InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Key Features

High-level Summaries of InsightCloudSec Features

👍

Rebranding in Progress

Rebranding for DivvyCloud, now InsightCloudSec is ongoing. Logos, URLs, text, and images may reference either InsightCloudSec or DivvyCloud.

The most important thing to note is that the product functionality has remained the same. If you have any questions or concerns reach out to [email protected].

Overview

If you're just getting to know InsightCloudSec, or are interested in learning more outside of our FAQ, it's important to know a bit more about our Key Features.

This page provides high-level summaries of some of the capabilities that make InsightCloudSec such a great product. Check out the image below to get an idea of the relationship between some of the main capabilities within InsightCloudSec.

InsightCloudSec Capabilities OverviewInsightCloudSec Capabilities Overview

InsightCloudSec Capabilities Overview

If you have questions, we'd love to hear from you! Reach out to us through [email protected] and, for a time, through [email protected].

Harvesting & Event-Driven Harvesting

Harvesting is the term we use to describe how InsightCloudSec collects data from the cloud providers. Regular harvesting is done using standard polling on a schedule. You can customize that schedule—by service, region, and account—to set how often InsightCloudSec polls for data.

In addition, InsightCloudSec offers advanced harvesting through Event-Driven Harvesting (EDH). This capability is used to augment standard polling-based harvesting and pulls data from AWS CloudWatch Events and AWS CloudTrail into a central Eventbus for InsightCloudSec's consumption. (This feature is currently in development for Azure).

EDH's dynamic approach to data collection not only improves the cadence for providing resource visibility and opportunities for remediation but also enriches the data with lifecycle changes that enable auditing capabilities. With EDH-provided data, identifying how a resource entered a noncompliant state becomes much easier at scale.

Resources

After connecting your cloud accounts and allowing InsightCloudSec to harvest your data, the platform will contain information about all of your resources. In InsightCloudSec all services, utilities, or functions that make up your cloud are managed as Resources. Regardless of the Cloud Service Provider (CSP), e.g. AWS, Azure, GCP, etc., we use normalized terminology to provide a single unified display of all of your cloud resources.

  • For example, a "Storage Container" in InsightCloudSec includes: AWS’ S3 Bucket, GCP’s Cloud Storage, Azure’s Blob Storage Container, or Alibaba’s Object Storage Bucket.

This integrated section of the platform is broken into five categories of Resource Types: Compute, Network, Storage, Identity & Management, and Containers. It includes detailed information on individual resources and a number of options to scope or filter the view based on your requirements.

Filter & Insights

A Filter specifies a condition that InsightCloudSec uses to search and identify a resource or resources. Our Filters library is continuously growing.

  • An example filter: ‘Resource is not encrypted’.

An Insight is a check on a specific behavior, condition, or characteristic of a cloud resource that is built from Filters. For example the Insight "Instance Exposing Public RDP Instance With Public IP Attached" uses the following filters to identify applicable resources:

  • Instance Exposing Public RDP
  • Instance With Public IP Attached

Insights can be defined around an individual resource or resource type or focus on specific characteristics or configuration issues. Some examples of common Insights include:

  • Storage Container Exposing Access to the World
  • Database Instance Publicly Accessible
  • Volume Encryption Not Enabled

Insights can also be combined into packs and are available as Compliance Packs--preassembled packs of Insights built around specific objectives or compliance standards--and as Custom Packs, which are designed and architected based on customer-defined requirements.

Bots

In InsightCloudSec, a Bot (short for "robot"), is an automated program that executes a user-defined action or actions on resources according to user-defined conditions. Bots use your resources and InsightCloudSec's filters and Insights to help you narrow the scope of analysis and give you the ability to answer specific questions for your Bots to take action on.

For example a Bot called "Snapshots Publicly Available" may be configured to identify Snapshots that are accessible to the public (snapshot, database snapshot). Many dramatic data leaks are related to snapshots and/or storage containers with buckets available to the public.

This Bot would have the following configuration:

  • Scope: "Instances"
  • Filters: Resource is Exposed to Public & Snapshot Accessible to Public (works with Snapshot and DB Snapshot)
  • Actions: Action 1 - Send a Slack message / Action 2 - in 72 hours schedule deletion

Take a look at more examples on our Working with Bots (Best Practices & Examples) page.

Additional capabilities around Bots/automation include support for Jinja2 and numerous Integrations with third party tools, including Jira, ServiceNow, InsightIDR, and InsightVM.

Visualizations & Reporting

InsightCloudSec includes a number of tools and features designed to help you get the most out of the data captured within the platform.

  • The main landing page, or Summary page, provides an excellent snapshot of the previous day's compliance data.

  • Visit the Compliance Scorecard for a customizable real-time heatmap-style visual as well as summaries and histories of noncompliant resources. These visuals allow you to readily see where resources are failing these compliance checks.

Infrastructure as Code (IaC)

By taking advantage of IaC's ability to describe resources without creating them, InsightCloudSec's IaC Security feature enables organizations to implement security controls earlier in their continuous integration/continuous delivery (CI/CD) pipeline (shifting left). It also provides an opportunity to address compliance and security concerns before deployment or modifications are made to your cloud infrastructure. IaC Security is able to leverage the extensive Insights library so users can get started quickly and see immediate value using built-in packs or customer-created packs.

Check out the IaC Security Overview to learn more about the great feature.

IAM Cloud Governance (Access Explorer)

InsightCloudSec’s Cloud IAM Governance add-on module (through Access Explorer) enables organizations to manage IAM challenges across the full scope of their cloud footprint. Within AWS there are five different ways to specify or grant access to an individual resource. Attempting to track these various methods of access across dozens of resource types through separate console interfaces with differing structures is a time-consuming and error-prone process. Access Explorer gives you the ability to pull all of this information into a single interface. This capability dramatically improves visibility across your entire cloud, ensuring access defined around users and associated resources are accounted for.

Check out the Cloud IAM Governance - Access Explorer section of our documentation to learn more about this Add-On Module.

Updated 2 months ago

Key Features


High-level Summaries of InsightCloudSec Features

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.