This page is a quick reference to answer common questions related to InsightCloudSec Insights. An Insight (located under "Security --> Insights") is a check built from a filter or filters, on a specific behavior, condition, or characteristic of a cloud resource.
If there's a topic or question you think belongs here that you don't see - we want to know! Reach out to the team through the Customer Support Portal with questions or to submit recommendations.
- From Resources, select a target Resource, use the "Filters" option, at the top right of the resources page, and select any one or more filter(s) you want to apply to the selected resource. Choosing a resource narrows the filters automatically to display only those that apply.
- This "filtered" resource view updates to include a "Save Insight" button.
- You also have the ability to use an existing Insight as a starting point. You can clone a Custom Insight directly, or use the "Record Changes" option to create a modified Insight with any Insight as the starting point.
Only custom Insights (or those not included out-of-the-box) can be cloned. From the "Insight Library" ("Security --> Insights") select the checkbox to the left of the Insight name. Select the "Actions" button and scroll to the "Clone" option on the actions menu.
Filters are listed on the "Insight Report" details, in the Insight information panel. Scroll to the bottom of that content pane to view the list of filters.
This is the best option if you want to use an out-of-the-box Insight as a starting point to create your own.
To modify the scope or filters of an existing custom Insight to make permanent changes to that Insight, you can "record the changes".
Open a Custom Insight and then locate the "Resource Breakdown" column; clicking on the "Findings/In Scope" count navigates to a filtered page displaying the resources that apply to the Insight.
Once you are on this page, if you want to edit or modify the existing Custom Insight, you must first click on the "Record Changes" button before you select any new scope or filtering.
Refer to the complete instructions here.
Exemptions are Insight-driven. Refer to Exemptions (Insights) for detailed documentation on this capability.
You have two options.
Option 1: From the Insight Report view of a selected Insight under the "Results by Cloud" select view all or;
Option 2: Select the "Findings/In Scope" count
Either of these selections will open a filters view of applicable resources. From this view, select the box next to the target resource, and click on the "Add Exemption" button.
From the Insight Library, select the box next to the target Insight to enable the "Actions" menu. Click "Actions --> Set severity". Select a severity or "Default" to reset the severity to its original value, then click "Update Severity".
Check out the full list of actions here.
For Insight Findings, Insights associated with cloud accounts which are in a paused state are not evaluated during hourly Insight scans. This configuration allows the system to align with Bots which have skipped paused clouds for the past year. It will affect Insight calculations (e.g. Findings) if the paused clouds are in scope of the Insight.
Updated over 1 year ago