Additional resources:Learn more about the Custom Parsing Tool in InsightIDR here.

Importing log data from cold storage is now automated. When customers attempt to search for log data outside of their data retention period, they can easily import logs from cold storage at the push of a button. Imported cold storage logs will be automatically reimported into InsightIDR and available for search.

Additional resources:

New event sources

We also released a number of new event sources, including:

See the full list in our release notes.

Stay tuned for more!

As always, we’re continuing to work on exciting product enhancements and releases throughout the year. Keep an eye on our blog and release notes as we continue to highlight the latest in detection and response at Rapid7.