Skip to main content

Getting Started with Illumio Insights

  • Getting Started with Illumio Insights
  • Illumio Insights Agent

Illumio Insights Agent

Insights Agent is a persona-based AI agent that accelerates threat detection by helping you spot malicious threats, tactics, and techniques in multi-cloud environments. It maps to the MITRE ATT&CK framework to highlight areas in your environment(s) that warrant immediate attention, enabling you to proceed quickly through an analysis of the activities occurring across all of your environments.

The Insights Agent page is designed to answer these key questions for security teams:

  • What is happening in my environment right now? The page presents an automatically generated report summarizing all current findings detected during the latest scan.

  • How serious are the risks? Highlights the most urgent risks by categorizing findings by severity, type, and impacted assets.

  • What action should I take? Recommended actions guide teams toward the most effective and timely remediation steps.

Using the Insights Agent for Data Driven Decision Making

  • In-depth, AI-driven investigative report: Provides information about resources, workloads, and policies across all of your environments with recommended actions and their severity.

  • Recommendations: Proposes recommended actions based on the severity of detected threats.

  • Threat detection: Leverages AI to continuously monitor real-time network activity and surface anomalous activities such as lateral movement and data exfiltration threats.

  • Adaptive: Adapts to new techniques and feedback provided to Insights Agent leveraging AI.

  • Integrated ticketing feature: Launches with an option to create ServiceNow IT Service Management (ITSM) tickets, fostering collaboration across teams to resolve issues quickly.

Viewing Investigative Reports

Within 8 to 24 hours of onboarding Insights Agent, an initial investigative report is generated automatically.

The Latest Report section summarizes the most-recently run Insights Agent report, including when it was generated and key totals such as findings, recommended actions, relevant workflows, tags, and comments. It provides immediate visibility into the scope and freshness of the analysis.

Understanding Findings by Severity and Type

The Findings widgets organize information into clear groups so you can understand their distribution and significance.

  • Findings by Severity – Categorizes findings as Critical, High, Medium, or Low.

  • Findings by Type – Groups issues by their technical domains, such as misconfigurations or exposures.

The Findings table at the bottom of the Insights Agent page lists each individual findings along with fields such as use case, summary, file identifiers, tags, associated assets, and recommended actions. The table allows analysts to move from high-level insights to more detailed technical reviews.

Viewing Recommendations by Severity and Type

The Recommendations widgets focus on the next steps required to reduce risk.

  • Recommendations by Severity – Indicates which actions are the most urgent.

  • Recommendations by Type – Groups remediations by categories such as configuration updates or access adjustments.