# INSIGHT Quick Start Guide

GuardWare INSIGHT is a data visibility and monitoring solution that helps your organisation understand how data is being accessed, shared, and used across both internal and external environments. It provides a unified view of user activity and file movement, allowing you to detect unusual behaviour, potential data leaks, and policy violations in real time.

**Before you begin, make sure you have:**

* Access to the GuardWare Management Console.
* Endpoints ready for INSIGHT agent deployment.
* A Microsoft 365 Global Administrator account if you plan to monitor Exchange Online or SharePoint Online.

{% stepper %}
{% step %}

### Log in to the Console

1. Open the GuardWare Management Console.
2. Sign in with your admin account.
3. Complete 2FA, accept the EULA, and change the password if prompted.
   {% endstep %}

{% step %}

### Set up Cloud Monitor

Cloud Monitor audits user activities within your organisation’s Microsoft 365 environment, including Exchange Online and SharePoint Online.

To set up Cloud Monitor:

1. Navigate to **ORGANISATION** > **Integrations**.
2. Click **Connect Microsoft 365**.
3. Sign in with a Global Administrator account.
4. Approve MFA if prompted.
5. Select **Consent on behalf of your organisation**.
6. Click **Accept**.

Then go to **INSIGHT** > **Cloud Monitoring** and:

* Enable **Exchange Monitoring** if needed.
* Assign users to the monitoring group.
* Enable **SharePoint Monitoring** if needed.
* Run **Sync** to pull the latest Microsoft 365 data.<br>

  <figure><img src="/files/PAieGfmBv4fEANm5BCXV" alt=""><figcaption></figcaption></figure>

{% endstep %}

{% step %}

### Download the INSIGHT Agent

The GuardWare INSIGHT Agent is installed on endpoint devices to continuously monitor user activities and file interactions, including file transfers, email attachments, printing, access to non-corporate websites and applications, etc.

1. Navigate to **Resources** > **Agent Download**.
2. Go to **INSIGHT Agent**.
3. Configure the required fields and click **Submit**.<br>

   <figure><img src="/files/O4zRuyhGK0kqF6fQisyQ" alt=""><figcaption></figcaption></figure>

Once the installation settings are complete, the **Download Installer** link becomes available. Click it to download the agent with the configured settings.
{% endstep %}

{% step %}

### Whitelist INSIGHT

Whitelist INSIGHT in the endpoints' AV, EDR, or XDR platforms.

1. Add `C:\Program Files (x86)\GuardWare\` to the allowlist.
2. Add `C:\ProgramData\Guardware` to the allowlist.

See [Whitelist GuardWare INSIGHT](/setup-and-deploy/whitelist-guardware/whitelist-insight.md) for the full list of files, services, and network exceptions.
{% endstep %}

{% step %}

### Install INSIGHT Agent on endpoints

Deploy the INSIGHT agent on your endpoints.

{% if visitor.showHidden == false %}
If you're upgrading from INSIGHT v4, uninstall v4 first. See [Upgrading from INSIGHT Agent v4](/setup-and-deploy/install-agent/install-insight-agent.md#upgrading-from-insight-agent-v4) for details.
{% endif %}

To install INSIGHT Agent:

1. Run the INSIGHT Agent installer on the endpoint.
2. Complete the setup wizard.

{% hint style="info" %}
INSIGHT Agent can also be deployed via Active Directory, Microsoft Intune, and third-party solutions. See [Installation Methods](/setup-and-deploy/install-agent/install-insight-agent.md#installation-methods) for details.
{% endhint %}

After deployment, open **INSIGHT** > **Devices** and confirm each device shows the expected:

* **Device Name** and **User Name**.
* **Setting Assigned** and **Last Online Time**.
* **Agent Version**.

If a device does not look right, use [INSIGHT Status Monitor](/insight/dashboard/insight-status-monitor.md) to review endpoint status.
{% endstep %}

{% step %}

### Configure Organisation Settings

Set the organisation-wide settings that INSIGHT uses for monitoring and reporting.

Navigate to **INSIGHT** > **Organisation Settings** and configure:

* **Working Days** for accurate activity timing.
* **Websites**, **Applications**, **Printers**, and **USBs** as organisational or non-organisational.
* **Email Domains** as organisational, insecure, or undefined.
* **Trusted Emails** to reduce false positives.
* **OneDrive Folder**, **AI Usages**, and **SharePoint** settings where needed.

