InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

AWS Event-Driven Harvesting

Overview of InsightCloudSec's Event-Driven Harvesting Using Amazon Web Services


InsightCloudSec has the capability to augment standard polling-based harvestingharvesting - is the term used to describe how DivvyCloud collects data from the cloud service providers. along with Event-Driven Harvesting (EDH). EDH pulls data from AWS CloudWatch Events and AWS CloudTrail into a central Eventbus for InsightCloudSec's consumption.

This dynamic approach to data collection not only improves InsightCloudSec's cadence for providing resource visibility and opportunities for remediation, but also enriches the data with lifecycle changes that enable auditing capabilities. With EDH-provided data, identifying how a resource entered a noncompliant state becomes much easier at scale.

Basic EDH StructureBasic EDH Structure

Basic EDH Structure


Before you get started with EDH, you need to ensure you have the following:

  • A functioning InsightCloudSec platform with the appropriate Admin (Org or Domain) permissions
  • A basic understanding of the relevant AWS services
  • Appropriate AWS IAM permissions
  • A strategy around the behaviors you want to use to configure EDH

If you have questions or encounter issues, reach out to us at [email protected].

Understanding EDH Concepts

EDH relies on a relationship between a Producer and Consumer.

  • A Producer is an AWS account that is configured to forward cloud events to another account.
  • A Consumer is a central account that ingests events from one or more Producers. Consumers also create their own events and are essentially Producers as well.

EDH uses an Amazon Simple Queue Service (SQS) topic to retrieve the consumed events on a region-by-region basis. Customers are encouraged to set up at least two Consumers: one to consume data from development environments and another to consume data from the production environment.

EDH Supported Resources

For a complete and up-to-date list of support AWS resources refer to the EDH - Supported Resources (AWS) page.

Configuration Options


EDH Support Details

InsightCloudSec includes:

  • Support for EDH in multiple environments with both environments monitoring the same accounts as Producers, perhaps one as ReadOnly and the other as PowerUser. If you plan on enabling EDH in multiple environments, using the same accounts as Producers, there is some customization required in your deployment. The "fix" is easy, but best done with help. Contact your CSM or support.
  • Support for AWS-GovCloud is configured and behaves in the same manner as EDH in non-AWS GovCloud environments. Supported resources are also the same, except where a resource is not offered by AWS within GovCloud. If you have specific support questions or concerns reach out to us.

Check out EDH - Supported Resources (AWS) for full details.

Contact [email protected]

One additional advantage with EDH resides in the configuration options available. Our current platform includes support for two possible configuration routes, as detailed below.

Fully Automatic Setup for Producer

Using this approach InsightCloudSec will automatically configure both the AWS IAM and CloudWatch resources. You will be required to provide the appropriate permissions, and InsightCloudSec creates the IAM Eventbus role/policy. InsightCloudSec will also create and update CloudWatch rules during any platform upgrade.

Manual Setup for IAM Option

Using this approach InsightCloudSec will not automatically provision IAM resources; however, it will set up your CloudWatch resources. You will be required to manually create the Eventbus role/policy. For customers who do not want to use InsightCloudSec's exact paths or names for the role/policy, we can work with you on alternatives. Reach out to us through [email protected] before you get started using this approach.

Org-Level (CloudTrail EDH)

In addition to standard Event-Driven Harvesting (EDH) capabilities, InsightCloudSec also includes support for Org-level (CloudTrail Mode) EDH. Org-Level EDH behaves in the same way as the existing EDH but with two key differences, speed and maintenance. Org-Level EDH offers an implementation of EDH that provides data in 10-15 minute intervals with far less configuration and maintenance overhead.

Updated 17 days ago

AWS Event-Driven Harvesting

Overview of InsightCloudSec's Event-Driven Harvesting Using Amazon Web Services

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.