InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

SaaS/Hosted Customers - Getting Started Guide

Details for InsightCloudSec Hosted Customers (or Prospects) on How to Get Started with InsightCloudSec

đź‘Ť

Rebranding In Progress

Rebranding for DivvyCloud, now InsightCloudSec is ongoing. Logos, URLs, text, and images may reference either InsightCloudSec or DivvyCloud.

The most important thing to note is that the product functionality has remained the same. If you have any questions or concerns reach out to [email protected].

This pages provides a high-level overview of the functionality and features included in the InsightCloudSec platform. These topics are presented in a roughly sequential order to represent the steps you'd follow after you have a functioning InsightCloudSec platform installation.

This page assumes that you are one of our hosted or SaaS customers, meaning that InsightCloudSec handles the deployment, maintenance, and upgrade of your platform environment.

If you're new to our platform you may find it helpful to review:

What You'll Find Here

Each heading below (accessible through the in-page navigation on the right) includes a high-level summary of what this step of the process entails, including links to additional detailed documentation for that part of the process.

  • Deployment for hosted/SaaS customers is managed by InsightCloudSec. In some scenarios our deployment team may have already assisted with connecting your cloud accounts and establishing your harvest strategy. If your organization has chosen to manage these elements on their own, check out the summaries on: Adding Cloud Accounts, and Harvesting.
  • Once you have a functional deployment (with connected cloud accounts and harvesting) you'll want to check out: Resources, Insights, and Bots
  • If you want to dive a bit deeper into the configuration capabilities we have, definitely check out all of the things under Additional Configurations
  • And finally in addition to the main product features InsightCloudSec includes some Advanced Features

Adding Cloud Accounts - Connecting Your Clouds to InsightCloudSec

After installing InsightCloudSec you will need to connect the platform to your cloud account(s). Our supported Cloud Service Providers (CSPs) include AWS, Azure, GCP, and more (read the full list here.

Large Cloud Accounts

For organizations with multiple cloud accounts or larger footprints across multiple Cloud Service Providers (CSP), we recommend taking advantage of our support of AWS, Azure, and GCP Organization capabilities. For AliCloud, Oracle, and other providers or scenarios, reach out to us for the best options to get your clouds connected.

Individual Cloud Accounts

For users looking to connect cloud accounts individually or to add a cloud account to an existing InsightCloudSec platform, we recommend the Cloud Account Setup process.

  • Check out Clouds to learn more about viewing your cloud details once they're connected.
  • Refer to individual sections for additional configuration details around individual CSPs

Harvesting - Bring Data into InsightCloudSec

After connecting your cloud account(s), InsightCloudSec will start the process to collect or harvest that cloud account and normalize the data.

What do we mean by harvesting?
Harvesting is simply our term for how we collect data, or the process of connecting with your clouds and pulling in the data stored there. InsightCloudSec provides a suggested harvesting schedule but also includes the flexibility to adjust your harvesting strategy based on your organizational needs.

What do we mean by normalizing?
Normalizing the data means that we ingest and identify any resource that is part of your cloud with standard vernacular in simple categories regardless of provider.

Normalizing is a key part of InsightCloudSec; it allows you to view the data from all of your different cloud accounts through a "single pane of glass" via our Resources feature.

Resources - Cloud Footprint Visibility

After InsightCloudSec harvests and normalizes data from your cloud accounts, you will start to see the resources, virtual services, utilities, or functions that make up your clouds displayed in the resource section of InsightCloudSec. This section provides visibility into your cloud footprint and allows you to drill down and inspect specific resources.

Learn more about Resources and Resource Terminology.

Insights - Understanding Your Cloud Footprint

Once you can view your cloud accounts' resources within InsightCloudSec, you can gain a better understanding of them using Insights. Insights use Filters to help provide visibility in to specific behaviors, characteristics, or elements of a cloud resource or resources.

  • InsightCloudSec includes out-of-the-box Insights (a library of over 300)
  • Custom Insights (create your own)
  • Compliance Packs are Insights gathered for over a dozen compliance standards including HIPAA, PCI DSS, CIS, and more)
  • Custom Packs are created packs of multiple Insights designed by your organization)

Visit the Insights documentation to learn more.

Bots - Taking Action on the Data

With a better understanding of your resources through Insights, you can take action on those Insights using Bots. Both Insights and Bots are extremely powerful, complex, and flexible features within InsightCloudSec.

Bots are automated programs comprising a scope, filter(s), and action(s) that allow you to act on the findings from your Insights. For example, you can use a Bot to send an email notification containing relevant information about a specific resource based on a characteristic, status, or event defined within an Insight. Bots can delete a non-compliant resource or start/stop an instance.

Additional Configurations - Fine Tuning Your Environment

Organizations

In InsightCloudSec, organizations allow for multi-tenant functionality to logically isolate resources, users, Bots, and Insights according to their unique uses. For example, Managed Service Providers can onboard multiple customers in one install. For more information on this capability, check out the complete documentation on Organizations.

Badges

Badges allow you to identify your cloud accounts in InsightCloudSec with key-value pairs of cloud account metadata. You can create and use Badges to narrow the focus of actions taken on resources or to fine-tune your reporting.

Identity Management, Users, Groups, Roles

Check out our Identity, Access, & Permissions section for content around topics including Users, Groups, and Roles (Administration) and Just In-Time (JIT) User Provisioning - a capability to synchronize users and groups from an external Identity Provider (IDP) authentication server such as Okta, LDAP, Ping, and Microsoft's Active Directory.

Resource Groups

You can organize your resources into Resource Groups for creating custom reports or taking custom Bot actions.

Tag Explorer and Tags

The Tag Explorer allows you to view and explore resource tags within your cloud accounts.

Scheduled Events

Here you can see an event overview of scheduled actions (e.g., starting and stopping instances, creating or deleting tags) that Bots will take against your resources.

Integrations

InsightCloudSec provides Integrations with external systems for handling various actions, such as data aggregation and collection, notifications, and ticketing. These integrations include Slack, ServiceNow, Jira, Jinja2, and others.

General Settings

Check out the Platform Configuration & Settings page for a quick summary of general system administration pages and options.

Advanced Features - Expanded InsightCloudSec Capabilities

Infrastructure as Code (IaC Security)

InsightCloudSec's IaC Security employs the IaC Analyzer to analyze, or scan, your preconfigured infrastructure templates against Insight packs to gain specific feedback about violations and determine compliance before infrastructure is deployed. Each scan can be performed ad-hoc or in an automated fashion via a CI/CD pipeline integration and will generate a detailed report of the results.

Cloud IAM Governance (Access Explorer)

InsightCloudSec's Add-On Cloud IAM Governance module (through Access Explorer) enables organizations to manage IAM challenges across the full scope of their cloud footprint. Within AWS there are five different ways to specify or grant access to an individual resource. Attempting to track these various methods of access across dozens of resource types through separate console interfaces with differing structures is a time-consuming and error-prone process. Access Explorer gives you the ability to pull all of this information into a single interface. This capability dramatically improves visibility across your entire cloud, ensuring access defined around users and associated resources are accounted for.

Updated 16 days ago

SaaS/Hosted Customers - Getting Started Guide


Details for InsightCloudSec Hosted Customers (or Prospects) on How to Get Started with InsightCloudSec

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.