DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

Filters

Suggest Edits

Overview

The Filters section of DivvyCloud is where you find the exploratory tools for surfacing problems of interest among your resources. Filters specify conditions DivvyCloud searches for in identifying matching resources. Reports or actions can then be made on matched resources.

The full list of filters can be accessed via Security --> Filters from the main DivvyCloud navigation.

Accessing Filters

Exploring Filters

DivvyCloud is continually updating its filters toolset in response to cloud providers' newly released capabilities as well as customer requests.

Narrow Your Focus of Filters

The current list of filters can be somewhat overwhelming and we recommend
that you become familiar with them by:

  1. Examining the filters that are relevant to your cloud environments
  2. Focusing on your higher priority resources.
    See the illustration "Viewing Filters by Cloud Environment and/or Resources" below.

Learn About Each Filter

Once you have identified filters of interest, you can learn details, such as description, supported clouds, supported resources, and configuration requirements. You can also view the underlying code to understand how a given filter works.

Working With Filters

Once you have an understanding of what is available, you can take actions, including reporting, using filters. Actions are used with:

  1. Insights ---combining filters + scope + reporting
  2. Bots ---combining filters + scope + action.

In both cases, you will likely combine filters and specify filter configurations to identify only the resources you want to identify.

For example, you might combine these filters:

  1. Resource Is Not Encrypted
  2. Resource Is Exposed To Public
  3. Resource Matches Tag Key/Value Regular Expression.

In addition to matching filters (or combinations of filters), you can also search for resources that fail to match filters. For example, you might specify that a key/value is not equal to environment: public-facing; this would surface S3 buckets with potential unintended data exposure.

Searching for Filters

You can narrow your view of filters using the search bar, scoping filters by supporting clouds or resource type, or by looking at filters from specific versions of DivvyCloud. Custom filters are also included in the full listing and can be access by toggling the "Owner" option at the top of the page.

Show Custom Filters

Using the Search Bar

You can use the search bar to find a specific filter. In the example below, a search is made for all filters that contain the words "access list"; the results appear in list format in the second half of the Filters:Listing page (found under Security in the left-side navigation bar).

Viewing Filters Using Key Words

Using Supporting Clouds or Resource Types

You can further narrow the search by using the Cloud Support and Supported Resources options:

  • For the Cloud Support option, you can search for only those filters supported by selected cloud providers, e.g., Amazon Web Services, Amazon Web Services Gov Cloud, Amazon Web Services China, Google Compute Engine, Microsoft Azure, Kubernetes, and Alicloud.
  • For the Supported Resource option, you can search for only those filters which are supported by the selected resource type , Instance, Volume, etc. A full list of all DivvyCloud's resource types is found here.

In the example below, Amazon Web Services provides 'Cloud Support' and Instance describes the 'Supported Resource' in a search for filters containing 'Public IP'.

Viewing Filters by Cloud Support (AWS) and Supported Resources (Instance)

Using Versions and Toggling Columns

Filters can also be focused using their Release Version. You can also choose which columns should appear in your results. Options here include number of insights with which this filter is associated, number of bots with which this filter is associated, date created, owner, etc.

Using Versions and Toggling Columns

Inspecting Your Filters

To inspect the filters in the results, click on the filter name (in blue). You will see the SQL query associated with this filter:

Viewing the Query for a Selected Filter

Using Filters With Bots

Filters are also used in creating bots.

🚧

Note

The Resource Type you select in Step 2 of bot creation will limit the Filters (Conditions) you can select in Step 3.

In the example below, a resource type of Instance is selected. The filters specifying the *Conditions for the bot are limited to only those filters associated with Instance** as a resource type.

The example below shows the same type of limits on accessible filters when the resource type Network is first selected.

Using Filters to Create a Bot

📘

Learn more about Bots.

Using Filters With Resources

Filters are also found on the Resources page. In the example below, filters are used to further narrow a specific resource type, Instance. The resultant display shows only the Instance resources to which the selected filters can apply.

📘

Learn more about Resources

Using Filters With Resources

Updated 4 months ago

Other Helpful Pages

BotFactory

Filters

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.