InsightIDR - Local Backup

Hi,

May I know if there is a way to sort of download all your logs sent to InsightIDR (time period is set to say once a month or quarter)?

InsightIDR do have the S3 archiving but this requires someone to have an AWS account.
Just in case someone doesn’t have it then their option is only to kind of download it. Is this viable?

Best Regards,

Hey @nowel,

As you stated, the S3 archiving is definitely the recommended way to go, however, in the event that can’t happen, you should be able to do it by going to your log search, selecting what log sets you would like to export, adjust your time picker accordingly, then run a blank query (nothing in the query bar). Once done you can export to csv, rinse repeat with other log sets. There are some drawbacks to this:

  1. there is a limit to how many logs you can download at one time, I believe it’s a million or so, so if you have a lot of logs, this is very time consuming

  2. This is not automated, it’s manual…enough said

  3. This will only export the logs that have been parsed or moved to log search

You can also try the REST API to automate the process outside of the IDR console, which may be a better way to go than the above method:

https://docs.rapid7.com/insightidr/insightidr-rest-api

One of the drawbacks of using the API is it’s more technical to perform. I will let others chime in if they can offer a more viable solution.

2 Likes

Thanks a lot for that detailed information!

Ill check on the API and see what I can make of it.

Best Regards,

1 Like

My pleasure, @nowel!!