Overview

The Filters section of InsightCloudSec is where you find the exploratory tools for surfacing problems of interest among your resources. Filters specify conditions InsightCloudSec searches for in identifying matching resources. Reports or actions can then be made on matched resources.

The full list of filters can be accessed via "Security --> Filters" from the main navigation.

Exploring Filters

Filters specify conditions InsightCloudSec searches for in identifying matching resources. They are used in Insights and Bots. Insights combine filters, scope, and reporting. Bots take action based on the output filters, scope, and Insights.

Narrow Your Focus of Filters

InsightCloudSec is continually updating its filters toolset in response to cloud providers' newly released capabilities as well as customer requests. The current list of filters can be somewhat overwhelming and we recommend that you become familiar with them by:

• Examining the filters that are relevant to your cloud environments.

• Focusing on your higher priority resources.

You can also combine these two scopes (Cloud Provider and Resource Type) to narrow your filter search even further.

*In the example below we've selected Google Cloud Platform as the CSP and selected the "Container Image" resource, to narrow the scope down to 31 possible filters.

Learn About Each Filter

Once you have identified filters of interest, you can learn details, such as description, supported clouds, supported resources, and configuration requirements. You can also view the underlying code to understand how a given filter works.

Working With Filters

Once you have an understanding of what is available, you can take actions, including reporting, using filters. Actions are used with:

1. Insights ---combining filters + scope + reporting

2. Bots ---combining filters + scope + action.

In both cases, you will likely combine filters and specify filter configurations to identify only the resources you want to explore

For example, you might combine these filters:

• Resource Is Not Encrypted
• Resource Is Exposed To Public
• Resource Matches Tag Key/Value Regular Expression.

In addition to matching filters (or combinations of filters), you can also search for resources that fail to match filters. For example, you might specify that a key/value is not equal to environment: public-facing; this would surface S3 buckets with potential unintended data exposure.

Searching for Filters

You can narrow your view of filters using the search bar, scoping filters by supporting clouds or resource type, or by looking at filters from specific versions of InsightCloudSec. Custom filters are also included in the full listing and can be access by toggling the "Owner" option at the top of the page.

Using the Search Bar

You can use the search bar to find a specific filter. In the example below, a search is made for all filters that contain the words "access list"; the results appear in list format in the second half of the Filters:Listing page (found under Security in the left-side navigation bar).

Using Supporting Clouds or Resource Types

You can further narrow the search by using the "Cloud Support" and "Supported Resources" options:

• For the Cloud Support option, you can search for only those filters supported by selected cloud providers, e.g., Amazon Web Services, Amazon Web Services Gov Cloud, Amazon Web Services China, Google Compute Engine, Microsoft Azure, Kubernetes, and Alicloud.
• For the Supported Resource option, you can search for only those filters which are supported by the selected resource type, Instance, Volume, etc. A full list of all InsightCloudSec resource types is found on the Resource Type Definitions page.

In the example below, Amazon Web Services provides 'Cloud Support' and Instance describes the 'Supported Resource' in a search for filters containing 'Public IP'.

Using Versions and Toggling Columns

Filters can also be focused using their Release Version. You can also choose which columns should appear in your results. Options here include number of insights with which this filter is associated, number of bots with which this filter is associated, date created, owner, etc.

Inspecting Your Filters

To inspect the filters in the results, click on the filter name (in blue). You will see the SQL query associated with this filter:

Using Filters With Bots

Filters are also used in the creation of Bots.

• For detailed step by step instructions check out Creating Bots.
• You can also view Working with Bots (Best Practices & Examples) if you want to review some examples

🚧

Note

The Resource Type you select in Step 2 of Bot creation will limit the Filters you can select in Step 3.

In the example below, a resource type of Instance is selected. The filters specifying the filters for the Bot are limited to only those associated with Instance as a resource type.

The example below shows the same type of limits on accessible filters when the resource type Network is first selected.

Using Filters With Resources

Filters are also found on the Resources page. In the example below, filters are used to further narrow a specific resource type, Instance. The resultant display shows only the Instance resources to which the selected filters can apply.