Take Me to the Docs!API ReferenceRelease NotesSupport Portal
Contact Us

Exemptions (Insights)

Understanding and Managing Exemption of Resources within Insights

Suggest Edits

InsightCloudSec's exemptions functionality is entirely Insight driven. This capability is configured through the Insights landing page and is also featured on its own landing page within InsightCloudSec under "Security --> Exemptions" for dedicated viewing and managing of those defined exemptions.

1601

Exemptions Landing Page

Exemptions includes enhanced approval logic, expiration functionality, and bulk edit and delete capabilities for exempted resources.

Curating Exemptions

In previous versions, InsightCloudSec offered the ability to exempt resources from Insight findings using the Resource Groups functionality. While this option worked well in certain scenarios, it did not provide a great overall user experience.

One aspect of the previous method of the Resource Group-based exemption management was the ability to curate exemptions on a broader level. Users had the ability to flag resources based on high level criteria like tags and permissions.

With the new functionality, exemptions are entirely Insight driven, however we still provide the curation of exemptions through a Bot action called "Curate Insight/Bot Exemptions."

2486

Bot Action - Curate Insight/Bot Exemptions

This Bot Action allows users to create a Bot that can automatically curate resources for exemption, enabling a more "generic" exemption strategy that operates in a similar capacity to the prior functionality offered by the Resource Group exemption approach.

Refer to our BotFactory documentation for more information on working with Bots and automation.

Prerequisites

Before getting started, ensure you have the following:

  • A functioning InsightCloudSec platform installation with attached Clouds and configured Insights---without this data there's nothing to exempt! - Check out Cloud Account Setup for details on this process if you still need to connect clouds.
  • All InsightCloudSec users can view exemptions; however, to create/edit/delete/enable/disable exemptions, you will need to have Domain Admin or Org Admin permissions.

Creating a New Exemption

To create a new exemption, you can reach the exemption configuration function via two paths within the Insights view.

1. Navigate to "Security --> Insights" on the main sidebar.

2. Click on the name of an Insight to open the details page; then click the vertical three dots to open the actions menu and click “View Results”.

1600

Open Exemptions through the Insight Name - View Results Menu

Or, do the following:

1. Navigate to "Security --> Insights" on the main sidebar.

2. Click on the link to the “Resource Breakdown” for your target Insight.

1445

Open Exemptions through Resource Breakdown

Either of the options above will bring you to a sorted Resources/Insight detail view with the complete list of applicable resources (shown below).

1600

Insight Detail View

From one of the paths outlined above, follow the remaining steps to create an exemption:

3. To specify an exempted resource, select the box to the left of the resource name.

4. Once you have selected the resource(s) you want to exempt, select the “Add Exemption” option to open the “Create Exemption” window.

  • Note: this option (e.g., the icon) does not display if no resources are selected.
1392

Create Exemption Option

📘

Creating Exemptions (Individually or in Multiples)

While you can select multiple resources for exemption, this will simply create a new individual exemption for each resource selected under the original Insight.

Upon creation, these exemptions will have the same creator, exemption owner, approver name, created date, start date, expiration date, and notes. However, they will differ based on their Resource Name and Provider ID.

5. By default, your new Exemption will be set to "Enabled". Provide a “Start Date” for your Exemption.

  • You can create a new exemption and set it to "Disabled".
  • By default, this will be today's date.
  • This can be set to a past, or future date.
454

Create Exemptions Form

6. Set an expiration date for your exemption, or select the “No Expiration Date” option checkbox.

  • If supplied, the expiration date must be later than the start date.

7. Add an Exemption Approver (optional).

  • This field is optional and can be completed using an approver name or an email address. If an email is supplied it must be completed using a valid email address.
  • This field will vary based on the System Settings (e.g. it can be configured as required, and to specifically require an email)

8. Include any Notes (optional).

  • This field can be used for internal reference codes, or other project-specific details.

9. Click “Create” to complete your new exemption.

  • Exemptions are always Enabled by default.

Adding an Exemption through the Compliance Scorecard

In addition to creating an exemption from the Insights view, you can also identify resources for exemption through the Compliance Scorecard.

1. From "Security --> Compliance Scorecard" apply your desired filters.

2. Select any individual "impacted" cell on the heatmap.

1651

Compliance Scorecard - Create an Exemption

3. Click on the target cell to open the associated "Report Card".

4. Check the box next the resource you want to exempt to enable the "Create Exemption" button.

1312

Report Card View to Create Exemption

5. By default, your new Exemption will be set to "Enabled". Provide a “Start Date” for your Exemption.

  • You can create a new exemption and set it to "Disabled".
  • By default, this will be today's date.
  • This can be set to a past, or future date.
454

Create Exemptions Form

6. Set an expiration date for your exemption, or select the “No Expiration Date” option checkbox.

  • If supplied, the expiration date must be later than the start date.

7. Add an Exemption Approver (optional).

  • This field is optional and can be completed using an approver name or an email address. If an email is supplied it must be completed using a valid email address.
  • This field will vary based on the System Settings (e.g. it can be configured as required, and to specifically require an email)

8. Include any Notes (optional).

  • This field can be used for internal reference codes, or other project-specific details.

9. Click “Create” to complete your new exemption.

  • Exemptions are always Enabled by default.

Expiration of Exemptions

By default, exemptions that are within 72 hours of expiration automatically generate a report to notify the creator.

2865

Exemption Report - Sample of Notification of Expiring Exemptions

  • The default 72 hour period can be modified in the System Settings
  • This system check takes place automatically and daily.
  • If an approver is included on the exemption via a valid email address, they will also receive a copy of the report.(Note: if the approver is just text with the person's name and no email, no action takes place.)
  • This feature requires that SMTP is configured. Refer to our documentation on SMTP (Email Notifications).

