Take Me to the Docs!API ReferenceRelease NotesSupport Portal
Contact Us

Insights - Quick Reference

A Quick Reference Guide for InsightCloudSec Insights

Suggest Edits

This page is a quick reference to answer common questions related to InsightCloudSec Insights. An Insight (located under "Security --> Insights") is a check built from a filter or filters, on a specific behavior, condition, or characteristic of a cloud resource.

If there's a topic or question you think belongs here that you don't see - we want to know! Reach out to the team through the Customer Support Portal with questions or to submit recommendations.

For detailed information refer to Insights, and Filters.

How do I create my own Insight?

  • From Resources, select a target Resource, use the "Filters" option, at the top right of the resources page, and select any one or more filter(s) you want to apply to the selected resource. Choosing a resource narrows the filters automatically to display only those that apply.
    • This "filtered" resource view updates to include a "Save Insight" button.
    • You also have the ability to use an existing Insight as a starting point. You can clone a Custom Insight directly, or use the "Record Changes" option to create a modified Insight with any Insight as the starting point.
1396

Saving an Insight

Can I clone/edit/modify an existing Insight?

Only custom Insights (or those not included out-of-the-box) can be cloned. From the "Insight Library" ("Security --> Insights") select the checkbox to the left of the Insight name. Select the "Actions" button and scroll to the "Clone" option on the actions menu.

Where can I see the Filters that were used to create an Insight?

Filters are listed on the "Insight Report" details, in the Insight information panel. Scroll to the bottom of that content pane to view the list of filters.

This is the best option if you want to use an out-of-the-box Insight as a starting point to create your own.

2434

Insight - List of filters

Can I reset an Insight (e.g., modify the scope or filters)?

To modify the scope or filters of an existing custom Insight to make permanent changes to that Insight, you can "record the changes".

Open a Custom Insight and then locate the "Resource Breakdown" column; clicking on the "Findings/In Scope" count navigates to a filtered page displaying the resources that apply to the Insight.

Once you are on this page, if you want to edit or modify the existing Custom Insight, you must first click on the "Record Changes" button before you select any new scope or filtering.

Refer to the complete instructions here.

How do I create an Exemption?

Exemptions are Insight-driven. Refer to Exemptions (Insights) for detailed documentation on this capability.

You have two options.

Option 1: From the Insight Report view of a selected Insight under the "Results by Cloud" select view all or;

Option 2: Select the "Findings/In Scope" count

Either of these selections will open a filters view of applicable resources. From this view, select the box next to the target resource, and click on the "Add Exemption" button.

1391

Add an Exemption

Can I change an Insight's severity?

From the Insight Library, select the box next to the target Insight to enable the "Actions" menu. Click "Actions --> Set severity". Select a severity or "Default" to reset the severity to its original value, then click "Update Severity".

Check out the full list of actions here.

General FAQ

Insight Findings

For Insight Findings, Insights associated with cloud accounts which are in a paused state are not evaluated during hourly Insight scans. This configuration allows the system to align with Bots which have skipped paused clouds for the past year. It will affect Insight calculations (e.g. Findings) if the paused clouds are in scope of the Insight.

Updated over 1 year ago