Hello,
Just wondering if anyone has any idea of how to create a search for log in and log out events/ screen timeout. Trying to create a picture of the amount of hours spent at a PC.
Thanks,
Jon
Unfortunately the Insight Agent does not records some of the Event ID’s needed for this. Here is a list of EID’s collected by the Insight Agent:
https://docs.rapid7.com/insightidr/insight-agent/#monitored-event-codes
This is correct, natively the agent doesn’t pull everything.
You have this option which can be configured to pull the entire System, Security and Application logs using the logging.json config file
David