InsightConnect Workflow Design - UBA Alerts

One critical part of building or customizing workflows in InsightConnect is being able to break down your own security processes into individual steps. To help folks better understand how to do exactly that, we wanted to share the image below of a workflow design. Note that this is not an actual InsightConnect workflow, but rather a “plan” for a workflow that showcases the steps required to complete a particular set of tasks, which could then be automated.

This workflow design is for UBA alerts received in InsightIDR - specifically the case where a user might login from an unknown location. This flow of logic would allow you to automate things like looking up a user to determine their current status, sending a message to their manager to check travel status, as well as both human and automated decisions that enable you to ultimately decide whether this user should be quarantined based on their suspicious activity.

Hopefully this gives you some inspiration when it comes thinking about your own processes and how you can begin to automate some of those manual tasks you encounter daily. If you’d like to save this workflow design for future use or share it with team members, you can download it below in PDF form. And feel free to post here if you have any questions or tips to share on how you go about creating your own workflows in InsightConnect!

UBA Workflow Design.pdf (1.8 MB)


Awesome :smiley:

1 Like

Great post Holly