Hi all,
i was just notified the company was bought by another company, my CISO wants to join both infrastructures in the same InsightIDR platform we have. I remember i saw somewhere in the documentation that this is possible since our domain will be the primary domain and the other company will be a child domain. Has anyone done something like this in the platform to be able to mix both domains but keep them marked as different.
If the newly acquired company will be merged in as a sub-domain to your parent domain then your current LDAP event source should be able to pull in all records for anything below it. You will of course need to create its own AD, DNS, and DHCP event sources for the applicable servers within that subdomain though.
As far as tagging to the right domains is concerned, the user details page will pull in all info for the domains the User belongs to based off of the accounts they hold. Also, the AD events and Asset Authentication events themselves would list the FQDN of the asset that the request or activity came from so you will still be able to see in which domain the activity is occurring.
What authentication mechanism are you using in InsightVM? If the 2 domains are separate could you add the other domain as another authentication source?
The original question was regarding InsightIDR and not InsightVM, otherwise you would be correct on how to authenticate to separate domains.