InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Microsoft Azure Features

Overview of InsightCloudSec Capabilities After Connecting Your Azure Cloud Accounts

❗️

Critical Azure Vulnerability

To help support our customers with their OMIGOD investigation and remediation efforts, InsightCloudSec now captures the Azure OMS extension version. As of September 18th, 2021, Microsoft released version 1.13.40 of the software agent which patches the vulnerability (CVE-2021-38647). The Insight Compute Instance Running Vulnerable Version of OMS will identify Azure Virtual Machines running a version of the OMS extension that is vulnerable to OMIGOD.

If you have questions or concerns reach out to us at [email protected].

Overview

The following page includes summary details on additional features around supported capabilities in InsightCloudSec that are specific to Microsoft Azure.

For general information on support for all Cloud Service Providers, check out our Resources pages.

As always, if you have any questions you can reach out to us through [email protected].

Azure Resource Locking

Azure resource locking enables you to prevent other users in your organization from accidentally deleting or modifying critical resources by locking access. In InsightCloudSec, this capability applies to most supported top-level Azure resources. Note that in some scenarios InsightCloudSec represents certain resources as top-level even though they are not top-level within Azure (e.g., storage containers).

  • InsightCloudSec supports Azure resource locking on every Azure resource we support with this capability.
  • If you have specific questions on this capability or a supported Azure resource, reach out to [email protected].

Prerequisites

  • A functional InsightCloudSec installation
  • Appropriate Azure permissions for resources you want to modify
  • The Microsoft.Authorization/locks/read permission, required for harvesting the lock information from Azure

Enabling/Disabling Azure Resource Locking

Enabling resource locking is only available through the Azure Console. Details about this are available here.

You can also disable or delete resource locking through the Azure console and through the InsightCloudSec UI. This capability is available in InsightCloudSec under the individual resource property, as shown below.

Delete Resource LockDelete Resource Lock

Delete Resource Lock

View Resource Locking

Details on a locked Resource can be viewed individually through resource properties for supported resources.

In addition, users can take advantage of the Resource Has Azure Lock Filter to build Insights or Bots around this capability.

Azure Security Pack

The Azure Security Pack is our first step to align with Azure Security Center (ASC) Recommendations. ASC Recommendations are the backbone of several features and services within Azure to include Azure Advisor, ASC Secure Score, and ASC Regulatory Compliance.

Prerequisites

Before you get started with this pack, you will need to have the following:

  • A functioning InsightCloudSec installation
  • The appropriate permissions to apply this pack to your desired infrastructure
  • Familiarity with your organization’s security requirements

Pack Summary

The first edition of this Compliance Pack includes 38 Insights. Four of the Insights cover eleven ASC recommendations, so the pack covers a total of 45 ASC Recommendations. It includes checks around issues like:

  • Only secure connections to your Redis cache should be enabled
  • System updates on virtual machine scale sets should be installed
  • Deprecated accounts should be removed from subscriptions
  • Authorized IP ranges should be defined on Kubernetes Services

In addition, our subsequent releases will continue to update the pack as more Filters and Insights are available. Note: If you have specific questions on this capability or a supported Azure resource, reach out to [email protected].

Updated 4 days ago

Microsoft Azure Features


Overview of InsightCloudSec Capabilities After Connecting Your Azure Cloud Accounts

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.