Application Context

An Application is a collection of resources/infrastructure that’s dynamically built and maintained as infrastructure scales up or down to support users' workloads. These collections are built based on the presence tags configured within InsightCloudSec.

Applications are a powerful scoping mechanism that can be used to create different perspectives across the following parts of the product:

• Layered Context
• Insights
• Resources (Inventory)
• Compliance Scorecard
• BotFactory
• Exemptions
• Query Filters

Create an application

InsightCloudSec runs a baseline job to group the resources based on the following settings. After the job runs, you can review the application summary.

1. In InsightCloudSec, go to Resources > Applications and click Settings.
2. Enter one or more Tag Keys to help you easily filter all resources with the same tag.
3. (Optional) To disable automatic grouping of resources with the same tag, enable Case Sensitive.
4. (Optional) To automatically remove any whitespace or blank character from a tag key or value, enable Trim Whitespace. If whitespace is accidentally added to a tag or value, a new tag or value is created, which does not relate to the correctly named tag.
5. Click OK.

Application Configuration

To configure the capability, browse to the "Resource --> Applications" section and click "Settings". From the Settings window, enter the tag key from which you wish to build applications. Information on each of the setting inputs can be found below.

• Tag Key -- This is the most critical setting as it provides InsightCloudSec with the key that maps to the Application name/identifier. Resources that have this tag key in place will be aggregated and linked together.
• Case Insensitive -- When enabled, tag key-value pairs will be converted to lowercase to ensure that casing inconsistencies do not result in separate application groupings. This is disabled by default.
• Trim Whitespace -- Often times when tagging resources, developers can mistakenly prepend/append whitespace to the tag key and/or value. As an example " App_ID" or "App_ID ". The result of this whitespace would be a grouping into a separate application within ICS. By enabling this feature, the whitespace is removed.

Review application context

After the application job runs, the Application Summary page displays applications based on Business Critical association, criticality, and size. By default, all applications are imported as low criticality and not flagged as business critical.

Application Summary

Once configured, InsightCloudSec will kick off an initial baseline job to perform the first grouping of resources based on the supplied settings. For larger customers this process can take several minutes. Once complete, customers will see applications listed in the view. The Application Summary view breaks down applications based on Business Critical association, criticality, and size. By default, all applications are imported as low criticality and are not flagged as business critical. Customers can update application properties by clicking the settings gear for each application. Applications are kept in sync as a part of our standard data collection. When new resources are provisioned and existing resources are changed, we look at the tags to see if they match the configured Tag Key defined. This synchronization includes standard harvesting as well as event driven harvesting to keep application inventory synchronized in real time.

Customers will find statistics about each application aggregated within this view. Information on the total cloud accounts, resource count, compute cores, object storage, and block storage are summarized for each application. Check out the Frequently Asked Questions (FAQ) for additional context on this feature.

Edit an application

To edit application properties from Resources, go to Resources > Applications, select your application, and click Settings.

To edit application properties from the Application Summary page, click the settings icon for each application.

(Optional) Configure advanced properties

You can enrich the Application system with additional properties/metadata. These properties can help with enriching InsightCloudSec reporting, filtering, automation, and more. We strongly recommend that customers take the time to update Application properties either in the UI or in bulk via our programmatic API.

1. Go to the Application settings page.
2. Enter a description.
3. Select an Application Category.
4. Determine whether the application is Business Critical by enabling or disabling the option.
5. Enter a Point of Contact.
6. Click OK.

Application Properties

Customers can enrich the Application system with additional properties/metadata. These properties can help with enriching InsightCloudSec reporting, filtering, automation, and more. We strongly recommend that customers take the time to update Application properties either in the UI or in bulk via our programmatic API.

Note: These properties are optional and not required.

• Description -- This provides a human readable description/name for the application. This can be helpful for customers that use application identifiers; for example: App703205.
• Application Category -- An optional category that customers can use to group applications together. These can be used for filtering across the entire application, and in future releases, reporting capabilities will be expanded to aggregate at the application category level.
• Business Critical - Recommended to flag for a customer’s most critical applications that have a high impact on their business/operations. Sometimes referred to as a "crown jewel".
• Point-of-Contact -- The response party/contact for the application.

Applications in Action

Applications are associated with many aspects of InsightCloudSec. The sections below outline some potential use cases for scoping with Applications throughout InsightCloudSec.

Layered Context

Layered Context is one of the areas that benefits most from Applications and their property configuration. First, like Cloud Accounts, they can be used as a pivot point to aggregate cloud misconfigurations, Threat Findings, and vulnerabilities. This allows application owners to gain quick insight into the issues that are most pertinent to their day-to-day operations.

Beyond grouping constructs, Layered Context includes new filters that can be used to identify signals and risks that matter most to customers. The following new filters are included as part of Application Context:

• Application Business Critical -- Only show Layered Context findings from resources associated with an Application
• Application Criticality -- Only show Layered Context findings from resources that are associated with an application that has the selected criticality, for example: High
• Application Point-of-Contact -- Only show findings that are associated with a supplied point-of-contact for the application(s)

Resources

Viewing resource inventory within InsightCloudSec also benefits from Application Context. Like Clouds, Badges, and Resource Groups, Applications can be used to only display infrastructure associated with one or more selected applications. This allows application owners to get visibility into all of the compute, networking, storage, and identity that powers their application/workload.

Go to Scopes > Applications to utilize resources in your application.

Compliance Scorecard

Customers can take advantage of Applications as a way to scope compliance scorecard results. This allows visibility into compliance framework violations at the application level, instead of at a cloud/badge level which often can be far too granular. Application scoping extends beyond the filtering within the browser, allowing customers to pivot by application in the Excel and JSON subscription exports that are sent via Email and/or uploaded to Cloud Storage (for example, AWS S3).

Frequently Asked Questions (FAQ)