Example Plugin Installation

This example plugin captured in these instructions as an example allows the harvesting of AWS X-Ray Encryption Configuration Types and provides a custom filter for AWS regions. If you have questions or issues with this example reach out to us through the Customer Support Portal.

Permissions

Your plugin may require you to adjust your policy to add required permissions.

  • The example plugin on the page requires xray:GetEncryptionConfig permissions.

Deprecated Content

Usage of DivvyDbObjects within plugins is deprecated. You will need to switch to DbObjects instead for any applicable configurations as DivvyDbObjects will be removed in a future release.

Steps to Complete (on the server Running InsightCloudSec)

Product name to be replaced

You may observe that some components, screen captures, or examples use our former product name, DivvyCloud. This doesn't affect the configuration or the product's functionality, and we will notify you as we replace these component names.

  1. Log into the instance running InsightCloudSec.
  2. Change directory into the plugins folder in the InsightCloudSec directory: cd ../../divvycloud/plugins
  3. Clone the following git repo: sudo git clone https://github.com/DivvyCloud/AWS-Xray-Harvester.git
  4. Return to the root InsightCloudSec folder: cd ../
  5. Restart InsightCloudSec: sudo docker-compose down && sudo docker-compose up -d

Steps to Complete in the InsightCloudSec Platform

  1. Verify that the plugin is loaded correctly by accessing the Plugins page (under Settings (cog icon) > Plugins from the main navigation)
  2. Verify that the plugin AWS X-Ray Encryption Configuration is listed and enabled; there will be a green-circled check in the Enabled column.
  3. On the listing for your plugin, click the Admin sub-menu and select Manage Plugin.
  4. Verify that the Load Status section of the page shows all green-circled checks.
  5. To test your Plugin, from Inventory > Resources, open Identify Management and select Cloud Region.
  6. Select Query Filters (upper right-hand corner)
    • Search for and select X-Ray Encryption Config Types.
  7. Select Default or KMS, depending on how your resource is configured.
  8. View the Query Filter results under Resources > Identity & Management > Cloud Region.

Possible Next Steps

From here, you may wish to create a Bot that notes when X-Ray has been set up by someone not authorized to do so. The steps to create this Bot are as follows:

  1. Open Automation > BotFactory and click Create Bot. This will launch the process that enables you to create a new Bot.
  2. Scope your Bot to Cloud Region and an AWS account; select Next.
  3. Under Query Filters select the X-Ray Encryption Config Types in Conditions and choose Default. Select Next.
  4. Select Send Slack Message in Actions
    • Select Next.
    • Choose a schedule for when your Bot should run, then select Save.
    • View the results in Slack to confirm.

Warnings (UI)

For users with configured Plugins, the landing page UI (available under the Setting (cog icon) > Plugins) will now display warnings emitted during plugin loading. Warnings appear as a yellow hazard icon. Individual plugins now provide a section containing the actual warnings on the Manage Plugin page, which is accessible for each plugin through the Admin options menu (shown below).