<figure><img src="/files/vHgifXVT7ZILdz03ETnr" alt=""><figcaption></figcaption></figure>

For the detailed configuration steps, see [Organisation Settings](/insight/settings/organisation-settings.md).
{% endstep %}

{% step %}

### Create a User Policy and assign users

User Policies define how user activities are monitored, governed, and controlled within the organisation.

By default, new users are assigned to INSIGHT's base policy. If a different policy is configured as the default policy, all new users are automatically assigned to that policy.

To create a user policy:

1. Navigate to **INSIGHT** > **User Policies** and click **New User Policy**.
2. Add the policy name and description.
3. Configure the environment settings.
4. Add and configure the data types you want to monitor.
5. Save the policy.

<figure><img src="/files/0zvdIRngMFGea0HIPFlV" alt=""><figcaption></figcaption></figure>

Then assign users from either:

* **INSIGHT** > **User Policies** > **Assign Users**.
* **End Users > INSIGHT > Assign Policies**.

See [User Policies](/insight/policies/user-policies.md) for more details.
{% endstep %}

{% step %}

### Define risk levels

Go to **INSIGHT** > **Risk Definition** and assign the risk levels for different user activities across applications, email, file sharing, and data transfers.

Start with the categories that matter most:

* SharePoint external and internal activity.
* Email, website uploads, and file-sharing applications.
* USB transfers, printing, keystrokes, copy/paste, and AI usage.

These risk levels drive dashboard visibility and help teams prioritise incidents.

<figure><img src="/files/QKpxIgqagROCxW2Dyvj6" alt=""><figcaption></figcaption></figure>

See [Risk Definitions](/insight/settings/risk-definitions.md) for more details.
{% endstep %}

{% step %}

### Configure Advanced Settings and assign to devices

Advanced Settings define the global monitoring parameters applied across audit reports and device policies in GuardWare INSIGHT.

The table below provides an overview of every Advanced Setting and what it does.

<table><thead><tr><th width="188.199951171875">Section</th><th>What It Does</th></tr></thead><tbody><tr><td><a href="#report-upload-and-communication-settings">Report Upload &#x26; Communication Settings</a></td><td>Controls the intervals, durations, timeouts, and bandwidth settings for uploading reports and downloading policies and commands.</td></tr><tr><td><a href="#applications-monitored-at-network-level">Applications Monitored at Network Level</a></td><td>Lists applications monitored for sensitive data uploads at the network level.</td></tr><tr><td><a href="#ip-addresses-not-monitored-at-network-level">IP Addresses Not Monitored at Network Level</a></td><td>Lists IP addresses included or excluded from network-level monitoring.</td></tr><tr><td><a href="#applications-with-monitored-ssl-traffic">Applications with Monitored SSL Traffic</a></td><td>Defines which applications have their SSL traffic monitored when network monitoring is used.</td></tr><tr><td><a href="#websites-with-monitored-ssl-traffic">Websites with Monitored SSL Traffic</a></td><td>Defines which websites have their SSL traffic monitored using certificate common names.</td></tr><tr><td><a href="#applications-with-monitored-keystrokes-and-copy-paste">Applications with Monitored Keystrokes and Copy/Paste</a></td><td>Specifies applications where keystroke and copy/paste activity is monitored or excluded.</td></tr><tr><td><a href="#websites-with-monitored-keystrokes-and-copy-paste">Websites with Monitored Keystrokes and Copy/Paste</a></td><td>Specifies websites where keystroke and copy/paste activity is monitored or excluded.</td></tr><tr><td><a href="#applications-monitored-at-network-level-lsp">Applications Monitored at Network Level (LSP)</a></td><td>Lists applications monitored at the network level using the LSP approach.</td></tr><tr><td><a href="#status-of-client-components">Status of Client Components</a></td><td>Lists client components and controls whether each is enabled or disabled.</td></tr><tr><td><a href="#file-extensions-monitored-at-file-system-level">File Extensions Monitored at File System Level</a></td><td>Filters file upload monitoring by file extension type.</td></tr><tr><td><a href="#applications-monitored-at-file-system-level">Applications Monitored at File System Level</a></td><td>Lists applications monitored for sensitive data uploads at the file system level.</td></tr><tr><td><a href="#applications-monitored-at-file-system-level-to-provide-file-path-information">Applications Monitored at File System Level to Provide File Path Information</a></td><td>Lists applications monitored to provide full file path data for network monitoring.</td></tr><tr><td><a href="#applications-monitored-at-file-system-level-where-repeated-incidents-are-ignored">Applications Monitored at File System Level where Repeated Incidents are Ignored</a></td><td>Suppresses repeated incident alerts from specified applications at the file system level.</td></tr><tr><td><a href="#applications-hosting-websites-with-end-to-end-encryption">Applications Hosting Websites with End-to-End Encryption</a></td><td>Lists browser applications monitored at the file system level to intercept file uploads on end-to-end encrypted websites.</td></tr><tr><td><a href="#websites-with-end-to-end-encryption">Websites with End-to-End Encryption</a></td><td>Lists websites with end-to-end encryption where file system monitoring is required alongside network monitoring.</td></tr></tbody></table>

