InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Glossary

A Glossary of Commonly Used Terms Within the InsightCloudSec Platform

👍

Rebranding in Progress

Rebranding for DivvyCloud, now InsightCloudSec is ongoing. Logos, URLs, text, and images may reference either InsightCloudSec or DivvyCloud.

The most important thing to note is that the product functionality has remained the same. If you have any questions or concerns reach out to [email protected].

This page provides a glossary of terminology with definitions for InsightCloudSec-specific terminology as well as some useful cloud-based terms.

Term

Definition

API

“Application program interface, a set of functions and procedures allowing the creation of applications that access the features or data of an operating system, application, or other service.”

InsightCloudSec’s API can be used to create Insights and Bots, modify compliance packs, and perform other functions outside of the platform user interface. See the API documentation for details.

AWS

Amazon Web Services, Amazon’s cloud platform

Admin, Administrators

A User with the highest level of privileges or authorizations. Admins generally will retain all permissions to read/view, write/edit, delete, etc. There are two types of Admins, Domain Admins and Org Admins. A Domain Admin can do everything in the tool. An Org Admin can do everything operational in their organization in the tool.

See also Domain Admin and Org Admin.

Authentication Servers

External Active Directory/LDAP (lightweight directory access protocol) servers for user authentication.

These servers can be connected and managed from the Authentication Servers tab of the Identity Management page.

Background Job

Background Jobs are worker processes that run on a schedule to keep InsightCloudSec current (e.g., harvesting Insights) and optimized (e.g., OrphanedResourceCleanup). Background Jobs are distinct from On-Demand jobs in that they are not run immediately. Resource harvest jobs, which can be accessed via the Cloud details section, can be thought of as specialized Background Jobs.

A list of Background Jobs can be accessed from the Background Jobs tab on the System Administration page.

Badges

An internal ID for clouds. Badges are similar to Tags (key/value pairs applied to individual resources) but applied to entire cloud accounts.

Badges are used to scope Bot actions, report on compliance, bound searches, and otherwise customize the organization of cloud accounts.

Base Pack

An Insight pack used as the basis for creating a customized pack.

Bot

Bot (short for "robot") is an automated program that executes user-defined actions on resources according to user-defined conditions. Bots comprise a scope (bounds for which resources the Bot acts upon), filters (conditions upon which the Bot will act), and actions (what the Bot does).

BotFactory

The InsightCloudSec feature where the user creates Bots, defining the bots’ scope, conditions, and actions.

CI/CD

The combined practices of continuous integration (CI) and continuous deployment (CD) for developing software in a sustainable way.

Cloud,
Cloud Provider,
Cloud Type

A cloud, or cloud account, is an account for cloud services (storage, compute, etc.) from a cloud services provider (Cloud Provider), such as AWS, GCP, Azure, and other. You can have multiple accounts ("clouds") from a single provider, or you can use multiple providers to create your overall cloud infrastructure.

Note:
Early versions of the product use ‘Cloud Type’ synonymously with ‘Cloud Provider’. Each Cloud Provider users their own terminology for "cloud accounts": AWS uses the term "accounts", GCP uses the term "projects", and Azure uses the term "subscriptions".

Compliance

Conformity with industry requirements and standards for cloud-related security, cost, and other controls. Compliance across multiple cloud providers is a major focus of InsightCloudSec.

Compliance Pack

Compliance packs are collections of related insights pertinent to a specific compliance standard. Compliance packs may focus on security, costs, governance, or combinations of these across a variety of frameworks. Examples are NIST 800-53, ISO 27001, HIPAA, and PCI DSS. Compliance packs are accessed from the Compliance Packs tab on the Insights main page.

Compliance Scorecard

Visually summarizes cloud accounts’ adherence to specific rules or conditions of an Industry Standard, e.g., NIST 800-53 or ISO 27001. This summary is presented as a heat-map type visual; the Compliance Scorecard also provides guidance concerning actions to take on specific resources to mitigate failing issues. Check out more information - Compliance Scorecard.

Consumers

Relative to EDH, a central account that ingests events from one or more Producers. See also Event-Driven Harvesting (AWS).
“Consumers” and “Producers” are AWS-specific EDH terms where the Consumer AWS accounts serve as an aggregator of event data from Producer AWS accounts. This aggregation approach is necessary due to limits AWS places on serving event data externally via API.

Custom Pack

A Compliance Pack, customized for specific uses. Custom packs can be created from existing--or base--packs, and adding or removing specific Insights as desired. Custom Packs are found on the Custom Packs tab of the Insights main page.

Data Collections

A collection of strings of data definitions that can be used (and reused) in creating and updating Filters, Insights, and Bots.

