InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

BotFactory & Automation

An Overview of Bots, the InsightCloudSec Automation Feature.

Suggest Edits

Overview

In InsightCloudSec, a Bot (short for 'robot'), is an automated program that executes an action. Bots execute a user-defined action or actions on resources according to user-defined conditions.

The Bots you create through BotFactory use your resources and the InsightCloudSec Filters (or a user-specified condition for matching resources) to help you narrow the scope of analysis. Combining filters via Insights provide additional refinement to give you the ability to answer specific questions for your Bots to take action on.

Here's a simple graphic that explains the relationship between some of the key InsightCloudSec components including Bots.

InsightCloudSec Feature OverviewInsightCloudSec Feature Overview

InsightCloudSec Feature Overview

Using Insights allows you to combine filters, scope, and reporting around resources. For scenarios that address multiple security or compliances issues, users can take advantage of Insight Packs through Compliance Packs (which are Insight Packs that come out-of-the-box with InsightCloudSec), or Custom Packs (which are user created Insight Packs).

How Does a Bot Work?

A Bot is composed of a scope, filter(s), and action(s). These components are defined below.

Components

Definition

Example

Scope

Scope specifies the resources the Bot will evaluate. A Bot will only evaluate resources within the scope of clouds or resource groups you choose.

A scope may confine the Bot to act on resources of a certain type or resources contained within specific resource groups or cloud accounts.

Filters

Filters define the conditions specifying what a Bot should act upon.

A filter confines a Bot to act only on scoped resources meeting specific conditions. For example, the tags the resource has (or does not have), or whether ports are (or are not) open.

Actions

Actions specify what a bot does. Actions are executed for a single resource at a time. When a Bot includes multiple actions, the actions are executed in parallel. If you want actions to run in a specific order, some actions have a "delay" option that can be set to wait a certain amount of time after the Bot is triggered.

An action may delete a resource, start or stop an instance, or send an email containing information about the evaluated resource.

Prerequisites for Bots

Before getting started with BotFactory you will need:

  • A functioning InsightCloudSec platform
  • Appropriate permissions for the actions and resources required to create your Bot, including the appropriate entitlements for BotFactory (either Editor or Admin)
  • An understanding of the actions you want your Bot to perform

In the next sections of the BotFactory documentation we cover:

Updated about 13 hours ago

BotFactory & Automation

An Overview of Bots, the InsightCloudSec Automation Feature.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.