To configure Advanced Settings:

1. Navigate to **INSIGHT** > **Advanced Settings,** and click **+ New Advanced Setting**.
2. Add a clear name and description.
3. Configure the settings you need.
4. Review and save the configuration.

<figure><img src="/files/9JjRwGh97lStNFuKCDoT" alt=""><figcaption></figcaption></figure>

Then assign the settings to devices from **INSIGHT** > **Advanced Settings > Assign Devices.**

See [Advanced Settings](/insight/policies/advanced-settings.md) for details.
{% endstep %}

{% step %}

### Configure Reports

Set up scheduled reporting once devices and users are active.

Configure:

* [Risk Summary](/insight/reporting/risk-summary.md) for a consolidated, high-level overview of risky activities and user behaviour of your organisation in a single email.
* [Cyber Awareness Report](/insight/reporting/cyber-awareness.md) for contextual reports via email sent directly to end users when a risk associated with their activity is triggered.

Use test emails before broad distribution. Then enable the schedules you want.

To configure **Risk Summary**:

1. Navigate to **INSIGHT** > **Risk Summary**.
2. Click **+ New Risk Summary**.
3. Set the schedule, filters, recipients, and widgets.
4. Send a test email, then save the report.

To configure **Cyber Awareness**:

1. Navigate to **INSIGHT** > **Cyber Awareness**.
2. Click **Configure Cyber Awareness Report**.
3. Choose the schedule, users, recipients, and risks.
4. Send a test email, then create the report.

See [Risk Summary](/insight/reporting/risk-summary.md) and [Cyber Awareness](/insight/reporting/cyber-awareness.md) for the full configuration steps.
{% endstep %}

{% step %}

### Monitor user activities in the Dashboard

Once data starts flowing, monitor activities from the dashboard in **INSIGHT** > **Dashboard**. INSIGHT Dashboard provides a centralised view of your organisation’s data activity, user behaviour, and potential security risks.

The dashboard includes the following Risk Category tabs, allowing you to switch between different risk areas. Each tab contains widgets that provide insights into data usage patterns, trends, and potential threats.

1. **Risk Summary** provides an overview of key security and data protection indicators across your organisation.
2. **Data Type Risks** help you review policy hits by content type.
3. **SharePoint Risks** help you review file access, downloads, anonymous links, and external sharing activity.
4. **AI Usage Risks** help you monitor AI websites, AI applications, file uploads, and sensitive prompts.
5. **Behaviour Risks** help you spot productivity trends and unusual activity patterns across users.
6. **Label Events** help you track activity involving labelled Office documents and emails.
7. **Location Risks** help you identify where risky activity is happening across countries and regions.
8. **Protected Files** help you monitor how protected files move through applications, email, websites, and storage devices.
9. **System Risks** help you monitor device status, active users, audit activity, and cloud sync health.

<figure><img src="/files/LeviQrdEVdVJ0KkTPp7W" alt=""><figcaption></figcaption></figure>

You can also create a custom dashboard for your team and choose the users, devices, data types, risks, and widgets that matter most for that view.

For details, see [INSIGHT Dashboard](/insight/dashboard/insight-dashboard.md).
{% endstep %}
{% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.guardware.com/insight/getting-started/insight-quick-start-guide.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.