An insight is a specific behavior, condition, or characteristic of a cloud resource. Using insights to view all of your clouds provides an in-depth understanding of your infrastructure's security, compliance, optimization, or other characteristics that you specify. Insights can be used to report on resources, or to instruct bots as to which resources require actions. Tracking insights over time gives great visibility to your most important issues. Some examples of common insights include:
- Storage Container Exposing Access to the World
- Database Instance Publicly Accessible
- Volume Encryption Not Enabled
Insights can be used individually or in packs. DivvyCloud comes with a library of nearly 300 individual insights into potential security or compliance issues, best practices, and optimizations. DivvyCloud also comes with more than a dozen industry-regulation Compliance Packs for CIS, ISO 27001, NIST 800-53, and others.
You can also create your own insights--and insight packs--for specific application to your organization. You can create these from scratch or from existing insights or insight packs that you use as templates for your customizations.
The Insights main page is accessed under Security from the left-side navigation menu.
The Insights Library is the default view on the Insights main page. You can also select the Library tab on this page to display the library.
DivvyCloud's Insights Library contains nearly 300 individual insights. In the library, you can view all available insights at once, or you can limit your view by choosing to look only at insights for particular cloud providers, insights marked as favorites (by checking the Only Favorites box), insights marked as failed (by checking the Only Failed Insights box), or by choosing the insights' Scope or Source (All, DivvyCloud, Custom).
Each line in the insights listing provides multiple options for obtaining details about or taking actions on your insights. These options are described below.
Checkbox - Selects a specific insight for further inspection or action. Checking here activates the Action menu for this insight. (See Action menu description.)
Create a bot - (Wrench icon) Allows creation of a bot linked to the selected insight. See BotFactory.
Edit exemptions - (Triangle menu icon) Allows addition or removal of Resource Groups (and their component resources) as exceptions for this insight. See "Exemptions" callout below.
Insight name - Clicking it opens the insights report for the selected insight. See Insights Report.
Impacted Resources - Indicates whether any (red "!") or no (green "check") resources fail to meet the requirements of the selected insight; also displays the number of resources (out of total resources) failing to meet the conditions of the selected insight. Clicking the blue number opens the Resources page showing details for the impacted resources.
Exempted Resources - Gives the number, if any, of exempted resources for this insight. Clicking the number opens the Resources page showing details for the exempted resource. See also the Exempted Resources callout below.
Number of bots - If at least one bot is associated with this insight, the number of associated bots will appear in blue. Clicking on the number will open the BotFactory Listing page, detailing all of the bots linked to the selected insight.
Severity - Shows color-coded severity indicator for selected insight: Minor (teal), Moderate (purple), Major (yellow), Severe (orange), and Critical (red).
Favorite indicator - Indicates whether this insight has been flagged as a favorite. Clicking the star will toggle between choosing this insight as a favorite (solid star) or not (outlined star). You can use this indicator to scope your insights (see above).
Resources listed as 'Exempt' are harvested as any other resource scoped to a particular insight. If exempt resources fail to meet the conditions of the insight, however, they are not counted as "Impacted Resources".
For example, an insight may be looking for storage containers exposing access to the public, but some of your resources are static websites which can be open to the public. Exempting those static website resources from your insight prevents them from being included as 'impacted', i.e., giving false positives on your report.
Selecting the checkbox for one or more individual insights enables the Action button from which you can:
- Edit metadata. This feature requires you have appropriate permissions.
- Set severity. This feature requires you have appropriate permissions.
- Add to pack. Allows you to add the selected insight to an existing pack.
- Add to Favorites. Adds the insight to your list of Favorites.
- Remove from Favorites. Removes the insight from your list of Favorites.
- Delete. Deletes the insight (with verification).
- Clone. Creates a copy of the selected insight.
The Insights Library: Actions on Insights From the Actions Menu
Metadata allows you to annotate insights associated with an insight pack. NOTE: Metadata only relates to insights within packs.
For example, your organization uses a particular insight within a pack to verify your resources' adherence to a specific organization policy, e.g., "AcmeCorp Policy 7A.1". You might then edit the metadata for this insight to read "AcmeCorp 7A.1".
Ordering your Insight Listing
You can reorder your insight listing by clicking the up arrow that appears as you hover your cursor over a column heading.
For example, clicking a down arrow next to 'Impacted Resources' will order the insights in descending order by the number of resources impacted; clicking an up arrow next to 'Severity' will order the insights from least severe to most severe.
Clicking on an individual insight name in the library listing will open the Insights Report. Here you can view:
- Results by Cloud - a breakdown of impacted resources for this insight by cloud.
- Insight Information - an overview of the insight, including specific compliance frameworks associated with this insight, included filters, and (where applicable) suggested remediation and recommended bot workflow for remediation.
- (Noncompliant) Resource Totals - a time series display of noncompliant resources by cloud; here, you are looking for a downward trend in the number of noncompliant resources as you take actions (use bots) to remediate.
- Bot Lifecycle Actions - displays the previous week's worth of bot actions taken against this insight. Typically you should see a correlation between bot actions taken and decrease in number of noncompliant resources.