Exemptions System Settings

Users with appropriate permissions can manage certain properties of Insight Exemptions from "Administration --> System Administration --> System".

By default the Insight Exemptions section of the System settings will be blank. If no settings are specified here, exemptions that are within 72 hours of expiration automatically generate a report to notify the creator. Changes implemented in System Settings supersede these defaults.

From this System tab - Insight Exemptions settings allow a user with the appropriate permissions to define requirements around the following:

  • "Exemption Notification Day" - This is the number of days before the expiration of an exemption will trigger an email.

    • For example, when set to "3", the specified approver will receive an email 3 days before the expiration of the exemption, notifying them of the upcoming expiration.
    • This feature requires that SMTP is configured. Refer to our documentation on SMTP (Email Notifications).

  • "Require Approver" - When checked/enabled requires an approver for all exemptions.

  • "Require Approver Email" - When checked/enabled requires the approver field to be populated with a valid email address (by default this field can support text or email).

1290

Manage Insight Exemptions

Viewing Exemptions

To view the full list of Insight-driven exemptions associated with an Organization, select "Security → Exemptions" from the main navigation.

1601

Exemptions Landing Page

To explore exemptions you can use a number of search and filtering capabilities.

Display Options

The top of the page includes several options to explore the full list of exemptions in greater detail.

  • Search - will search most of the common text attributes available
    • It can also be applied as an additional filter on a selected Insight Pack or Badge filter to further refine your displayed results
  • Filters - this drop-down menu includes two options, Insight Pack and/or Badges
    • Insight Pack - enables the selection of any Insight Pack, both out-of-the-box (e.g. Compliance Pack) or Custom Packs (user-created)
    • Badges - enables the selection of Badges and will filter based on specified Badge, including the option to select and filter based on multiple badges via the "Must have all selected badges" checkbox.
  • Pagination Controls - will modify the number of displayed results and enable the user to page through the filtered results

After selecting Filters, results display as individual line items (example below includes a single Insight Pack, and an additional filter using "aws" as the search term)

1398

Exemptions Filter Displayed Results

Exemption Fields

The fields associated with each individual exemption that display in the filtered output are as follows:

  • Status - Currently either "Enabled" or "Disabled" (designated by a greyed-out line)
  • Provider ID - a unique identifier imported from the target CSP
  • Resource Name - this field is typically populated through a user-provided value (it may also be blank); the value is not required
  • Insight - The name of the Insight you used to create the exemption (e.g., Cloud Account Without Root Account MFA Protection)
  • Insight Severity - The color-coded severity of the specified Insight (e.g., Minor, Major, Severe, Critical)
  • Resource Type - The type of resource (e.g., Instance, Storage Container, etc.)
  • Account - associated Cloud account name
  • Account ID - associated Cloud account ID
  • Cloud- specific cloud provider (e.g., AWS) that applies to this resource
  • Creator - the user specified as the creator (determined by who was logged in when the exemption was created)
  • Bot - the name of the Bot that created the exemption (if applicable)
  • Approver - the (optional) name or email of the approver
  • Date Created - date the exemption was created
  • Start Date - date the exemption is configured to start (can be before/after the creation date)
  • Expiration Date - date the exemption was set to expire
  • Notes - any optionally included notes

Download Exemption Details

On the Exemptions page, click the "Download All (CSV)" to download all Exemptions in the list as a CSV file, with each column representing a field in the file, i.e. Status, Provider ID, Resource Name, etc.

  • This means that all Exemptions will be included in the file regardless of the currently applied filter/search.

Modifying & Deleting Exemptions

Bulk Edit & Delete

Users have the ability to bulk edit or delete exemptions. To delete exemptions in bulk, do the following from the Exemptions landing page:

Bulk Delete
1. Clicking on the "top checkbox" will select ALL of the items on the selected page (e.g., 20, or up to 200) and provide a total count. Note that you cannot select items across more than a single page.

  • In addition, you have the option of selecting ALL of the items by clicking on the blue text to the right of the "All items on this page are selected" text.
  • Alternatively, users can select multiple exemptions individually by clicking the box next to each exemption.

2. Click the "Actions" button to expand the actions menu.

  • This button appears when one or more exemptions is selected.
  • Note: Click "Download Selected" to only download the selected Exemptions as a CSV file.

3. Click "Delete" to delete the selected exemptions.

1401

Exemptions - Bulk Delete

Bulk Edit
1. Clicking on the "top checkbox" selects ALL of the items on the page (e.g., 20, or up to 200) and provide a total count. Note that you cannot select items across more than a single page.

  • In addition, you have the option of selecting ALL of the items by clicking on the text to the right of the "All items on this page are selected" text.
  • Alternatively, users can select multiple exemptions individually by clicking the box next to each exemption.

2. Click the "Actions" button to expand the actions menu.

  • This button appears when one or more exemptions is selected.
  • Note: Click "Download Selected" to only download the selected Exemptions as a CSV file.

3. Click the "Edit" button to open the "Edit Exemptions" form.

460

Exemptions - Bulk Edit

4. Modify as desired by selecting the checkbox next to each field you wish to edit. This includes:

  • Change State of Exemptions
  • Start Date
  • Expiration Date
  • Approver Email
  • Notes

5. Click "Save" to complete the bulk edit.

Modify/Disable an Individual Exemption

Locate the exemption you want to modify (using Search or any of the filtering options), then click the actions/context menu. From there you can:

  • Edit or delete the individual exception
  • Go to the Insight the exemption is part of
  • View resource details
  • Download a CSV file containing the individual exemption
1380

Edit an Exemption

Updated 8 months ago