Example Plugin Installation

This example plugin captured in these instructions as an example allows the harvesting of AWS X-Ray Encryption Configuration Types and provides a custom filter for AWS regions. If you have questions or issues with this example reach out to us through the Customer Support Portal.

Permissions

Your plugin may require you to adjust your policy to add required permissions.

• The example plugin on the page requires xray:GetEncryptionConfig permissions.

🚧

Deprecated Content

Beginning with 22.4.7 (release date August 24, 2022) usage of DivvyDbObjects within plugins is deprecated. You will need to switch to DbObjects instead for any applicable configurations, as DivvyDbObjects will be removed in a future release.

Steps to Complete (on the server Running InsightCloudSec)

📘

Value Names (DivvyCloud vs. InsightCloudSec)

Some components, screen captures, examples, and values use our former product name (DivvyCloud vs. InsightCloudSec). Updates to the naming of these components will be communicated when changes are made, but note that the name difference does not affect functionality within the product.

1. Log into the instance running InsightCloudSec.

2. Change directory into the plugins folder in the InsightCloudSec directory:
cd ../../divvycloud/plugins

3. Clone the following git repo:
sudo git clone https://github.com/DivvyCloud/AWS-Xray-Harvester.git

4. Return to the root InsightCloudSec folder:
cd ../

5. Restart InsightCloudSec:
sudo docker-compose down && sudo docker-compose up -d

Steps to Complete in the InsightCloudSec Platform

1. Verify that the plugin is loaded correctly by accessing the Plugins page (under "Settings (cog icon) --> Plugins" from the main navigation)

2. Verify that the plugin "AWS X-Ray Encryption Configuration" is listed and enabled; there will be a green-circled check in the "Enabled" column.

3. On the listing for your plugin, click on the "Admin" sub-menu and select "Manage Plugin".

4. Verify that the "Load Status" section of the page shows all green-circled checks.

5. To test your Plugin, from "Inventory --> Resources" open "Identify Management" and select "Cloud Region".

6. Select Query Filters (upper right-hand corner)

• Search for and select "X-Ray Encryption Config Types".

7. Select "Default" or "KMS", depending on how your resource is configured.

8. View the Query Filter results under "Resources--> Identity & Management --> Cloud Region."

Possible Next Steps

From here, you may wish to create a Bot that notes when XRay has been set up by someone not authorized to do so. The steps to create this Bot are as follows:

1. Open "Automation --> BotFactory" and click "Create Bot". This will launch the process that enables you to create a new Bot.

2. Scope your Bot to "Cloud Region" and an AWS account; Select Next.

3. Under Query Filters select the X-Ray Encryption Config Types in Conditions and choose "Default". Select "Next".

3. Select "Send Slack Message" in Actions

• Select "Next".

• Choose a schedule for when your Bot should run, then select "Save".
• View the results in Slack to confirm.

Warnings (UI)

For users with configured Plugins, the landing page UI (available under the Setting (cog icon) --> Plugins) will now display warnings emitted during plugin loading.

Warnings appear as a yellow hazard icon on the list page (example shown below).

Individual plugins now provide a section containing the actual warnings on the "Manage Plugin" page, which is accessible for each plugin through the Admin options menu (shown below).