Skip to main content

Getting Started with Illumio Insights

About Insights Agent

Insights Agent is a persona-based AI agent that accelerates threat detection by helping you spot malicious threats, tactics, and techniques in multi-cloud environments. It maps to the MITRE ATT&CK framework to highlight areas in your environment(s) that warrant immediate attention, enabling you to proceed quickly through an analysis of the activities occurring across all of your environments.

insights_agent-persona-selector.png

Insights Agent lets you view: 

  • Curated insights based on the selected Persona

  • Analysis of activity across all of your environments, whether in the cloud or through firewalls

  • A summary of activity in your environment(s) within the last 24 hours

Insights Agent Features

  • In-depth, AI-driven investigative analysis: Provides information about resources, workloads, and policies with recommended actions and their severity.

  • Recommendations: Proposes recommended actions based on the severity of detected threats.

  • Threat detection: Leverages AI to continuously monitor real-time network activity and surface anomalous activities such as lateral movement and data exfiltration threats.

  • Adaptive: Adapts to new techniques and feedback provided to Insights Agent leveraging AI.

  • Ticketing feature: Launches with an option to create ServiceNow IT Service Management( ITSM) tickets, fostering collaboration across teams to resolve issues quickly.

Insights Agent Pages

After you select a Persona, specific insights display in the left navigation pane to help you focus on critical insights and quickly take action.

  • All Insights: This is the default view that allows you to see all insights.

  • Compliance Monitoring: View regulatory requirements related to resource traffic, shadow LLMs, and DORA compliance.

  • Threat Hunting: View suspicious activity using insights from resource traffic, risky traffic, malicious IP threats, and external data transfer. You'll see a comprehensive view of the Insights analysis for this persona.

  • Incident Response: View to investigate and recover from security incidents using insights from resource traffic, risky traffic, and malicious IP threats.

  • Data Security: Protect your data from unauthorized access using insights from resource traffic, shadow LLMs, external data transfer, and DORA compliance.

  • Executive Dashboard: Determine risks for decision making using insights from resource traffic, risky traffic, malicious IP threats, shadow LLMs, external data transfer, and DORA compliance.

  • Malware Defense: Detect and block malware threats using insights from resource traffic, risky traffic, and malicious IP threats.

  • IT Manager: Manage your IT systems using insights from resource traffic, risky traffic, external data transfer, and DORA compliance.

Investigation Analyses

  • After you onboard Insights Agent, the first Investigation Analyses generates automatically from between 8 to 24 hours.

  • New Investigation Analyses are generated every 24 hours.

For details about Threat Hunter Investigation Analysis, see About Threat Hunter Investigation Analysis.

To launch and work with an Investigation Analyses, see Launch a Threat Hunter Investigation Analysis.