Welcome to DivvyCloud! This document provides a high level overview of the functionality and features included in the DivvyCloud platform. These topics are presented in a roughly sequential order to represent the steps you'd follow from installation to feature exploration.
Before you get started with you may find it helpful to review the following:
- Product Architecture - details on our Product Architecture and workflow
- An introduction to our Deployment Methods
- Glossary - terminology associated with our product and its features.
In addition, check out the videos available on our website's Demo Center.
The phases summarized on this page appear in roughly sequential order, and include:
- Deployment Recommendations
- Adding Cloud Accounts
- Harvesting & Normalizing Your Data
- Additional Features & Capabilities
We provide an overview of what's involved for each category and links to the specific documentation for each area.
Use the right-hand side of this page for sub-navigation to skip between sections.
Before you start the deployment/installation process you will want to ensure that you have a good understanding of your environment (e.g., your operating system) as well as your overall cloud footprint (e.g., approximate number of cloud accounts--many? just a few?) so that you can choose the most appropriate installation for your needs.
After installing DivvyCloud, you will need to connect the platform by adding your cloud accounts. You will be able to choose from several cloud service providers, including:
Supported Cloud Providers
Amazon Web Services
Amazon Web Services China
Amazon Web Services Gov Cloud
Google Cloud Platform (GCP)
Microsoft Azure Government
Oracle Cloud Infrastructure (OCI)
Can't Find Your Cloud Service Provider?
If you don't see your cloud provider on the list above, email us at [email protected] to discuss our Product Roadmap.
After you have added your first cloud account, DivvyCloud will start to harvest that cloud account and normalize the data.
What do we mean by harvesting?
Harvesting is simply our term for how we collect data, or the process of connecting with your clouds and pulling in the data stored there. DivvyCloud provides a suggested harvesting schedule but also includes the flexibility to adjust your harvesting strategy based on your organizational needs.
What do we mean by normalizing?
Normalizing the data means that we ingest and identify any resource that is part of your cloud with standard vernacular in simple categories regardless of provider.
Normalizing is a key part of DivvyCloud; it allows you to view the data from all of your different cloud accounts through a "single pane of glass". Whether your infrastructure is are hosted through Amazon Web Services, Google Cloud Platform, or Microsoft Azure, some combination of these or others, DivvyCloud allows you to work with all of them in a uniform and consistent way.
As DivvyCloud harvests and normalizes data from your cloud accounts, you will start to see the resources, virtual services, utilities, or functions that make up your clouds displayed in the resource section of DivvyCloud. This section provides visibility into your cloud footprint and allows you to drill down and inspect specific resources, including compute, containers, storage, identity and management, and network resources.
Learn more about Resources.
Once you can view your cloud accounts' resources within DivvyCloud, you can gain a better understanding of them using insights. Insights provide visibility in to specific behaviors, characteristics, or elements of a cloud resource or resources. Insights
- DivvyCloud Individual Insights (a library of over 200)
- Custom Insights (create your own)
- DivvyCloud Compliance Packs (Insights gathered for over a dozen compliance standards including HIPAA, PCI DSS, CIS, and more)
- Custom Packs (created packs of multiple Insights designed by your organization)
Visit the following section to learn more about Insights.
With a better understanding of your resources through Insights, you can now take action on those Insights using Bots.
Bots are automated programs comprised of a scope, filter(s), and an action or actions that allow you to take action on your Insights. For example, you can use a Bot to send an email notification containing relevant information about a specific resource based on characteristic, status, or event defined within an Insight. Bots can delete a non-compliant resource or start/stop an instance.
Here are a couple of Bot examples:
Bot Example #1
Insight: Storage Container Exposing Access to the World
This bot matches any storage container flagged as public due to its permissions and/or bucket policy. It is user-defined based on the type of permissions you are searching. This works with all clouds.
Filter Name: Storage Container Exposing Specific Permissions
Match any storage container that has one or more permissions which are open to the world (All Users). You can select more than one permission on which to filter, e.g., 'Full Control', 'Read', 'Write', etc.
Bot Example #2
Insight: Instance Exposing SSH to World
This bot identifies instances with security groups that have SSH (port 22) open to the world, i.e., 0.0.0.0/0. As an instance can reside in multiple security groups, this bot automates the examination of all attached security groups to discover public access in any one group. This bot works with Amazon Web Services (AWS), Azure, and GCP.
Filter Name: Instance Exposing Public SSH
Identify instances with an attached security group that exposes SSH access to the world (0.0.0.0/0).
Both Insights and Bots are extremely powerful, complex, and flexible features within DivvyCloud. After setting up a Bot, and it successfully takes action, you can review the results by navigating to the BotFactory and selecting the Bot of interest from the listing.
Learn more Bots, and reviewing your results here.
DivvyCloud includes dozens of features and many capabilities for fine tuning your workflow. Some of those include:
You can organize your resources into Resource Groups for creating custom reports or taking custom Bot actions.
The Tag Explorer allows you to view and explore resource tags within your cloud accounts.
Badges allow you to identify your cloud accounts with key-value pairs of cloud account metadata. You can create and use Badges to narrow the focus of actions taken on resources or to fine-tune your reporting.
DivvyCloud includes over 1000 Filters which can be used throughout the platform to fine-tune your work with resources, Insights, or Bots. In addition, you can create your own unique filters for narrowing and refining searches, actions, or reporting.
Here you can see an event overview of scheduled actions (e.g., starting and stopping instances, creating or deleting tags) that Bots will take against your resources.
DivvyCloud provides more than a dozen out-of-the-box Compliance Packs (or collections Insights) to ensure your cloud footprint is compliant with the latest industry regulations and policies.
DivvyCloud provides Integrations with external systems for handling various actions, such as data aggregation and collection, notifications, and ticketing. These integrations include Slack, ServiceNow, Jira, Jinja2, and others.
Finally, for configuration and administration review our information on the following topics.
Identity Management provides an interface for managing admins, users, and permissions.
Upgrade to the latest DivvyCloud version.
Updated 3 months ago