InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Identity & Management Resources

Summaries and Attributes of InsightCloudSec Identity & Management Resources

Overview

Identity and Management resources are available in InsightCloudSec as the fifth section (tab) under the Resource landing page. These resources are related to identity and management functionality and include resources like cloud alarms, cloud roles, and cloud users.

Identity and Management resources are displayed alphabetically using the InsightCloudSec normalized terminology. Hovering over an individual resource provides the CSP-specific term with the associated logo to help users confirm the displayed information. For example, a Cloud Policy refers to Amazon's "IAM Policy", Google's "Role Permission Set", and Azure's "Role Definition".

For a detailed reference of this normalized terminology check out our section on Resource Terminology.

Identity and Management ResourcesIdentity and Management Resources

Identity and Management Resources

🚧

A Note About Resource Attributes

A large number of Resource Attributes are offered for the resources outlined here. Because we are continuously expanding our supported resources the attributes and details included here can not be guaranteed to include every resource or every attribute.

If you need information about the attributes of a particular resource we are happy to help get those details for you - reach out to [email protected] with any questions!

Access Analyzer

Resources like the AWS IAM Access Analyzer can help identify resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that may be shared with an external source. This can help identify risks associated with unintended access to your resources and data.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which this analyzer resides

analyzer_id

The provider ID of the analyzer

create_time

The time when this analyzer was created

last_scan_time

The time when the analyzer last ran a scan

active_finding_count

The list of active findings by the analyzer

public_finding_count

The list of public findings by the analyzer

cross_account_count

The list of cross account findings by the analyzer

unknown_account_count

The list of unknown account findings

arn

The ARN associated with this access analyzer

account_mapping

The accounts connected to this access analyzer

API Access Key

API Access Keys are used within organization services. They are used to provide programmatic access to the cloud environment. They can be associated with a user that can be an individual, e.g., Jane Doe, or an application, e.g., InsightCloudSec. This class inherits from Resource and has direct access to the resource’s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

access_key_id

The provider id for the API access key

organization_service_id

The ID of the parent organization service (cloud)

status

Whether the key is active or inactive

user_resource_id

The ID of the user associated with the key

user_name

The username of the user associated with the API Access Key

role_resource_id

The provider identifier of the role

role_name

The short name of the role

create_date

The date the API access key was created

last_used_date

The date the API access key was last used or None

expiration_date

The date the API access key expires

user_managed

Denotes if the key is managed by a user

class DivvyResource.Resources.serviceaccesskey.ServiceAccessKey(resource_id)
Bases: DivvyResource.Resources.resource.Resource

API Access Key Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

get_db_pk()

static get_provider_id_field()

get_resource_name()
Returns the ID of the access key as there is no name

static get_resource_name_field()
Overrides parent function and returns the description field of this resource. This is required because not all resource types have a field explicitly called name.

static get_resource_type()

get_supported_actions()
Retrieve all the actions which are supported by this resource.

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

update_status(status, user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

API Accounting Config

API Accounting Configs represent cloud API audit trail configurations. An example of such a service would be AWS CloudTrail. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

accounting_config_id

The provider ID of the accounting configuration

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the API configuration resides

name

The name of the config

parent_resource_id

The resource ID of the parent that this trail is associated with

multi_region

Denotes whether or not the configuration spans all regions

is_logging

Whether the Api Accounting Config is currently logging API calls.

is_organization_trail

Denotes if a trail is logging events in that organization

key_resource_id

The provider ID of the key used for the API Accounting Config

config

JSON output of configurations (If logging enabled, log file validation enabled, S3 bucket name)

logged_resources

The destination of the logs

class DivvyResource.Resources.apiaccountingconfig.ApiAccountingConfig(resource_id)
Bases: DivvyResource.Resources.resource.Resource

ApiAccountingConfig Operations

accounting_config_id

api_accounting_config

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_arn()

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()
Retrieve all the actions which are supported by this resource.

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None, project_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

Cloud Access Point

Cloud Access Point is a feature to simplify managing data access at scale for applications using shared data sets (AWS S3 Access Point).

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the Cloud Access Point resides

name

The name of the Cloud Access Point

origin

The origin of the Cloud Access Point (internet, private)

policy

The policy associated with the Cloud Access Point

parent_resource

The name of the parent resource of the Cloud Access Point

parent_resource_id

The ID of the parent resource of the Cloud Access Point

network_resource

The name of the network resource associated with the Cloud Access Point

network_resource_id

The network resource ID associated with the Cloud Access Point

public

The status of the Cloud Access Point (e.g. public or private)

Cloud Account

Secure, world-wide storage and retrieval of any amount of data at any time.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

account_id

The provider account identifier associated with the account

name

The name of the cloud account

joined_timestamp

The time the account was added to InsightCloudSec

status

Denotes the status of the account

cloud_type_id

The primary cloud provider

Cloud Advisor Check

A recommendation guide that analyzes your configuration and usage (AWS Trusted Advisor).

