An Insight is a check on a specific behavior, condition, or characteristic of a cloud resource. Built from a continuously growing library of filters, an Insight allows you to view all of your clouds, and provides an in-depth understanding of your infrastructure's security, compliance, optimization, or other characteristics that you specify.
Insights can be defined around an individual resource or resource type to identify resources that may need to have limited public accessibility. Insights can focus on specific characteristics or configuration issues, used to identify a network missing an internet gateway, or used to identify a database without encryption.
Some examples of common Insights include:
- Storage Container Exposing Access to the World
- Database Instance Publicly Accessible
- Volume Encryption Not Enabled
As a key DivvyCloud feature, Insights provide customization, flexibility, and extensibility to support a variety of cloud environments.
The DivvyCloud platform comes with a library of hundreds of built-in Insights. We offer more than a dozen industry-regulation Compliance Packs, or collections of Insights, for CIS, ISO 27001, NIST 800-53, and others.
You can also create custom Insights--and Insight packs--for use in your organization. Custom Packs can be built from scratch, from existing Insights, or from a Compliance Pack as a template for customization.
The Insight Library is the default view on the Insights main page. You can also select the Library tab on this page to display the library.
DivvyCloud's Insight Library contains hundreds of individual Insights. You can view all available Insights at once (page by page), or you can filter the view by a number of options, including:
- Individual cloud provider(s)
- Insights marked as favorites (by checking the Only Favorites box)
- Insights marked as failed (by checking the Only Failed Insights box)
- Insights with IaC support (by checking the IaC support box)
- The Insights' Scope or Source (All, DivvyCloud, Custom)
Each line in the Insights library provides multiple options for obtaining details about or taking actions on your Insights. You can reorder the Insight listing by clicking on an individual column heading (e.g., Insights, Impacted Resources, Exempted Resources, etc.) and selecting the up or down arrow that appears.
- For example, clicking a down arrow next to Impacted Resources will order the Insights in descending order by the number of resources impacted; clicking an up arrow next to Severity will order the Insights from least severe to most severe.
Insight filtering and viewing options
Checkbox - Selects a specific Insight for further inspection or action. Checking here activates the Action menu for this Insight. (See Action menu description.)
Create a bot - (Wrench icon) Allows creation of a bot linked to the selected Insight. See BotFactory.
Insight name - Clicking it opens the Insights report for the selected Insight. See Insights Report.
Impacted Resources - Indicates whether any (red "!") or no (green "check") resources fail to meet the requirements of the selected Insight; also displays the number of resources (out of total resources) failing to meet the conditions of the selected insight.
- Clicking the blue number opens the Resources page showing details for the impacted resources and enabling the creation of Exemptions.
Exempted Resources - Gives the number, if any, of exempted resources for this Insight.
- Clicking the number opens the Resources page showing details for the exempted resource.
- Refer to the complete documentation on Exemptions.
Bots - If at least one bot is associated with this Insight, the number of associated bots will appear in blue. Clicking on the number will open the BotFactory page, detailing all of the bots linked to the selected Insight.
Severity - Shows color-coded severity indicator for selected insight: Minor (teal), Moderate (purple), Major (yellow), Severe (orange), and Critical (red).
Insight severity is graded on numerous criteria. For example, with DivvyCloud Compliance Packs, Insights identified as "critical" are designated as such because of their impact on global access, exposing instances, and root account security.
Protection of these elements is defined as critical to DivvyCloud functionality. When creating Custom Insights, users can define severity based on their requirements.
Insight versioning provides the ability to select a different "version" of an Insight, in some scenarios enabling a user to fall back to a last known-good configuration.
- Insight versions only apply to custom Insights and not to the built-in DivvyCloud Insights. Built-in DivvyCloud Insights will show "N/A" as the version. (To create a version of an existing Divvy Insight, you must first create a copy.)
- Insight versions are created by updating one of the following: the Insight Name, the Insight Description, or the labels. Changes to any other details will not create a new version.
- To select a different version, click on the Insight name to open the "Insight Report" view. In the "Results by Cloud" section, select "Version History" to view the list of available versions.
- If there are more than one version(s) available, the version that is "active" will be marked as such; clicking "Activate" will enable a different version.
Favorite indicator - Indicates whether this Insight has been flagged as a favorite. Clicking the star will toggle between choosing this Insight as a favorite (solid star) or not (outlined star). You can use this indicator to scope your Insights (see above).
- The Favorite indicator flags an Insight to display on your main DivvyCloud landing page.
Author - Indicates the creator of the Insight, all Insights included with the platform will have "DivvyCloud" listed as their author. Custom Insights will display the creator's name.
- A Note About Creating Custom Insights - It's also important to note that when creating a custom Insight, if you mark yourself as the owner, this removes the Insight for all other users.
Resources listed as 'Exempt' are harvested as any other resource scoped to a particular Insight. If exempt resources fail to meet the conditions of the Insight, however, they are not counted as "Impacted Resources".
For example, an Insight may be looking for storage containers exposing access to the public, but some of your resources are static websites which can be open to the public. Exempting those static website resources from your Insight prevents them from being included as 'impacted', i.e., giving false positives on your report.
Selecting the checkbox for one or more individual Insights enables the "Action" button from which you can:
- Edit metadata. Edit metadata for the selected Insight.
- Set severity. Edit severity for the selected Insight.
- Add to pack. Allows you to add the selected Insight to an existing pack.
- Add to Favorites. Adds the Insight to your list of Favorites.
- Remove from Favorites. Removes the Insight from your list of Favorites.
