InsightCloudSec Getting Started Guide

High-level Information for Getting Started with InsightCloudSec

This page provides a high-level overview of some of the functionality and features included in InsightCloudSec. This is not an exhaustive list and provides just a few recommendations about helpful topics to review after your installation to refine your configuration and explore some of the capabilities we offer.

Note: This page assumes that you are a SaaS (hosted) customer - meaning that InsightCloudSec handles the deployment, maintenance, and upgrade of your platform environment.

  • We do support self-hosted deployment options. Reach out to support for additional details on getting InsightCloudSec deployed; otherwise, features and capabilities generally behave the same.

If you're new to our platform you may find it helpful to review:

What You'll Find Here

Each heading below (accessible through the in-page navigation on the right) includes a high-level summary of what the step or feature entails including links to additional detailed documentation for that part of the process.

Connecting Your Clouds to InsightCloudSec (Onboarding)

After installing InsightCloudSec you will need to connect the platform to your cloud account(s). Check out the Cloud Accounts page for an overview of setting up and managing your cloud accounts. You can also skip ahead to the Cloud Account Setup documentation if you're ready to onboard your accounts.

InsightCloudSec includes support for:

  • Amazon Web Services, including AWS GovCloud and AWS China
  • Microsoft Azure, including Azure GovCloud and Azure China
  • Google Cloud Platform
  • Alibaba Cloud (Ali Cloud)
  • Oracle Cloud Infrastructure

We also support Amazon Elastic Container Service for Kubernetes (Amazon
EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), and Kubernetes.

Bringing Data into InsightCloudSec (Harvesting)

After connecting your cloud account(s), InsightCloudSec will start the process to collect or harvest that cloud account and normalize the data.

What do we mean by harvesting?
Harvesting is simply our term for how we collect data or the process of connecting with your clouds and pulling in the data stored there. InsightCloudSec provides a suggested harvesting schedule but also includes the flexibility to adjust your harvesting strategy based on your organizational needs.

What do we mean by normalizing?
Normalizing the data means that we ingest and identify any resource that is part of your cloud with standard vernacular in simple categories regardless of provider.

Normalizing allows us to combine the data from all of your different cloud accounts and display this data through a “single pane of glass” through our Resources page and features like Layered Context.

Viewing Your Data (Resources)

After InsightCloudSec harvests and normalizes data from your cloud accounts, you will start to see the resources, virtual services, utilities, or functions that make up your clouds displayed in the resource section of InsightCloudSec. This section provides visibility into your cloud footprint and allows you to drill down and inspect specific resources.

Fine Tuning Your Environment (Configuration Capabilities)

Application Context

InsightCloudSec has the ability to dynamically group infrastructure into “Applications”. An Application is a collection of resources/infrastructure that’s dynamically built and maintained as infrastructure scales up/down to support the customers' workloads. These collections are built based on the presence of a specific tag key that is configured within InsightCloudSec. While on the surface they seem similar to Resource Groups, Applications go much further, providing customers with a real time view of the infrastructure backing their apps while also providing data.

  • Check out our Application Context documentation for more details on working with this feature.

Badges

Badges are key-value pairs that allow you to customize the organization of your cloud accounts within InsightCloudSec. Badges, as key-value pairs, are similar to AWS tags or GCP labels. However, where tags and labels are applied to resources, badges are applied to entire cloud accounts.

  • For example you can create a badge with a key of “environment” and a value of “production” and another might use "environment" with the value "testing", allowing your organization to group cloud accounts based on usage.

Integrations

InsightCloudSec is designed to integrate with external systems for both inbound (data aggregation, data collection) and outbound (notifications, ticketing) actions. Integrations within InsightCloudSec enables easy configuration of third-party integrations, such as those for Slack, PagerDuty, ServiceNow, and others.

  • This capability is available under the cog icon on the top right "Administration --> Integrations". Read more under the Integrations Overview and about using Jinja2

General Administration

InsightCloudSec uses a number of general administrative settings that can help you manage your organization and system information. Take a closer look at our documentation on topics like:

Exploring and Analyzing Risks (Features)

Insights & Packs

Use Insights (checks) to understand where you may have misconfigurations, and to know how compliant you are using our built in 'Compliance Packs'. A built-in group of Insights can be organized around a specific compliance standard (Compliance Pack) for powerful custom analysis.

Layered Context

Layered Context provides a holistic view of the most critical resources found in all environments that are connected to InsightCloudSec. It provides capabilities including:

  • High-level visualizations around the most critical high risk resources
  • A resource-centric view of risk across multiple security domains in a unified, consolidated framework
  • Easy access to details of risk surrounding a specific resource
  • Filtering for context with Clouds and Applications, and on specific resource types, severities, and security domains for better triaging/risk prioritization

Vulnerability Management

Including Host Vulnerability Management and Container Vulnerability Management

  • Container Vulnerability Management can continuously assess all container images specified in production workloads to detect installed packages with known vulnerabilities. Learn more about it in our Container Vulnerability Management documentation.

Infrastructure as Code (IaC) Security

IaC Security employs the IaC Analyzer to analyze, or scan, your preconfigured infrastructure templates against Insight packs to gain specific feedback about violations and determine compliance before infrastructure is deployed. Each scan can be performed locally using the CLI IaC Scanning Tool or in an automated fashion via a CI/CD pipeline integration and will generate a detailed report of the results.

Cloud IAM Governance

Cloud IAM Governance functionality is available through IAM-related Query Filters, Insights, Principal Activity (for AWS & Azure), detailed views through the Principal Explorer through our Resources page and the Identity Analysis feature.

Threat Findings

Threat Findings provides a single view that collects all runtime threat detection findings from various sources. The unified view provides various filtering options, while offering security context by associating the findings with the relevant cloud resource(s) and resource properties. This uniform solution allows users to explore findings using filters and Bot automation.