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

check_id

The provider ID of the cloud advisor check

name

The provider name for the check

category

The category of the cloud advisor check

status

Denotes the status of the cloud advisor check

description

The description of the cloud advisor check

estimated_monthly_savings

The estimated monthly savings associated with the check

resource_count

The count of resources associated with the check

Cloud Alarm

A cloud provider alarm within an organization service. An example of this would be AWS CloudWatch alarms. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the cloud alarm resides

alarm_id

The provider ID for the cloud alarm

name

The name of the cloud alarm

description

The description of the cloud alarm

namespace

The namespace of the cloud alarm

metric_name

The name of the metric alarm

threshold

The value of the metric relative to a threshold over a number of time periods

evaluation_periods

The evaluation period of the event

updated_timestamp

The time the alarm was last updated

state_value

Denotes the state of the cloud alarm

state_reason

Denotes the state status

state_reason_data

The reason for the state of the cloud alarm

state_updated_timestamp

The time the alarm state was updated

period

The length of the time to evaluate the metric or expression

statistic

The statistic for the metric associated with the alarm, other than percentile

comparison_operator

The comparison to the threshold

actions_enabled

Denotes the actions enabled state

Cloud Domain Group

A cloud domain group within an organization service. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

group_id

The provider identifier of the group

name

The name of the cloud domain group

email

The email associated with the domain group

create_date

The date the domain group was created

Cloud Domain User

A cloud provider user that spans an entire domain. Examples of this would be Google Cloud Platform users. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

user_id

The provider ID for the user account

user_name

he provider user name for the user account

create_date

The time this user was created

password_last_used

The last time the user logged in

two_factor_enabled

Denotes if two-factor is enabled

email

An optional email associated with the account

description

An optional description of the account

admin

Denotes if this is an admin account

disabled

Denotes if this account is in a disabled state

Cloud Event Bus

This is a serverless event bus that facilitates connecting applications together using data from your own (SaaS or other) applications or services (AWS EventBridge).

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the Cloud Event Bus resides

event_bus_id

The ID associated with the Cloud Event Bus

arn

The ARN associated with the Cloud Event Bus

policy

The policy associated with the Cloud Event Bus

trusted_accounts

The identifier of the trusted accounts associated with the Cloud Event Bus

publicly_accessible

The status of the public accessibility for the Cloud Event Bus

Cloud Event Rule

A Cloud Event Rule matches incoming Cloud Alarms ("events") and routes them to targets for processing (AWS CloudWatch Rule).

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_id

The ID of the parent organization service (cloud)

region_name

The region in which the event rule resides

rule_id

The ID for the rule

description

A description for the rule

arn

The ARN associated with the rule

role_arn

The ARN for the role associated with the rule

event_pattern

Pattern used to match events that will trigger the rule

target_arns

The ARNs associated with the targets for the rule

schedule_expression

Expression indicating the schedule at which the rule is evaluated

disabled

Indicates whether the rule is disabled

invalid_json

Indicates whether the event pattern is invalid JSON

Cloud Group

A cloud provider group within an organization service. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

group_id

The provider ID for the group

name

The name of the group

create_date

The day the group was created

inline_policies

The number of inline policies

arn

The ARN associated with the group

path

The path of the resource (optional)

policy_count

The number of policies

managed_policy_count

The number of managed policies

Cloud Limit

Describes a cloud provider limit within a organization service.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

limit_id

The provider id for the limit

region_name

The region that the service resides in

name

The provider name for the limit

limit

The limit value

usage

The current usage value

status

The status of the limit

Cloud Log Destination

A physical resource that enables you to subscribe to a stream of log events. An example of a Cloud Log Destination is an AWS CloudWatch Logs Destination.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the resource resides in

destination_name

The destination name associated with the cloud log destination

target_arn

The target ARN associated with the cloud log destination

role_arn

The ARN associated with the role

access_policy

The access policy associated with the cloud log destination

trusted_accounts

The list of trusted accounts (optional)

arn

The ARN associated with the resource

creation_time

The time the cloud log destination was created

Cloud Outpost

Delivers fully managed services on premise for hybrid clouds.

