Filters
An Overview of How InsightCloudSec Enables Visibility Into Your Cloud Infrastructure
The Filters section of InsightCloudSec is where you find the exploratory tools for surfacing problems of interest among your resources. Filters specify conditions InsightCloudSec searches for in identifying matching resources. Reports or actions can then be made on matched resources.
The full list of filters can be accessed via "Security --> Filters" from the main navigation.
Accessing Filters
Exploring Filters
Filters specify conditions InsightCloudSec searches for in identifying matching resources. They are used in Insights and Bots. Insights combine filters, scope, and reporting. Bots take action based on the output filters, scope, and Insights.
InsightCloudSec Feature Overview
Narrow Your Focus of Filters
InsightCloudSec is continually updating its filters toolset in response to cloud providers' newly released capabilities as well as customer requests. The current list of filters can be somewhat overwhelming and we recommend that you become familiar with them by:
-
Examining the filters that are relevant to your cloud environments.
-
Focusing on your higher priority resources.
You can also combine these two scopes (Cloud Provider and Resource Type) to narrow your filter search even further.
*In the example below we've selected Google Cloud Platform as the CSP and selected the "Container Image" resource, to narrow the scope down to 31 possible filters.
Filter View - Narrowed Scope
Learn About Each Filter
Once you have identified filters of interest, you can learn details, such as description, supported clouds, supported resources, and configuration requirements. You can also view the underlying code to understand how a given filter works.
Working With Filters
Once you have an understanding of what is available, you can take actions, including reporting, using filters. Actions are used with:
1. Insights ---combining filters + scope + reporting
2. Bots ---combining filters + scope + action.
In both cases, you will likely combine filters and specify filter configurations to identify only the resources you want to explore
For example, you might combine these filters:
- Resource Is Not Encrypted
- Resource Is Exposed To Public
- Resource Contains Tag Key and Value Regular Expression
In addition to matching filters (or combinations of filters), you can also search for resources that fail to match filters. For example, you might specify that a key/value is not equal to environment: public-facing; this would surface S3 buckets with potential unintended data exposure.
Searching for Filters
You can narrow your view of filters using the search bar, scoping filters by supporting clouds or resource type, or by looking at filters from specific versions of InsightCloudSec. Custom filters are also included in the full listing and can be access by toggling the "Owner" option at the top of the page.
Show Custom Filters
Using the Search Bar
You can use the search bar to find a specific filter. In the example below, a search is made for all filters that contain the words "access list"; the results appear in list format in the second half of the Filters:Listing page (found under Security in the left-side navigation bar).
Viewing Filters Using Key Words
Using Supporting Clouds or Resource Types
You can further narrow the search by using the "Cloud Support" and "Supported Resources" options:
- For the Cloud Support option, you can search for only those filters supported by selected cloud providers, e.g., Amazon Web Services, Amazon Web Services Gov Cloud, Amazon Web Services China, Google Compute Engine, Microsoft Azure, Kubernetes, and Alicloud.
- For the Supported Resource option, you can search for only those filters which are supported by the selected resource type, Instance, Volume, etc. A full list of all InsightCloudSec resource types is found on the Resource Type Definitions page.
In the example below, Amazon Web Services provides 'Cloud Support' and Instance describes the 'Supported Resource' in a search for filters containing 'Public IP'.
Viewing Filters by Cloud Support (AWS) and Supported Resources (Instance)
Using Versions and Toggling Columns
Filters can also be focused using their Release Version. You can also choose which columns should appear in your results. Options here include number of insights with which this filter is associated, number of bots with which this filter is associated, date created, owner, etc.
Using Versions and Toggling Columns
Inspecting Your Filters
To inspect the filters in the results, click on the filter name (in blue). You will see the SQL query associated with this filter:
Viewing the Query for a Selected Filter
Using Filters With Bots
Filters are also used in the creation of Bots.
- For detailed step by step instructions check out Creating Bots.
- You can also view Working with Bots (Best Practices & Examples) if you want to review some examples
Note
The Resource Type you select in Step 2 of Bot creation will limit the Filters you can select in Step 3.
In the example below, a resource type of Instance is selected. The filters specifying the filters for the Bot are limited to only those associated with Instance as a resource type.
The example below shows the same type of limits on accessible filters when the resource type Network is first selected.
Using Filters to Create a Bot
Using Filters With Resources
Filters are also found on the Resources page. In the example below, filters are used to further narrow a specific resource type, Instance. The resultant display shows only the Instance resources to which the selected filters can apply.
Using Filters With Resources
Updated 8 days ago