Insights Report: Results by Cloud and Insight Information
Insights Report: Noncompliant Resource Totals and Bot Lifecycle Actions
To modify existing insights or create custom insights, use the Resources page. (See also Resources: Modifying and Saving Insights.) On the Resources page you can scope resources; you can also add, delete, or modify filters linked to your scoped resources. You can then save your insight, giving it a name, description, a severity level, and marking it as a favorite.
Once you’ve saved your insight, it will appear as a Custom Insight in the Insights Library. You can then use Source:Custom in the library to display only custom insights.
DivvyCloud features insight packs--collections of related insights--that allow you to quickly confirm your organization’s compliance with industry requirements and standards. The Compliance Packs tab on the Insights main page displays more than a dozen prepackaged insight packs focused on various regulatory frameworks, including the CIS Benchmark, NIST 800-53, and ISO 27001.
These compliance packs display in card format; each card provides a brief description of the pack's contents, and notes the number of insights in the pack.
You can view details of any pack by clicking on its card. This will take you to the Insights Library, listing the individual insights included in the pack. (See Library above.)
Also on each card shown for Compliance Packs, you have the following options:
- Show Charts
- Run On-demand Email Reports
- Manage Subscriptions
- Manage Export Configuration Links
- Toggle Pack Visibility
The Show Charts icon (the bar chart icon) takes you to a summary page of dynamic charts that allow you to view:
- A time series (up to 90 days) plot of total noncompliant resources; ideally, you will see this trending down as you take actions to resolve compliance issues
- Noncompliant resources as a percentage of total resources associated with this insight pack
- Percent of total noncompliance contributed by component clouds associated with this pack
- Noncompliant resources as a percentage of total resources within individual clouds associated with this pack
To run an on-demand report on a specific insight pack, click the envelope icon. Here you will see a list of all subscribers to reports on this insight pack. Choose the subscribers who will receive this on-demand report.
Subscribers will receive an email with a breakdown of all the insights that pertain to the selected insight pack. This report also includes:
- The number of noncompliant resources over total resources over each of the previous 3 days
- A brief description of the compliance rule(s) which this insight validates
You can include your auditors in the email list, so they can view the control item number (or compliance rule) that directly correlates with each insight.
An Example On-Demand Email Report
You can manage subscriptions to insight pack reports from the Manage Subscriptions icon. Here your options are:
- Manage - edit or delete an existing subscription
- Add Subscription - create a new subscription
- Export - select a subscription to which insight findings will be exported
- New Export Config - create a new export configuration
Here you can add, edit, and otherwise manage export configuration links for exporting data. You can also read more about Compliance Exporting here.
This option allows you to disable and hide an entire Compliance pack from your organization. You must confirm this selection. To unhide and re-enable the pack, uncheck the Hide Disabled Packs checkbox on the main page and toggle the Compliance pack's visibility back On.
Toggle Visibility applies to a single pack and a single organization. Enabling a pack as "Global" (see below) relates to a single pack across all child organizations.
Custom Insight Packs are exactly as the name states, they provide users with the ability to create a custom list or "pack" of Insights that can be applied together to any resources in DivvyCloud.
A Custom Insight Pack can be organized to provide targeted visibility into a testing environment, to expose custom compliance or security concerns, or to combine important Insights in your environment for the best possible visibility into your specific cloud resources.
Custom Insight Packs are displayed on the Custom Packs tab on the Insights main page.
Actions Available for Custom Packs include:
- Show Charts and Send On-Demand Reports
- Manage Subscriptions
- Toggle Pack Visibility
- Edit (pencil icon)
- Delete (trashcan) - Custom Packs are only deleted after verification.
Attribution or "Created By" information for any Custom Pack is populated based on the user who created the pack (e.g., whoever was logged in and completed the "Create Pack" process).
The Custom Insight Pack feature allows users to create custom packs based on entire existing packs. For example, if you want to make a custom pack that includes many Insights from the HIPAA compliance pack, you can use the HIPAA pack’s library view and choose as many Insights as you want to add to your own custom pack.
To create your own Custom Insight Pack:
1. From the Insights page, click "Create Pack".
2. In the "Create Insight Pack" dialog window you will:
- Name your pack (up to 64 characters)
- Give your pack a description
- Associate the pack with a base pack (optional); this allows you to create a custom pack based on an existing Compliance pack
- Associate the pack with badges (optional)
- Check "Global Pack" to allow all of your child organizations access to this pack; the pack can only be managed by the parent organization (optional)
- Provide the url for a logo to personalize your pack (optional)
3. Select "Submit" when finished.
Creating a Custom Insight Pack
4. Once your pack is created, it will appear as a card on the Custom Packs tab on the Insights main page. It will include your username (as Created By) and initially show "0 Insights" associated with it.
Newly-created Insight Pack with 0 Insights
5. To add Insights, go to the "Insights Library".
6. Select the Insights you would like to add to your custom pack.
- Selecting an Insight activates the ACTION button.
7. Click the ACTION button and choose “Add to Pack”. Select your custom pack from the list to add your selected insights.
8. Your custom pack will now appear on the "Insights: Custom Packs" page with the selected Insights.
Newly-created Insight Pack with Insights Added
Updated about a month ago