Overview and Details on Using the InsightCloudSec Application Context Feature
InsightCloudSec has the ability to dynamically group infrastructure into “Applications”. An Application is a collection of resources/infrastructure that’s dynamically built and maintained as infrastructure scales up/down to support the customers' workloads. These collections are built based on the presence of a specific tag key that is configured within InsightCloudSec. While on the surface they seem similar to Resource Groups, Applications go much further, providing customers with a real time view of the infrastructure backing their apps while also providing data enrichment based on customer input/metadata.
Applications are a powerful scoping mechanism that can be used to create different perspectives across the following parts of the product:
- Layered Context
- Resources (Inventory)
- Compliance Scorecard
- Query Filters
This is an opt-in capability that requires customers to input the tag key that is used for their tagging strategy to define a resource’s application association/purpose. Once configured, customers are encouraged to enrich the application definition with additional context/properties that can be affixed to each application definition. Some customers may elect not to configure this capability due to not having a defined tag strategy with an application tag, or they may need to wait until the capability matures to support multiple tag keys.
To configure the capability, browse to the "Resource --> Applications" section and click "Settings". From the Settings window, enter the tag key from which you wish to build applications. Information on each of the setting inputs can be found below.
- "Tag Key" -- This is the most critical setting as it provides InsightCloudSec with the key that maps to the Application name/identifier. Resources that have this tag key in place will be aggregated and linked together.
- "Case Sensitive" -- This is disabled by default, which means that any variation of the tag key will get grouped together. In the example above, resources tagged with
ApP_id, etc., will all be grouped together. When enabled, the previous examples would result in different groupings.
- "Trim Whitespace" -- Often times when tagging resources, developers can mistakenly prepend/append whitespace to the tag key and/or value. As an example
“App_ID “. The result of this whitespace would be a grouping into a separate application within ICS. By enabling this feature, the whitespace is removed.
Once configured, InsightCloudSec will kick off an initial baseline job to perform the first grouping of resources based on the supplied settings. Note: For larger customers this process can take several minutes. Once complete, customers will see applications listed in the view. The Application Summary view breaks down applications based on "Business Critical" ("crown jewel") association, criticality, and size. By default, all applications are imported as low criticality and are not flagged as business critical. Customers can update application properties by clicking the settings gear for each application.
Applications are kept in sync as a part of our standard data collection. When new resources are provisioned and existing resources are changed, we look at the tags to see if they match the configured Tag Key defined. This synchronization includes standard harvesting as well as event driven harvesting to keep application inventory synchronized in real time.
Customers will find statistics about each application aggregated within this view. Information on the total cloud accounts, resource count, compute cores, object storage, and block storage are summarized for each application. Check out the Application Context - FAQ for additional context on this feature.
Customers can enrich the Application system with additional properties/metadata. These properties can help with enriching InsightCloudSec reporting, filtering, automation, and more. We strongly recommend that customers take the time to update Application properties either in the UI or in bulk via our programmatic API. Note: These properties are optional and not required.
- Description -- This provides a human readable description/name for the application. This can be helpful for customers that use application identifiers; for example:
- Application Category -- An optional category that customers can use to group applications together. These can be used for filtering across the entire application, and in future releases, reporting capabilities will be expanded to aggregate at the application category level.
- Business Critical - Recommended to flag for a customer’s most critical applications that have a high impact on their business/operations. Sometimes referred to as a "crown jewel".
- Point-of-Contact -- The response party/contact for the application.
Applications in Action
Applications are associated with many aspects of InsightCloudSec. The sections below outline some potential use cases for scoping with Applications throughout InsightCloudSec.
Layered Context is one of the areas that benefits most from Applications and their property configuration. First, like Cloud Accounts, they can be used as a pivot point to aggregate cloud misconfigurations, Threat Findings, and vulnerabilities. This allows application owners to gain quick insight into the issues that are most pertinent to their day-to-day operations.
Beyond grouping constructs, Layered Context includes new filters that can be used to identify signals and risks that matter most to customers. The following new filters are included as part of Application Context:
- Application Business Critical -- Only show Layered Context findings from resources associated with an Application
- Application Criticality -- Only show Layered Context findings from resources that are associated with an application that has the selected criticality, for example: High
- Application Point-of-Contact -- Only show findings that are associated with a supplied point-of-contact for the application(s)
Viewing resource inventory within InsightCloudSec also benefits from Application Context. Like Clouds, Badges, and Resource Groups, Applications can be used to only display infrastructure associated with one or more selected applications. This allows application owners to get visibility into all of the compute, networking, storage, and identity that powers their application/workload. Click "Scopes > Applications" to take advantage of this powerful enhancement.
Customers can take advantage of Applications as a way to scope compliance scorecard results. This allows visibility into compliance framework violations at the application level, instead of at a cloud/badge level which often can be far too granular. Application scoping extends beyond the filtering within the browser, allowing customers to pivot by application in the Excel and JSON subscription exports that are sent via Email and/or uploaded to Cloud Storage (for example, AWS S3).
Updated about 1 month ago