DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

Overview

In DivvyCloud, the Clouds section of the platform is where you manage your connected clouds. This section of the tool allows you to add clouds, and badges, research potential gaps in coverage, monitor and adjust harvesting, and audit data.

The main Clouds page is accessible under the Cloud heading, Cloud --> Clouds.

Clouds Main Landing Page

Prerequisites

Before getting started with the Clouds main page you will need to have the following:

  • A functioning DivvyCloud installation
  • At least one connected cloud account
  • the appropriate permissions to view cloud account details

For information on connecting a cloud account, refer to our page on Cloud Account Setup.

If you have other questions or concerns reach out to us through any of the options provided on our Getting Support page.

Cloud Page Summary

As your cloud footprint expands from dozens to hundreds of cloud accounts, this section of the tool becomes increasingly important for ensuring the quality of your data and understanding large-scale changes.

The Clouds page includes a number of tabbed sections that we explore in greater detail on our Cloud Reports page.

Badges

Initially, you will use the Clouds section to add clouds. As you do so, take advantage of the Badge functionality, which allows you to tag your cloud accounts as you would your cloud resources. DivvyCloud automatically adds system-level badges for cloud type (e.g., AWS, and resource type, e.g., cloud account - as these are required for internal data tracking purposes.)

You can add badges to reflect your business priorities. We have seen cloud-savvy customers using, as a baseline, badges for owner, contact email, environment, cost code, risk level, and more. When you add badges to your clouds, you are able to aggregate your data for analysis and to take action based on badge keys and values.

Coverage (AWS)

If you have added your master AWS account, DivvyCloud automatically downloads basic metadata about linked cloud accounts from the master account and displays that information. This information will allow you to determine if any AWS child accounts are unmanaged and unmonitored by DivvyCloud.

Coverage (Organizations)

If you have added your master GCP domain/organization, DivvyCloud will automatically add all associated sub-projects. This ensures that no sub-projects remain unmanaged and unmonitored by DivvyCloud.

For details on organizations refer to the following pages: Organizations (GCP) and Organizations (AWS)

Harvesting

DivvyCloud continually harvests information from the cloud, looking for any changes since the previous harvest. By default, DivvyCloud harvests resource configuration information according to a set cadence by resource type.

  • The frequency of harvesting is based on institutional knowledge and general best practices.
  • Harvesting cadence can be modified--decreased to reduce harvesting workload, or increased to track changes closer to real-time--on a cloud type, badge, region, or resource basis to better match harvesting resources with your needs.

📘

Harvesting Cadence

Learn more about configuring your harvesting cadence by region.

Event Driven Harvesting (Currently AWS Only)

An additional harvesting strategy is available for AWS clouds: Event-driven Harvesting (EDH). When choosing EDH, DivvyCloud harvests CloudWatch events to receive notifications of resource configuration changes.

  • Upon receiving notification of such changes, DivvyCloud targets a harvest for that specific resource. This is a difference in approach between "tell me everything" and "tell me what's changed". That difference allows more efficient, real-time harvesting.

An additional benefit of the EDH approach is that the harvested data includes data about change events. That change event data allows you to conduct a more detailed audit of changes, e.g., who, what, when, and where, and allows you to do so in a global fashion, i.e., across all AWS accounts and across all AWS regions, from a single location.

Cloud Permission Visibility

Customers using AWS, GCP, or Microsoft Azure get visibility on missing permissions for their installation. You can identify what permissions are missing and what the impact of those missing permissions has on visibility into that cloud account. Permission issues prevent harvesting and data retrieval of your cloud resources.

  • This data refreshes every two hours. If you've recently made changes to your cloud permissions for this account, please check back in two hours.
  • Note: For AWS accounts there may be Service Control Policies which disable some resources.

As shown in the image below, when viewing cloud permissions, you will see a display clearly identifying the missing permission(s) for each service supported by DivvyCloud.

Cloud Status Missing Permissions

Download Your Cloud Details

In addition to viewing the details of your Cloud accounts through the DivvyCloud interface, you also have the ability to download this content by selecting the "Download" button at the top of the page above the Clouds listing.

Download Clouds Details

Selecting "Download" from the buttons on the "Listing" tab of the Clouds section will launch the following form and enable you to include tags, Badges, or select existing data collections. Select "Download" on the form to export this data in a .CSV file.

Download Clouds Form

Updated about a month ago


Clouds


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.