Disabled Resource

A disabled resource is a resource that is not harvested. As such, InsightCloudSec will not surface permissions errors related to harvesting disabled resources.

DivvyCloud

DivvyCloud was a Cloud Security Posture Management (CSPM) platform that provides real time analysis and automated remediation across leading cloud and container technologies, including AWS, Azure, GCP, Alibaba, and Kubernetes.

As of July 2021, DivvyCloud by Rapid7 has been relaunched as a full CNSP called InsightCloudSec.

Domain Admin

A User with the highest level of privileges or authorizations. A Domain Admin can do everything in the tool. There are also read-only Domain Admins who are able to view all resource data among all InsightCloudSec organizations, yet as the name implies, they are not able to make changes to InsightCloudSec. See also Admin.

Entitlements

Entitlements, or Permissions Entitlements, give domain users control over basic users' and organization admins' permissions to access certain parts of the tool. These entitlements are available for BotFactory, Tag Explorer, Insights, and Scheduled Events. The four possible permissions levels are "disabled", "viewer", "editor", and "admin". Entitlements are assigned independently to features, e.g., a basic user might be "disabled" for BotFactory but have "editor" permissions for Tag Explorer.

Event-Driven Harvesting (EDH)

Event-driven harvesting (EDH) is a data collection mechanism where events are pushed to InsightCloudSec instead of being collected via polling. AWS EDH leverages CloudTrail and CloudWatch events for collection. GCP EDH leverages StackDriver and Pub/Sub events for collection.

Event-Driven Role

Relative to AWS EDH, event-driven roles are either Consumer or Producer.

Exemption

A Resource Group that defines a collection of resources that are not evaluated against a specific Insight. For example, S3 buckets configured to host websites can be placed in a Resource Group called “Websites” that is then exempted from the Insight “Storage Container Exposed To The Public”.

Failed Insight

An Insight that matched a scoped resource. In other words, a resource met the conditions of this Insight when a query was run.

Filter

Filters specify conditions InsightCloudSec searches for in identifying matching resources. An example filter: ‘Resource is not encrypted’.

Filters are used in Insights and Bots. Insights combine filters, scope, and reporting. Bots take action based on the output filters, scope, and insights.

GCP

Google Cloud Platform

Harvesting

Harvesting describes how InsightCloudSec collects data from the cloud providers:

  • EDH (Event Driven Harvesting) is where the data is pushed to InsightCloudSec when there's a change in your cloud account.
  • Regular harvesting is done using standard polling on a schedule. You can customize that schedule—by service, region, and account—to set how often the platform polls for data.

Impacted Resource

A resource within the specified scope that matches a designated (searched-on) Insight. Impacted resources indicate violations on an Insight.

Infrastructure

With respect to cloud computing, infrastructure refers to an enterprise's entire cloud-based or local collection of resources and services. This term is used synonymously with "cloud footprint".

Insight

An Insight describes a specific behavior, condition, or characteristic of a cloud resource. Insights are the checks—built on a combination of one or more filters and scopes—that are run on your infrastructure. They can be used to report on resources, or to instruct Bots as to which resources require actions. Some examples of common insights include:

  • Storage Container Exposing Access to the World
  • Database Instance Publicly Accessible
  • Volume Encryption Not Enabled

Insights can be used individually or in packs.
InsightCloudSec offers both Featured and Custom Insights. Featured Insights are maintained by InsightCloudSec and harvested down on a regular schedule. Featured Insights are also organized into Featured Insight Packs that address common use cases, such as General Data Protection Regulation (GDPR) compliance. Custom Insights are those you build yourself.

InsightCloudSec

InsightCloudSec (formerly DivvyCloud) is a fully-integrated cloud-native security platform (CNSP) that enables organizations to drive cloud security forward through continuous security & compliance.

With InsightCloudSec, Rapid7 is the first organization to bring together a single solution that integrates posture management, identity & access management, infrastructure-as-code, and Kubernetes protection to enable teams to safely speed up their cloud adoption without compromise.

Insight Pack

A collection of Insights, usually focused on the same type of issue, e.g., security, compliance, governance.

Insight Severity

A user-defined designation for the severity of an Insight. Severity levels are "Moderate", "Major", "Severe", and
"Critical".

Instance

Refers to a virtual server instance from a public or private cloud network.

Integration

External systems with which InsightCloudSec is designed to interface for both inbound (data aggregation, data collection) and outbound (notifications, ticketing) actions.
Examples of integrations include: Jira, PagerDuty, ServiceNow, Slack, Splunk, Tenable.io

Job Backlog

The number of harvest jobs that are enqueued and waiting on a worker node to process. Job backlogs can rise and fall. For example, adding clouds will cause the job backlog to rise as the initial cloud harvests are scheduled. The number of harvest jobs feeding into the job backlog can be greatly influenced by the cloud harvesting strategy selected; more aggressive strategies lead to more jobs.

