Release 18.2 broadens Insight capabilities by enabling the association of badges when viewing DivvyCloud’s Cloud Compliance and Custom Packs. Badges can now be used when managing cloud environments and for report subscriptions. The release also broadens support for Microsoft Azure, VMware and AWS. Listed below are the highlights, actions and filters associated with our second release of 2018.
External authentication options now include Azure Active Directory (AD). Azure AD has grown in popularity over the years and now customers can leverage their directory to manage and authenticate users within the DivvyCloud platform.
- Expanded support for vApp (stop, start, delete)
- Move virtual machines into/out of vApps
- Support for identifying VMware tool status
- Support for validating Hypervisor NTP settings
- Insight into virtual machine connection status/health
- Support for Azure PostgresSQL
- Support for Azure MySQL
- Filters/Insights to inspect authorized network rules across SQL services
Amazon Web Services
- Support for CloudFormation Templates
- RDS VPC support
- Support for RDS read replicas
- Support for identifying network load balancers with cross zone balancing
- Harvest the service encryption key associated with a Lambda function
- Elasticsearch support for GovCloud
- Customize Insight/Insight Pack views leveraging badges
- Dynamically partition resource management
- Associate badges with Insight Pack subscriptions for customized reporting
Resource Management at scale has never been easier. Scope can be easily adjusted to distill your views down by Cloud, Resource Group and/or Badge. This new capability improves visibility into distinct areas of a customers cloud footprint.
Insight Timeseries data is now persisted within the MySQL database and will be maintained for a total of 60 days.
Based on customer feedback, we now default to Table View. This allows for more granular visibility on the issues in cloud accounts, as well as an aggregate total for your entire cloud footprint. We also wanted to call out the List View will be deprecated in favor of the Table View in 18.3.
Customers can now associate their own notes, context and remediation actions with their custom Insights. Simply click on the pencil in the top right of the Insight Overview. This data can aid in conveying the Insight purpose and configuration to users.
Customers are now able to bulk add/remove Insights to their Custom Packs, and bulk favorite/delete Insights within the table view.
Existing compliance Insight Packs have a new addition in the form of FedRAMP. With over 40 Insights this pack can accelerate FedRAMP compliance within public cloud.
This filter compliments our current Resource Does Not Contain Keys filter, but will match if a resource does not contain any of the supplied tags. Note that we also renamed the Resource Does Not Contain Keys filter to Resource Does Not Contain All Keys. This is so each filter is less ambiguous and more direct on exactly what we’re filtering for.
This new action can be used manually or in the context of a Bot. It will set the retention policy of automated database backups to the supplied value.
This new action can be used to enable log file validation on AWS CloudTrail resources.
Set the retention policy for automated backups of Big Data instances. This action also allows automated backups to be disabled.
Enable/disable static website hosting from a storage container.
Create an instance snapshot of a VMware virtual machine
Gracefully tear down Cloud Formation Stacks.
Identify storage containers, such as AWS S3, with or without a bucket policy associated.
Identify compute instances that have a reserved/fixed public IP associated which enables communication over the Internet.
Identify compute instances that have an ephemeral/dynamic public IP associated which will be changed each time the system goes through a stop/start power cycle.
Identify private images which were created and are owned by the account and not ones which are shared with other accounts and/or were acquired from the cloud native marketplace.
Identify Stack Templates such as AWS CloudFormation based on the lifecycle state.
Identify cloud users with API keys in an active or inactive state.
Identify resources which do not have a single tag associated, including newly supported Stack Templates.
Identify serverless functions such as AWS Lambda which are associated with a private network/VPC
Identify compute instances which have/do not have a role associated which grants permissions to cloud resources.
Identify whether or not a database instance is a read replica. This can be essential when looking to optimize based on database connections.
This filter will allow customers to identify explicit port ranges. As an example, you can focus an Insight on all traffic that opens ports 0-65535.
Find storage containers that have/have not been configured to serve as websites so they’re not being pulled as exposed to the world and help remove false positives.
Filter to find storage containers that have lifecycle policies, e.g., archive objects older than X, in place. This helps with cost containment/control.
Find API Accounting Configuration resources such as AWS CloudTrail based on the bucket they do/do not feed into.
Identify resources which leverage encryption at rest based on the supplied key which is used to encrypt them.
Identify resources which leverage encryption at rest and are using the default provider encryption key(s)
Identify VMWare Hypervisors that have enabled or disabled the Network Time Protocol client.
For Amazon Web Service customers, the role/user policy associated with each connected account will need to be adjusted to include the permissions below. For customers leveraging read-only policies, there is no need to include the “cloudformation:DeleteStack” permission.
"cloudformation:DescribeStacks", "cloudformation:DescribeStackResources", "cloudformation:DeleteStack"
We have also removed the ability to leverage Hipchat as an integration (Atlassian is retiring the service and replacing it with Stride).