DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

Getting Started Guide

Overview

Welcome to DivvyCloud! This document provides a high level overview of the functionality and features included in the DivvyCloud platform. These topics are presented in a roughly sequential order to represent the steps you'd follow from installation to feature exploration.

Before you get started with you may find it helpful to review the following:

In addition, check out the videos available on our website's Demo Center.

The phases summarized on this page appear in roughly sequential order, and include:

  • Deployment Recommendations
  • Adding Cloud Accounts
  • Harvesting & Normalizing Your Data
  • Resources
  • Insights
  • Bots
  • Additional Features & Capabilities
  • Administration

We provide an overview of what's involved for each category and links to the specific documentation for each area.

Use the right-hand side of this page for sub-navigation to skip between sections.

Deployment

Under Deployment Methods we talk about the methods of deployment.
Before you start the deployment/installation process you will want to ensure that you have a good understanding of your environment (e.g., your operating system) as well as your overall cloud footprint (e.g., approximate number of cloud accounts--many? just a few?) so that you can choose the most appropriate installation for your needs.

Interested in trying us out, reach out to support and take a look at our Test Drive Deployments options.

Adding Cloud Accounts

After installing DivvyCloud, you will need to connect the platform by adding your cloud accounts. You will be able to choose from several cloud service providers, including:

Supported Cloud Providers

Amazon Web Services

Amazon Web Services China

Amazon Web Services Gov Cloud

Google Cloud Platform

Microsoft Azure

Microsoft Azure Government

Kubernetes

Alibaba Cloud

📘

Can't Find Your Cloud Service Provider?

If you don't see your cloud provider on the list above, email us at [email protected] to discuss our Product Roadmap.

Harvesting & Normalizing Your Data

After you have added your first cloud account, DivvyCloud will start to harvest that cloud account and normalize the data.

What do we mean by harvesting?
Harvesting is simply our term for how we collect data, or the process of connecting with your clouds and pulling in the data stored there. DivvyCloud provides a suggested harvesting schedule but also includes the flexibility to adjust your harvesting strategy based on your organizational needs.

What do we mean by normalizing?
Normalizing the data means that we ingest and identify any resource that is part of your cloud with standard vernacular in simple categories regardless of provider.

Normalizing is a key part of DivvyCloud; it allows you to view the data from all of your different cloud accounts through a "single pane of glass". Whether your infrastructure is are hosted through Amazon Web Services, Google Cloud Platform, or Microsoft Azure, some combination of these or others, DivvyCloud allows you to work with all of them in a uniform and consistent way.

Resources - Cloud Footprint Visibility

As DivvyCloud harvests and normalizes data from your cloud accounts, you will start to see the resources, virtual services, utilities, or functions that make up your clouds displayed in the resource section of DivvyCloud. This section provides visibility into your cloud footprint and allows you to drill down and inspect specific resources, including compute, containers, storage, identity and management, and network resources.

Learn more about Resources.

Insights - Understanding Your Cloud Footprint

Once you can view your cloud accounts' resources within DivvyCloud, you can gain a better understanding of them using insights. Insights provide visibility in to specific behaviors, characteristics, or elements of a cloud resource or resources. Insights

  • DivvyCloud Individual Insights (a library of over 200)
  • Custom Insights (create your own)
  • DivvyCloud Compliance Packs (Insights gathered for over a dozen compliance standards including HIPAA, PCI DSS, CIS, and more)
  • Custom Packs (created packs of multiple Insights designed by your organization)

Visit the following section to learn more about Insights.

Bots - Taking Action on the Data

With a better understanding of your resources through Insights, you can now take action on those Insights using Bots.

Bots are automated programs comprised of a scope, filter(s), and an action or actions that allow you to take action on your Insights. For example, you can use a Bot to send an email notification containing relevant information about a specific resource based on characteristic, status, or event defined within an Insight. Bots can delete a non-compliant resource or start/stop an instance.

Here are a couple of Bot examples:

Bot Example #1

Insight: Storage Container Exposing Access to the World

This bot matches any storage container flagged as public due to its permissions and/or bucket policy. It is user-defined based on the type of permissions you are searching. This works with all clouds.

Filter Name: Storage Container Exposing Specific Permissions

Match any storage container that has one or more permissions which are open to the world (All Users). You can select more than one permission on which to filter, e.g., 'Full Control', 'Read', 'Write', etc.

Recommended Actions

  1. Mark Resource Noncompliant: Flag the resource in a noncompliance report.
  2. Send Email/Slack Notification: Notify operations/security team of the permissive rule.
  3. Cleanup Exposed Storage Container: Remove permissions from storage containers open to the world.

Bot Example #2

Insight: Instance Exposing SSH to World

This bot identifies instances with security groups that have SSH (port 22) open to the world, i.e., 0.0.0.0/0. As an instance can reside in multiple security groups, this bot automates the examination of all attached security groups to discover public access in any one group. This bot works with Amazon Web Services (AWS), Azure, and GCP.

Filter Name: Instance Exposing Public SSH

Identify instances with an attached security group that exposes SSH access to the world (0.0.0.0/0).

Recommended Actions

  1. Mark Resource Noncompliant: Flag the resource in a noncompliance report.
  2. Send Email/Slack Notification: Notify operations/security team of the permissive rule.
  3. Create instance snapshot.
  4. Schedule deletion.

Both Insights and Bots are extremely powerful, complex, and flexible features within DivvyCloud. After setting up a Bot, and it successfully takes action, you can review the results by navigating to the BotFactory and selecting the Bot of interest from the listing.

Learn more Bots, and reviewing your results here.

📘

Need More Examples?

If you have specific goals or use cases related to automation, or you want to explore capabilities that you're not sure how to implement we're happy to help. Reach out to [email protected]

Additional Features & Capabilities

DivvyCloud includes dozens of features and many capabilities for fine tuning your workflow. Some of those include:

Resource Groups

You can organize your resources into Resource Groups for creating custom reports or taking custom Bot actions.

Tag Explorer and Tags

The Tag Explorer allows you to view and explore resource tags within your cloud accounts.

Badges

Badges allow you to identify your cloud accounts with key-value pairs of cloud account metadata. You can create and use Badges to narrow the focus of actions taken on resources or to fine-tune your reporting.

Filters

DivvyCloud includes over 1000 Filters which can be used throughout the platform to fine-tune your work with resources, Insights, or Bots. In addition, you can create your own unique filters for narrowing and refining searches, actions, or reporting.

Scheduled Events

Here you can see an event overview of scheduled actions (e.g., starting and stopping instances, creating or deleting tags) that Bots will take against your resources.

Compliance

DivvyCloud provides more than a dozen out-of-the-box Compliance Packs (or collections Insights) to ensure your cloud footprint is compliant with the latest industry regulations and policies.

Integrations

DivvyCloud provides Integrations with external systems for handling various actions, such as data aggregation and collection, notifications, and ticketing. These integrations include Slack, ServiceNow, Jira, Jinja2, and others.

Administration

Finally, for configuration and administration review our information on the following topics.

Identity Management

Identity Management provides an interface for managing admins, users, and permissions.

System Administration

Set up an SMTP/email server, manage organizations, and other system administration functions.

Upgrades

Upgrade to the latest DivvyCloud version.

Updated about a month ago


Getting Started Guide


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.