Attributes

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the service resides in

outpost_id

The ID associated with the outpost

site_id

The site ID associated with the outpost

name

The name of the outpost

description

The description of the outpost

status

The status of the outpost

availability_zone

The availability zone associated with the outpost

availability_zone_id

The availability zone ID associated with the outpost

arn

The ARN associated with the outpost

Cloud Policy

A policy that will give specific permissions to Cloud Users, Groups, or Roles (AWS IAM).

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

policy_id

Policy of ID of service policy

policy_name

Name of service policy

attachment_count

The number of resources this policy is attached to

create_date

The date the policy was created

update_date

The date the policy was last updated

description

The description of the policy

disabled

Denotes if you’ve disabled the policy

arn

The ARN associated with the policy

attachable

The can be attached to a resource

Cloud Region

Service Regions consists of low-latency linked Availability Zones, which consist of multiple,
linked data centers. For example, AWS's us-east-1 Service Region consists of (at the moment),
Availability Zones us-east-1a through us-east-1e and each Availability Zone consists of 1 to 6 data centers, each of which typically houses several thousand servers. This class inherits from Resource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

name

The name of the region

region_state

The state of the region ('ACTIVE','DISABLED','DELETED')

harvest_rate_multiplier

The rate at which the harvest rate multiplies

Cloud Resource Group

Used for related resources (e.g., Azure Resource Group).

Attribute

Description

resource_group_id

The ID of the resource group

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_id

The organization ID associated with the resource group

owner_id

The owner ID associated with the resource group

name

The name of the resource group

description

The description of the resource group

date_created

The date the resource group was created

category

The category of the resource group

resource_counts

Resource counts associated with the resource group (e.g. total, by_type, by_region, etc.)

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the service resides in

Cloud Role

A cloud provider role within an organization service. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

role_id

The provider ID for the role

name

The provider name of the role

description

An optional description for the role

role_type

The type of the role

max_duration

The max session duration for the role

create_date

The date the policy was created

assume_role_policy

Denotes the status of the assume role policy

trusted_accounts

The list of trusted accounts (optional)

inline_policies

Number of inline policies

boundary_namespace_id

The provider identifier of the permission boundary

role_arn

The ARN associated with the role

path

The path of the resource (optional)

policy_count

The number of polices attached to the role

managed_policy_count

The number of managed policies

last_used_date

The date the policy was last used

instance_profile_ids

The provider identifier of the instance profile

Cloud Service Cost

Describes monthly service costs within an organization service.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

cost_id

Provider ID of the service cost

account_id

The primary account identifier

line_item

The name of the charge

current_month_spend

The current spend for this month

projected_month_spend

The projected spend for this month

previous_month_spend

The total spend for the previous month

total_spend

The total amount spent

months_tracked

The number of months the resource was tracked

Cloud User

A cloud provider user within an organization service. Examples of this would be administrators and
basic users. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

user_id

The ID of the users account

user_name

The name of the users account

create_date

The date the user account was created

password_last_used

The last time the user logged in

two_factor_enabled

Checks if multi-factor authentication (MFA) is enabled

login_profile

Denotes whether or not the account has a login profile

email

The root account users email

description

An optional description of the account

admin

Checks to see if the account has admin capabilitiy

disabled

Denotes if you’ve disabled the user

inline_policies

The list of policies that are attached with an IAM identity

boundary_namespace_id

The provider identifier of the permission boundary

active_api_keys

The number of active API credentials for this user

inactive_api_keys

The number of inactive API credentials for this user

guest

The guest status of the account

arn

The ARN associated with this user

path

The path of the resource (optional)

policy_count

The number of policies

managed_policy_count

The number of provider managed policies

last_activity

Date and time of user's last activity

Diagnostic Settings

Configuration profile that enables sending platform metrics and logs to various destinations. An example of this type of resource is Azure Diagnostic Settings.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

setting_id

The ID for the diagnostic settings instance

name

The name for the diagnostic settings instance

target_resource_id

The resource ID for the target of the diagnostic settings

target_resource_name

The name for the target of the diagnostic settings

storage_account_resource_id

The resource ID for the storage account to which logs will be sent

storage_account_name

The name for the storage account to which logs will be sent

workspace_resource_id

The resource ID of the Log Analytics workspace to which logs will be sent

workspace_name

The name of the Log Analytics workspace to which logs will be sent

logs

Object containing various log settings

enabled_log_types

Number of log types enabled

disabled_log_types

Number of log types disabled

metrics

Object containing various metric settings

enabled_metrics

Number of metrics enabled

disabled_metrics

Number of metrics disabled

Directory Service

Managed domain services (for example: AWS A) that allows you to manage Users, Computers, and Groups.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the instance resides

