Simple Mail Transfer Protocol (SMTP) enables InsightCloudSec to send email notifications and is compatible with all InsightCloudSec resources. This functionality, once configured, enables users to create notifications for emails in a variety of different scenarios.
For example, a user can generate an email that includes a list of all Instance Owners who have provisioned an instance without corporate-required tags. Alternatively an email notification could also be generated to list all Instance Owners who have modified an instance removing corporate-required tags.
This example is just one of hundreds of possibilities that you can explore based on your specific needs and driven by your deployed cloud resources, security and compliance goals, and operational strategy.
Before you get started you will want to ensure you have the following:
- A functioning InsightCloudSec installation with the appropriate admin permissions
- Details about your SMTP server (hostname, IP, port, etc.)
Note: Email notifications are isolated to an Organization. This allows you to tailor email settings to business units, geographies, or however your enterprise is structured.
If you have questions or issues with this capability reach out to us through the Customer Support Portal.
Integrations and Templating
Follow the steps below to configure an SMTP server in InsightCloudSec.
1. Login to InsightCloudSec and navigate "Administration --> System Administration".
2. From the Organizations tab, locate the "Actions" menu for the organization to wish you wish to send emails, and select "Configure Email (SMTP)".
3. To configure SMTP, enter the information relevant to your organization (you may need to scroll through the dialog to access all inputs):
- Hostname/IP - Enter the name or IP address of the host used for SMTP transactions, e.g., smtp.your-company-name.com.
- Port - Enter the port used for SMTP transactions, e.g., 465.
- When enabled, SSL will be used to encrypt communications. Select if you want InsightCloudSec to use Secure Sockets Layer (SSL) to encrypt the connection; this selection is recommended if you are sending sensitive information.
- Username - (Optional) Enter the username for the account that you will use to connect to the SMTP server, e.g., [email protected]
- Password - (Optional) Enter the password of the account that you will use to connect to the SMTP server.
- Email - Enter the email address you wish to use as the default for emails sent from InsightCloudSec (e.g., [email protected])
- Domain Whitelist (Optional) - If desired enter an optional list of whitelisted recipient domains (eg: "gmail.com, acmecorp.com, ..."). Email recipients not in this list will be discarded.
- Set as Global Config (checkbox) - If selected the configuration for SMTP supplied here will be applied to all other organizations within your domain.
To leverage Amazon SES refer to our example here.
4. To confirm/test your settings click "test". You should see a confirmation message indicating success (that the SMTP messages was generated) and also verify you've received the email.
Verify Receipt of Email
Once configured, the emails will be "sent" even if they have an incorrectly configured destination. We strongly recommend that you verify receipt of email on your end to ensure your configuration is correct; InsightCloudSec does not include a mechanism to verify the receipt of email.
5. Click on "Submit" to save your settings. You should see "Email Configured" has a checkmark next to the organization you modified.
Part of the SMTP functionality allows users to take advantage of the InsightCloudSec email action within a Bot configuration. To test, you can create a Bot that, based upon its scope and filtering, will return a positive result. In this example, we walk through setting up a Bot to verify that a cloud account has a cloud user.
Check out our BotFactory documentation to learn more about this feature.
You can also review Working with Bots (Best Practices & Examples) for specific examples.
Make a Note!
You will receive one email per match, so choose a test without too many matches!
1. Navigate to "Automation --> BotFactory" from the main menu.
2. Select "Create Bot" and give your Bot a name, description, and category. Click "Next".
3. Select the Scope of your Bot and Filters and click "Next".
4. Select "Add Action" and search for/select "Send Delayed Email" to send yourself an email for all matches.
- Use Jinja2 templating to add resource-specific data in your email.
- You can also dynamically assign a recipient via one or more tags. (You may need to scroll through the dialog to access all setup fields.)
5. Select when to run your Bot.
6. Review and run your Bot.
Bot Status (Paused)
Bots are created in a paused state. This default allows you to review your Bot before running your Bot.
You can review your Bot using the Bot Overview, available via "Automation --> Botfactory" by clicking on the name of the target Bot on the Listing page.
When you are ready to run your Bot, on the Bot Listing page, select the target Bot and then "Enable" from the action submenu next to the name of your Bot. Return to the action submenu and select "On demand Scan."
6. Finally, check your email to see the results.
Pack-level notifications enable customers to send emails based on packs of Insights. This includes both the out-of-the-box Compliance Packs that are included with InsightCloudSec and any Custom Packs a customer may create for their specific environment.
In our previous Bot example we configured a single email for a single Insight. While this single email per Insight may be appropriate for your use, you may also seek a different level of granularity. Pack-level notifications can configure a single email that can be generated for an entire group of Insights.
The pack-level notification capability includes cadence settings to send an email weekly, daily, or hourly. It allows for the delivery of information around an entire category of Insights, enabling organizations to cut down on the "noise" of notifications generated from several bots, since each Bot can only send an email for a single Insight.
Before setting up a pack-level notification email, you will need:
- An InsightCloudSec installation with Organization or Domain Admin permissions
- A working SMTP configuration
It's important to note that selecting a specific hour or minute will not guarantee delivery of an email notification at the specified time.
When selecting a delivery time you must account for the time required to process the request and create the data for the email notification.
For example, if the cadence is shorter than the time to takes the system to process the request and generate the reports, a user may receive two copies of the email notification.
To avoid issues with your delivery we recommend a cadence that is atleast 10 minutes or longer.
To configure an email notification, you can set up the notification (subscription) based on an Insight Compliance Pack or a Custom Pack. Complete the following steps.
1. Navigate to "Security --> Insights" and locate the Insight Pack you want to use as the basis of your notification.
2. Click the actions menu to the left of the name of the target Insight pack. Select "Manage Subscriptions".
3. Click "Add New Subscription" and complete the details for your email subscription including the following details:
- Subscription Name
- Description (optional)
- Recipient Email(s) - drop-down men
- Your desired frequency
4. Click "Subscribe" when you have completed the fields as desired.
5. To test your newly created subscription, select the ellipsis menu to the right of the subscription name and select "Send Now".
- If you've supplied an invalid email address or you do not have an SMTP server configured, the system will respond with an error.
Note: This is where you will also access any existing subscriptions or notifications if you need to edit or update them.
6. Success! Your intended recipients should receive an email with the details you configured.
- Download the excel attachment to view your report findings for the notification (e.g. HIPPA Subscription).
Updated 4 months ago