May I know if there is a way to sort of download all your logs sent to InsightIDR (time period is set to say once a month or quarter)?
InsightIDR do have the S3 archiving but this requires someone to have an AWS account.
Just in case someone doesn’t have it then their option is only to kind of download it. Is this viable?
As you stated, the S3 archiving is definitely the recommended way to go, however, in the event that can’t happen, you should be able to do it by going to your log search, selecting what log sets you would like to export, adjust your time picker accordingly, then run a blank query (nothing in the query bar). Once done you can export to csv, rinse repeat with other log sets. There are some drawbacks to this:
there is a limit to how many logs you can download at one time, I believe it’s a million or so, so if you have a lot of logs, this is very time consuming
This is not automated, it’s manual…enough said
This will only export the logs that have been parsed or moved to log search
You can also try the REST API to automate the process outside of the IDR console, which may be a better way to go than the above method: