InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Filters

An Overview of How InsightCloudSec Enables Visibility Into Your Cloud Infrastructure

Overview

The Filters section of InsightCloudSec is where you find the exploratory tools for surfacing problems of interest among your resources. Filters specify conditions InsightCloudSec searches for in identifying matching resources. Reports or actions can then be made on matched resources.

The full list of filters can be accessed via "Security --> Filters" from the main navigation.

Accessing FiltersAccessing Filters

Accessing Filters

Exploring Filters

Filters specify conditions InsightCloudSec searches for in identifying matching resources. They are used in Insights and Bots. Insights combine filters, scope, and reporting. Bots take action based on the output filters, scope, and Insights.

InsightCloudSec Feature OverviewInsightCloudSec Feature Overview

InsightCloudSec Feature Overview

Narrow Your Focus of Filters

InsightCloudSec is continually updating its filters toolset in response to cloud providers' newly released capabilities as well as customer requests. The current list of filters can be somewhat overwhelming and we recommend that you become familiar with them by:

  • Examining the filters that are relevant to your cloud environments.

  • Focusing on your higher priority resources.

You can also combine these two scopes (Cloud Provider and Resource Type) to narrow your filter search even further.

*In the example below we've selected Google Cloud Platform as the CSP and selected the "Container Image" resource, to narrow the scope down to 31 possible filters.

Filter View - Narrowed ScopeFilter View - Narrowed Scope

Filter View - Narrowed Scope

Learn About Each Filter

Once you have identified filters of interest, you can learn details, such as description, supported clouds, supported resources, and configuration requirements. You can also view the underlying code to understand how a given filter works.

Working With Filters

Once you have an understanding of what is available, you can take actions, including reporting, using filters. Actions are used with:

1. Insights ---combining filters + scope + reporting

2. Bots ---combining filters + scope + action.

In both cases, you will likely combine filters and specify filter configurations to identify only the resources you want to explore

For example, you might combine these filters:

  • Resource Is Not Encrypted
  • Resource Is Exposed To Public
  • Resource Matches Tag Key/Value Regular Expression.

In addition to matching filters (or combinations of filters), you can also search for resources that fail to match filters. For example, you might specify that a key/value is not equal to environment: public-facing; this would surface S3 buckets with potential unintended data exposure.

Searching for Filters

You can narrow your view of filters using the search bar, scoping filters by supporting clouds or resource type, or by looking at filters from specific versions of InsightCloudSec. Custom filters are also included in the full listing and can be access by toggling the "Owner" option at the top of the page.

Show Custom FiltersShow Custom Filters

Show Custom Filters

Using the Search Bar

You can use the search bar to find a specific filter. In the example below, a search is made for all filters that contain the words "access list"; the results appear in list format in the second half of the Filters:Listing page (found under Security in the left-side navigation bar).

Viewing Filters Using Key WordsViewing Filters Using Key Words

Viewing Filters Using Key Words

Using Supporting Clouds or Resource Types

You can further narrow the search by using the "Cloud Support" and "Supported Resources" options:

  • For the Cloud Support option, you can search for only those filters supported by selected cloud providers, e.g., Amazon Web Services, Amazon Web Services Gov Cloud, Amazon Web Services China, Google Compute Engine, Microsoft Azure, Kubernetes, and Alicloud.
  • For the Supported Resource option, you can search for only those filters which are supported by the selected resource type, Instance, Volume, etc. A full list of all InsightCloudSec resource types is found on the Resource Type Definitions page.

In the example below, Amazon Web Services provides 'Cloud Support' and Instance describes the 'Supported Resource' in a search for filters containing 'Public IP'.

Viewing Filters by Cloud Support (AWS) and Supported Resources (Instance)Viewing Filters by Cloud Support (AWS) and Supported Resources (Instance)

Viewing Filters by Cloud Support (AWS) and Supported Resources (Instance)

Using Versions and Toggling Columns

Filters can also be focused using their Release Version. You can also choose which columns should appear in your results. Options here include number of insights with which this filter is associated, number of bots with which this filter is associated, date created, owner, etc.

Using Versions and Toggling ColumnsUsing Versions and Toggling Columns

Using Versions and Toggling Columns

Inspecting Your Filters

To inspect the filters in the results, click on the filter name (in blue). You will see the SQL query associated with this filter:

Viewing the Query for a Selected FilterViewing the Query for a Selected Filter

Viewing the Query for a Selected Filter

Using Filters With Bots

Filters are also used in the creation of Bots.

🚧

Note

The Resource Type you select in Step 2 of Bot creation will limit the Filters you can select in Step 3.

In the example below, a resource type of Instance is selected. The filters specifying the filters for the Bot are limited to only those associated with Instance as a resource type.

The example below shows the same type of limits on accessible filters when the resource type Network is first selected.

Using Filters to Create a BotUsing Filters to Create a Bot

Using Filters to Create a Bot

Using Filters With Resources

Filters are also found on the Resources page. In the example below, filters are used to further narrow a specific resource type, Instance. The resultant display shows only the Instance resources to which the selected filters can apply.

Using Filters With ResourcesUsing Filters With Resources

Using Filters With Resources

Updated 27 days ago

Filters


An Overview of How InsightCloudSec Enables Visibility Into Your Cloud Infrastructure

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.