Helpful Log Search Queries for Labels

If anyone has not used labels in IDR Log Search before I would highly recommend giving it a read through and seeing if it might be right for you:

https://docs.rapid7.com/insightidr/custom-alert-details/

Labels can be a good tool for organization and quickly being able to spot particular logs easily in log search without having to create or paste a query. Here are a few example queries (in simple mode) I have used for labels only, no investigations or notifications:

Agreed! Labels are awesome and can quite useful. I use them on a regular basis when I want to get a quick detailed view into very specific events. I use them to pull out things like Python, cmd.exe, and others. Well worth looking into and using.