To find USB storage logs on endpoint devices, do I need to configure anything on the device, or can I see those logs with the current config out-of-the-box agent Rapid7IDR agent?
Hi,
the agent only pulls a small number of security log events out of the box.
See here Insight Agents with InsightIDR | InsightIDR Documentation
What are these events you are referring to? Specific windows event ids?
David