namespace_id

The service namespace

name

The name of the directory service

short_name

The short name of the service

access_url

The URL to access the service

description

The description of the service

create_time

The time the service was created

sso_enabled

Denotes if you’ve enabled SSO

share_method

The method used when sharing a directory

DNS Domain

Service such as Route 53 that is used to route end users to Internet applications by translating names like website URL into the numeric IP addresses.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the instance resides

name

The name of the Directory Service

admin_contact_email

The contact email of the administrator

abuse_contact_email

The contact for abuse email

auto_renew

The auto renew status of the service

transfer_lock

The lock/unlock status of the lock

creation_timestamp

The time the service was created

expiration_date

The date the service expired

last_changed_date

The date the service was last changed

extra_parameters

The additional parameters for that specific domain (JSON)

Encryption Key

Service Encryption Keys are used within organization services. They are used to encrypt data stored within file systems, e.g., Volumes and Shared File Systems, object-level storage, e.g., Storage Containers, back-ups, e.g., Snapshots, and other services, e.g., API Accounting Config. This class inherits from Resource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

region_name

The region in which the instance resides

key_id

The provider identifier of the encryption key

name

The name of the encryption key

arn

The ARN associated with the encryption key

description

The description of the encryption key

organization_service_id

The ID of the parent organization service (cloud)

state

The enabled/disabled state of the encryption key

create_date

The date the encryption key was created

scheduled_deletion_date

The date the key is scheduled to be deleted

key_rotation

The status of the key rotation

enabled

Denotes if you’ve enabled the encryption key

resource_count

The list of resources using the encryption key

policy

The policies in use by the encryption key

trusted_accounts

The list of trusted accounts using the encryption key

customer_managed

The key is managed by the customer

parent_resource_id

The parent resource identifier that takes the form of a prefix followed by numbers and letters

rotation_period

The number of days that the key will be rotated

activation_date

The date the encryption key was activated

modified_date

The date the encryption key was modified

origin

The origin of the key, customer managed vs provider managed

alias_arns

List of alias ARNs associated with the encryption key

key_spec

The specification for the encryption key, e.g., asymmetric, symmetric

multi_region

Denotes if the encryption key is multi-region

Encryption Key Vault

A tool for securely storing and accessing secrets such as API keys, passwords, or certificates. For example Azure Key Vault.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the encryption key vault resides in

create_time

The time the encryption key vault was created

name

The name of the encryption key vault

vault_type

The type of the encryption key vault

key_count

The number of encryption keys used to encrypt your data.

key_harvest_impaired

Denotes if the key harvester is in an impaired state

secret_count

The number of secrets within the encryption key vault

certificate_count

The number of certificates within the encryption key vault

certificate_harvest_impaired

Denotes if the certificate harvester is in an impaired state

secret_harvest_impaired

Denotes if the secret harvester is in an impaired state

modified_time

The time the encryption key vault was last modified

access_policy

The access policy associated with the encryption key vault

purge_protection_enabled

Denotes if you’ve enabled purge protection

soft_delete_enabled

Denotes if you’ve enabled soft delete

Log Analytics Workspace

Container used for storing and analyzing log data and configuration (Azure Log Analytics Workspace)

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

workspace_id

The ID of the workspace

name

The name of the workspace

region_name

The name of the region in which the workspace is located

state

The current provisioning state of the workspace

sku

The pricing SKU for the workspace

namespace_id

The namespace ID for the workspace

Identity Provider

Creates, maintains, and manages identity information, providing authentication (SAML, AD)

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

provider_id

The provider given ID of the identity provider

arn

The ARN of the identity provider

create_date

The time the identity provider was created

expiration_date

The time the identity provider expires

configuration

The configuration of the identity provider

Log Group

Log groups define groups of log streams that share the same retention, monitoring, and access control settings.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the log group resides

group_id

The provider identifier of the log group

name

The name of the log group

namespace_id

The log group namespace

creation_time

The time this log group was created

retention_policy

The retention policy in days for the logs

stored_bytes

The size in GB of the logs

key_resource_id

The resource ID of the key that encrypts the logs

Secret

Secrets are string of cryptographically strong random numbers and letters suitable for managing data such as passwords, account authentication, security tokens, and related secrets.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the secret resides