Job Scheduler

The process responsible for scheduling jobs performed by the workers. The scheduler will schedule regular cadence jobs, such as harvesting as well as on-demand jobs. It maintains different priority queues to help surface high priority jobs.

Kubernetes

A Google-based, portable, extensible open-source platform for managing containerized workloads and services.

MFA

Multifactor authentication (MFA)--also known as two-factor authentication (2FA or TFA)--enhances security by verifying a user's identity using multiple methods of authentication from independent categories of credentials.

Org Admin

A User with the highest level of privileges or authorizations. Admins generally will retain all permissions to read/view, write/edit, delete, etc. An Org Admin can do everything operational in their organization in the tool. See also Admin and Domain Admin.

Organization

In InsightCloudSec, organizations allow for complete isolation between cloud accounts, resources, and users on an installation. Cloud accounts and their resources can only belong to one Organization and cannot be modified or viewed from another Organization.

Note: GCP uses "Organization" to refer to a collection of projects.

Owners

Refers to Owners of resources. Can only be set by Admins. Ownership can be used to set scope on resource searches, making it easier for the user to focus on the resources they care about.

Permissions

The cloud provider-defined permissions granted to InsightCloudSec to enable harvesting resource information and allowing InsightCloudSec to take resource management actions. These permissions can be read-only, admin, or some combination of the two. With each release, InsightCloudSec expands its supported resources and correspondingly requires additional permissions to harvest those resources.

Plugin

An element of a software program that can be added to provide support for specific features or functionality.

Policy

Collections of permissions that provide InsightCloudSec user-defined access to connected accounts. Policies can range from Standard User Policy, containing read-only permissions, to a Power User Policy, allowing InsightCloudSec to execute user-defined actions within accounts.

Producers

Relative to EDH, a Producer is an AWS account that is configured to forward cloud events to another account. See Event-Driven Harvesting (AWS) for details.

Provisioning

The allocation of a cloud provider's resources and services to a customer; such services include IaaS, PaaS, or SaaS. In InsightCloudSec, "Provisioning" can also refer to the permission that a user has been given to acquire or add such services to their cloud account.

Region

A geographic location in which public cloud service providers' data centers reside.

Resource

A virtual (cloud-hosted) service, utility, or function. Cloud accounts are made up of resources; while different providers use different names in referring to their specific offerings, InsightCloudSec uses normalized names throughout the tool for these resources. For example, AWS’ S3 Bucket, GCP’s Cloud Storage, Azure’s Blob Storage Container, and Alibaba’s Object Storage Bucket all refer to storage resources; InsightCloudSec refers to all of these resources as a Storage Container.

Check out more under Resources.

Resource Groups

Collections of resources; can be used to apply granular permissions to a subset of a cloud footprint to improve visibility or to apply custom policy.

Resource Type Categories

Categories of resources by type. InsightCloudSec uses five normalized categories: Compute, Containers, Storage, Network, and Identity & Management.

Role

Roles are used to manage the permissions of basic users. They can be customized to permit read, manage, and delete privileges. They can be customized to view all resources or resources defined by Cloud account, Resource Group, or Badge.

Note: While roles relate to users generally, entitlements relate to a users' ability to interact with specific portions of the tool, e.g., Tag Explorer or BotFactory.

Scope

Scopes define the domain (limits or bounds) on clouds and resource groups in searches, displays, and bot actions.

TFA

Two-factor authentication (also 2FA or MFA) enhances security by verifying a user's identity using multiple methods of authentication from independent categories of credentials.

Tag

A key/value pair used for identifying and labelling resources.

User

InsightCloudSec users are distinguished by type: Basic User, Domain Admin, or Organization Admin (Org Admin). Basic Users can be assigned various roles and permissions or privileges. These characteristics are established in the Identity Management portion of the tool. Org Admins have all privileges confined to a single InsightCloudSec organization. Domain Admins have all privileges across an entire InsightCloudSec instance.

See also Roles, Domain Admin.

User Group

A list of users linked to a list of Roles. User Groups are leveraged in conjunction with Roles to grant permissions to Basic Users.

Worker

A generic term for a process that does something other than serve web requests. It may process a queue, run scheduled jobs using process files, or any number of other support-type activities. It generally does not interface with users.

Updated 2 months ago

Glossary


A Glossary of Commonly Used Terms Within the InsightCloudSec Platform

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.