DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

Overview

Badges allow you to customize the organization of your cloud accounts within DivvyCloud. Badges are key-value pairs, similar to AWS tags or GCP labels. However, tags and labels are applied to resources, and badges are applied to entire cloud accounts. For example, one badge might have a key of “environment” and a value of “production”.

Be aware that most badge features require appropriate permissions. (Learn more about required permissions here)

In this section, we cover:

  • Adding and removing badges
  • Using badges in notification messages
  • Scoping with badges
  • Viewing your badges summary.

📘

Default Badges & Badge Requirements

  • When a cloud account is added, DivvyCloud automatically assigns it two system badges: system.cloud_type and system.resource_type.

  • In addition, no user-specified badge may begin with system.

  • Badge keys and values are case sensitive.

Adding and Removing Badges

  1. Open the “Clouds” page in your account from the navigation menu (Cloud, then Clouds), and then find the “Badges” column for the cloud to/from which you want to add/remove badges. Click on the number in that column.
  2. The “Add Cloud Badges” dialog window will appear. In this dialog, click the plus icon (+) to create a line for your new badge.
  3. In the new, blank space, add the name of your new badge. Repeat this process for as many new badges as you like.
  • Badge names may not begin with the string system.
  • Both badge keys and badge values are case-sensitive.
  1. To remove any user-created badges, click the minus icon (-) next to each entry you wish to remove.
  2. When you are finished adding and removing badges, click the “SUBMIT” button to save your changes.

Adding and Removing Badges to/from Cloud Accounts

Scoping With Badges

Badges can be used to scope clouds, Insights, resources, Bots, and user roles.

Scoping Clouds With Badges

  1. To narrow your list of clouds by badge, navigate to the Clouds page (Cloud, then Clouds from the left-side menu) and click on the “Search Badge(s)” text box.

Scoping Clouds with Badges - Selecting Badges

  1. A drop-down list showing existing badges will appear. Select the badges you want to use to scope your clouds. For example, selecting the badge "environment:production" will produce a list containing only clouds with badges matching "environment:production."

Scoping Clouds with Badges - Matching at Least One Badge

  1. You can choose multiple badges to narrow your resulting list of clouds. By default, results shown match at least one badge in your provided criteria. To show only those results which match all selected badges, check the “Must Have All Badges” checkbox.

Scoping Clouds with Badges - Matching All Badges

Scoping Insights With Badges

Badges can be used to enhance the functionality of Insights by allowing you to filter how you view your Insights’ results.

  1. Select an Insight pack from the Insights Library (Security, then Insights, then select the Library tab). From there, click the SCOPES button.

Accessing Scopes for an Insight

  1. The Scopes menu will slide in from the right side of the window. Click on the “Select Badges” text box and a drop-down list will appear with all available badges from your list of clouds.

Selecting Scopes for an Insight

  1. As you select badges, both the list of clouds below your selections and the grayed-out results in the center of the window will dynamically change.
  • By default, the results which appear are those which match at least one of the badges you select.
  • To require that all badges must be matched for a result to appear, select “Must Have All Badges”.

Selecting "Must Have All Badges" for an Insight

  1. When you are finished filtering your Insights, click the "X" at the top-right of the Scopes menu.

Scoping Resources With Badges

As with Insights, resources may also be filtered by badges. The process by which you filter resources is identical to that by which you filter Insights. Begin on the Resources page (Resource, then Resources from the left-side navigation). Then refer to the instructions above for filtering Insights with badges.

Scoping Bots With Badges

As with Insights and resources, Bots can be more precisely defined using badges. Administrators and basic users with an admin or editor entitlement can configure this feature.

The process is similar to that used for scoping Insights and resources with badges. To access the BotFactory, select Automation, then BotFactory, from the main navigation.

  1. While creating or editing a Bot, under the “2. RESOURCE TYPES & GROUPS” section, you will see a text box with drop down selection and a “Must Have All Badges” checkbox identical to those seen in Insights and Resources. Select the badges to which you would like to limit your Bot’s scope. You can check the “Must Have All Badges” checkbox to require that each included cloud have all selected badges, rather than at least one.

Scoping Bots with Badges

  1. When your changes are finished, you will see the clouds against which your Bot will run in the box below your selected badges.

Viewing Bots Scoped by Badges During Bot Creation

  1. When you are finished, continue creating/editing your Bot as normal.
  2. To view which badges, if any, are in use for a given Bot, select the bot of interest from your list of Bots. You will find the badges in the “Bot Scope” panel.

Viewing Badges associated with Existing Bots

Scoping User Roles With Badges

Role scopes may be associated with specific badges.

  1. On the Identity Management page (under Administration from the left-side menu), select the Roles & Entitlements tab. To add/remove a badge to/from a role, find the “# Badges” column for the role of interest. Click on the number in that column.

Viewing Badges Associated with User Roles

  1. To add a badge, use the “Associate Roles Scopes” dialog and click on the text input box. This displays a drop down list of all available badges. Click on the badges you want to add. If badges already are associated with this role, click on any white space in the text box to bring up the list of additional badges.

Adding Badges to a User Role

  1. To remove a badge from the role, click on the small x next to the badge’s name.

Removing Badges from a User Role

  1. When you finish adding and removing badges, click “Submit”.

Using Badges in Notification Messages

You can include badges and badging information in messages associated with any of the following Bot actions: Send Bulk Email, Send Delayed Email, Send Slack Message, Send Hipchat Message, Post Request to URL, and Set Container Policy. To do so you will need to use Jinja2 Templating.

An Example Message

The following message uses Jinja2 templating and Slack formatting to send an alert via Slack when a resource is created without tags mandated by policy:

A resource of type `{{event.resource.get_resource_type()}}` was discovered
at `{{event.resource.common.creation_timestamp}}` without the required _owner_
or _contact-email_ tags. The resource name is `{{event.resource.get_resource_name()}}`.
It lives in account `{{event.resource. get_organization_service_name()}}`,
which is owned by {{event.resource.get_badge_value_by_key_for_parent_cloud('owner')}}`.\n---

Example: Using Badges to Send a Slack Message

Suppose a given cloud has a badge of owner and the owner for this cloud is Jane Doe. Then the value returned in the example above for {{event.resource.get_badge_value_by_key_for_parent_cloud('owner')}} will be [email protected].

For more information on Jinja2 templating, click here.

Viewing the Badges Summary Report

With 'Viewing' permissions, you can view Total Badges by Cloud Account by selecting the Badges tab from the Clouds main page.

📘

Domain Admin Privileges Required

You must have Domain Admin privileges to view the summary of badges by cloud account.

This view summarizes your top 10 badges by cloud account in a bar graph, and details all badges in use in the table below the bar graph. Together, these two displays effectively provide a dictionary of your top badges. A Domain Admin can use these displays to manage available badges.

🚧

Top Badges by Cloud Count

Access to the Top Badges by Cloud report (as well as the listing of all Badges) is through the Badges option on the Clouds main page (Cloud, then Clouds from the left-side menu). This information is available only to users with appropriate permissions.

Summary of Badges by Cloud Account (Domain Admins)

Updated 25 days ago

Badges


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.