name

the name of the secret

description

the description of the secret

key_resource_id

the provider identifier of the key

arn

The ARN associated with the key

rotation_days

The number of days the key should be rotated

rotation_enabled

Denotes the enabled status of the secret rotation

rotation_lambda_arn

The lambda ARN used for secret rotation

last_accessed_date

The date the secret was last accessed

last_changed_date

The last date and time the secret was modified in any way

deleted_date

The value exists if the secret is scheduled for deletion

policy

The policy associated with the secret

trusted_accounts

The trusted accounts that can access the secret

parent_resource_id

The resource identifier of the parent service encryption key vault

create_date

The date the secret was created

expiration_date

The date the secret is scheduled to expire

activation_date

The date the secret is scheduled for activation

content_type

The content type of the secret

enabled

Denotes whether or not the secret is enabled

customer managed

Denotes whether or not the secret is managed by the customer

Service Control Policy

Control policies that ensure accounts stay within your organization’s access control guidelines.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

name

The name of the resource

policy_id

The provider ID for the policy

arn

The ARN associated with this access analyzer

description

Common properties for all (most) resource types.

service_managed

Denotes whether or not the policy is service managed

content

The policy content to add to the new policy

targets

What the service control policy is pointing at

Service Detector

A detector is a property of a threat detection service. For example, a detector is required for Amazon GuardDuty to become operational.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that this resource resides in

detector_id

The ID of the service detector

role_resource_id

The resource id of the role associated with the detector

status

The status of the detector

create_date

The date the detector was created

master_account_id

The ID of the master account associated with the detector

members

The members of the service detector

SSH Key Pair

SSH key pairs are the public and private keys associated with a cloud provider within an organization service. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region this SSH key pair resides in

keypair_id

The ID of the key pair

fingerprint

The fingerprint of this key pair

name

The name of this SSH key pair

class DivvyResource.Resources.sshkeypair.SshKeyPair(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

SSH Key Pair Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

static get_db_class()

get_fingerprint()
Retrieve the fingerprint of the SSH Keypair.

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

handle_resource_created(user_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

key_name

key_pair

top_level_resource = True

SSL Certificate

A certificate bound to a load balancer to facilitate secure client/server communication.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the certificate resides

certificate_id

The provider ID for the certificate

name

The name of the certificate

domain_name

The domain that the certificate is associated with

path

The path of the SSL Certificate

arn

The ARN associated with the certificate

upload_date

Time this certificate was uploaded

expiration_date

Time this certificate expires

cert_type

Type of certificate

parent_resource_id

Resource id of parent service encryption key vault

thumbprint

The thumbprint of the certificate

activation_date

The date of the scheduled activation of the certificate

modified_date

The last modified date of the certificate

enabled

Denotes whether or not the certificate is enabled

issuer

The issuer of the certificate

Stackdriver Sink

A Stackdriver sink controls how logs are routed throughout your environment, e.g., a GCP Stackdriver Sink.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

name

The name of the Stackdriver Sink

destination

The Stackdriver Sink's destination

filter_config

The filter configuration for the Stackdriver Sink (if any)

writer_identity

The identity under which exported log entries are written to the Sink's destination.

create_time

The timestamp for when the Stackdriver Sink was created

update_time

The timestamp for when the Stackdriver Sink was last updated

Threat Findings

A threat detection service which constantly monitors the activity in your cloud network for anomalous behavior which could indicate cyber attacks or other unauthorized uses. Example of this service is AWS GuardDuty.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the threat is occurring

threat_finding_id

The ID of the threat finding

name

The name of the threat finding

count

The number of impacted resources

severity

The severity level of the finding

last_seen

The time the threat finding last saw threats

User Pool

A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. Your users can also sign in through social identity providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers. Whether your users sign in directly or through a third party, all members of the user pool have a directory profile that you can access through a Software Development Kit (SDK).

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region in which the user pool resides

pool_id

The provider ID for the user pool

name

The name given to the user pool

status

Denotes whether the user pool is enabled or disabled

auto_verify_attributes

The auto-verification attributes for this pool. Can be set to email, phone number, either, or both

username_attributes

Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up.

alias_attributes

Specifies the attributes that are aliased in a user pool.

password_policy

JSON describing the password policy of the user pool

create_date

The creation date of the user pool

mfa_configuration

Denotes whether multifactor authentication is on, off, or optional

estimated_number_of_users

The estimated number of users in the user pool

domain

Holds the domain prefix if the user pool has a domain associated with it.

custom_domain

A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application.

advanced_security

Denotes whether advanced security settings are enforced, off, or in audit mode

arn

The ARN associated with the user pool

identity_providers

JSON describing the Identity Provider Attributes

Updated 10 days ago

Identity & Management Resources


Summaries and Attributes of InsightCloudSec Identity & Management Resources

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.