InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Clouds

Locating and Using the Clouds Page within the InsightCloudSec Platform

Overview

In InsightCloudSec, the Clouds section of the platform is where you manage your connected clouds. This section of the tool allows you to add clouds, and badges, research potential gaps in coverage, monitor and adjust harvesting, and audit data.

The main Clouds page is accessible under the Cloud heading, Cloud --> Clouds.

Clouds Main Landing PageClouds Main Landing Page

Clouds Main Landing Page

Prerequisites

Before getting started with the Clouds main page you will need to have the following:

  • A functioning InsightCloudSec installation
  • At least one connected cloud account
  • the appropriate permissions to view cloud account details

For information on connecting a cloud account, refer to our page on Cloud Account Setup.

If you have other questions or concerns reach out to us through any of the options provided on our Getting Support page.

Cloud Page Summary

As your cloud footprint expands from dozens to hundreds of cloud accounts, this section of the tool becomes increasingly important for ensuring the quality of your data and understanding large-scale changes.

The Clouds page includes a number of tabbed sections that we explore in greater detail on our Cloud Reports page.

Badges

Initially, you will use the Clouds section to add clouds. As you do so, take advantage of the Badge functionality, which allows you to tag your cloud accounts as you would your cloud resources. InsightCloudSec automatically adds system-level badges for cloud type (e.g., AWS) and resource type (e.g., cloud account), as these are required for internal data tracking purposes.

You can add badges to reflect your business priorities. We have seen cloud-savvy customers using, as a baseline, badges for owner, contact email, environment, cost code, risk level, and more. When you add badges to your clouds, you are able to aggregate your data for analysis and to take action based on badge keys and values.

The Badges column on the Clouds page can be used to sort your clouds and the column is included in any .CSV export you create.

Coverage (AWS)

If you have added your master AWS account, InsightCloudSec automatically downloads basic metadata about linked cloud accounts from the master account and displays that information. This information will allow you to determine if any AWS child accounts are unmanaged and unmonitored by InsightCloudSec.

Coverage (Organizations)

If you have added your master GCP domain/organization, InsightCloudSec will automatically add all associated sub-projects. This ensures that no sub-projects remain unmanaged and unmonitored by InsightCloudSec.

For details on organizations refer to the following pages: Organizations (GCP) and Organizations (AWS)

Harvesting

InsightCloudSec continually harvests information from the cloud, looking for any changes since the previous harvest. By default, InsightCloudSec harvests resource configuration information according to a set cadence by resource type.

  • The frequency of harvesting is based on institutional knowledge and general best practices.
  • Harvesting cadence can be modified--decreased to reduce harvesting workload, or increased to track changes closer to real-time--on a cloud type, badge, region, or resource basis to better match harvesting resources with your needs.

📘

Harvesting Cadence

Learn more about configuring your harvesting cadence by region.

Event-Driven Harvesting (Currently AWS Only)

An additional harvesting strategy is available for AWS clouds: Event-driven Harvesting (EDH). When choosing EDH, InsightCloudSec harvests CloudWatch events to receive notifications of resource configuration changes.

  • Upon receiving notification of such changes, InsightCloudSec targets a harvest for that specific resource. This is a difference in approach between "tell me everything" and "tell me what's changed". That difference allows more efficient, real-time harvesting.

An additional benefit of the EDH approach is that the harvested data includes data about change events. That change event data allows you to conduct a more detailed audit of changes, e.g., who, what, when, and where, and allows you to do so in a global fashion, i.e., across all AWS accounts and across all AWS regions, from a single location.

Cloud Permission Visibility

Customers using AWS, GCP, or Microsoft Azure get visibility on missing permissions for their installation. You can identify what permissions are missing and what the impact of those missing permissions has on visibility into that cloud account. Permission issues prevent harvesting and data retrieval of your cloud resources.

  • This data refreshes every two hours. If you've recently made changes to your cloud permissions for this account, please check back in two hours.
  • Note: For AWS accounts there may be Service Control Policies that disable some resources.

As shown in the image below, when viewing cloud permissions, you will see a display clearly identifying the missing permission(s) for each service supported by InsightCloudSec.

Cloud Status Missing PermissionsCloud Status Missing Permissions

Cloud Status Missing Permissions

🚧

Warnings with False Positives - Known AWS Service Control Policy Issue

When viewing details on the Clouds Listing page, InsightCloudSec may provide false positive “Warnings” around missing permissions. In some scenarios the permissions are granted within the Service Control Policy (SCP) but falsely report as missing.

This scenario is the result of a known issue within AWS where if an Organization has an SCP with conditions based on global keys (e.g. aws:PrincipalArn) the IAM Policy Simulator results are not accurate because it does not have context with the global keys.

If you have verified that the specific permissions identified as missing are included in your SCP, you can safely disregard these warnings; otherwise for remaining questions or concerns, contact us at [email protected].

Read more about Service Control Policies

Download Your Cloud Details

In addition to viewing the details of your Cloud accounts through the InsightCloudSec interface, you also have the ability to download this content by selecting the "Download" button at the top of the page above the Clouds listing.

You can sort the data however you'd like before you export and these filters will be reflected in your output; this includes Badges.

Download Clouds DetailsDownload Clouds Details

Download Clouds Details

Selecting "Download" from the buttons on the "Listing" tab of the Clouds section will launch the following form and enable you to include tags, or select existing data collections.

  • Badges are included as a column by default (as of 21.1) so any badges specified in this optional form will be in addition to the default.
  • Select "Download" on the form to export this data in a .CSV file.
Download Clouds FormDownload Clouds Form

Download Clouds Form

Updated 2 days ago

Clouds


Locating and Using the Clouds Page within the InsightCloudSec Platform

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.