- Delete. Deletes the Insight (with verification).
- Clone. Creates a copy of the selected Insight. Note: Cloning is only available for Custom Insights.
Note: Some actions, like editing metadata or setting severity, will require specific permissions.
Metadata allows you to annotate Insights associated with an Insight pack and only relates to Insights within packs.
For example, if your organization uses a particular Insight within a pack to verify your resources' adherence to a specific organization policy, e.g., "AcmeCorp Policy 7A.1", you may modify the metadata for this Insight to read "AcmeCorp 7A.1".
Clicking on an individual Insight name in the library listing will open the Insights Report. Here you can view:
- Results by Cloud - a breakdown of impacted resources for this Insight by cloud.
- Insight Information - an overview of the Insight, including specific compliance frameworks associated with this Insight, included filters, and (where applicable) suggested remediation and recommended bot workflow for remediation.
- (Noncompliant) Resource Totals - a time series display of noncompliant resources by cloud; here, you are looking for a downward trend in the number of noncompliant resources as you take actions (use bots) to remediate.
- Bot Lifecycle Actions - displays the previous week's worth of bot actions taken against this Insight. Typically you should see a correlation between bot actions taken and decrease in number of noncompliant resources.
While DivvyCloud includes an extensive library of Insights to work with directly out of the box, users can also create custom Insights.
To create a custom Insight, you will need to start from the Resources Page, available under Resource → Resources on the main navigation panel.
- Select the resource you want your Insight to apply to using the drop-down at the top of the page.
Click on Scopes (the cloud shaped button next to the drop down resource list) on the top right to narrow your scope as desired (to select specific Clouds or Resource Groups). (Optional)
Click on Filters to browse and select your desired Filters (configuration will vary based on the filter type).
- The Resource view will update as you select and apply the filters, including a total count of filters applied.
- Once you are satisfied with the filters you have selected, click on the Save Insight button to create your new custom Insight. Complete the following as desired:
- Insight Name
- Insight Description
- Any labels
- Mark yourself as the owner
- Mark the Insight as a favorite
- Limit Resource Types (or modify the list)
A Note About Creating Custom Insights - It's important to note that when creating a custom Insight, if you mark yourself as the owner, this removes the Insight for all other users.
- Click Submit to complete the creation of your Custom Insight.
Once saved, your Insight will appear as a Custom Insight in the Insights Library. You can then use Source:Custom in the library to display only custom Insights.
If you are interested in using an existing Insight as a starting point for a Custom Insight, you can do so using either a DivvyCloud standard Insight or a Custom Insight. Refer to the steps below to create a new Custom Insight from an existing Insight.
From "Security --> Insights" on the Insight Library tab, select an Insight (click on the name) to view the Insight Report page.
Select one of the cloud accounts to open the filtered Resource View.
Make modifications as desired to Scope or Filters.
Changes will enable the "Save Insight" button and enable you to create a new Custom Insight.
If you are interested in using an Existing Custom Insight as a starting point for a new Insight, you can clone that Insight. Note, that the clone action is not available for DivvyCloud standard Insights.
From "Security --> Insights" on the Insight Library tab, select an Insight (click on the name) to view the Insight Report page.
Locate the Custom Insight you would like to clone and click the box to the left of the name.
From the Actions menu above the list of Insights, select Clone.
- Note this can be performed for multiple Insights at the same time.
- Your new cloned Insight will be added to the Insight Library using the existing name with (Clone) appended to the name (e.g., "Service Encryption Key Expired or Expiring Soon (Clone)").
The ability to edit an Insight is only available for Custom Insights and different components are editable through different options.
These steps allow you to edit the name, description, severity, and ownership of an existing Custom Insight.
Navigate to "Security --> Insights" and on the Insights Library tab, locate the Insight you want to modify.
Click on the Insight name to open the Insight Report view.
Select the "Edit" button in the "Results by Cloud" content area.
- Modify the Custom Insight and select "Submit" once you have made the desired changes.
Note: If you mark yourself as the Insight owner, this insight will NOT be visible to any other users.
If you are interested in modifying the scope or filters of an existing custom Insight to make permanent changes to that Insight, you must "record the changes".
Refer to the following steps:
- Open a Custom Insight and then locate the Impacted Resources column; clicking on the Impacted Resources count navigates to a filtered page displaying the resources that apply to the Insight.
- One of the options on this page under "Actions" is Record Changes and there are two things you should know about this feature.
First, once you are on this page, if you choose to make changes to the scope or filters without selecting Record Changes, effectively you are modifying a Resources view.
- You will not be able to save modifications to the Custom Insight you started with.
- Any changes made from this view will allow you to create a new Insight, but you're effectively starting from scratch to create a brand new custom Insight.
Second, once you are on this page, if you want to edit or modify the existing Custom Insight, you must first click on the Record Changes button before you select any new scope or filtering.
- This will provide you a confirmation that changes are being recorded and enable a Save Changes button (rather than Save Insight).
- Click on Save Changes to keep any changes to the custom Insight.
DivvyCloud's Insights, in addition to being applied individually, are also organized in two types of Insight Packs.
- Compliance Packs are pre-built Insight Packs that ship with DivvyCloud's platform and typically revolve around industry security and compliance standards.
- Custom Packs are Insight packs built from your specific requirements. Custom Packs can be based on an existing pack (copying and modifying an existing Compliance Pack) or from a selection of filtered resources.
From the Insights landing page, users can select either the "Compliance Pack" tab or the "Custom Packs" tab to view/access Insight Packs in these two categories.
Updated about a month ago