InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Network Resources

Summaries and Attributes of InsightCloudSec Network Resources

Network resources are available in InsightCloudSec as the fourth section (tab) under the Resource landing page. These resources are related to network functionality and include resources like load balancers, route tables, and internet gateways.

Network resources are displayed alphabetically using the InsightCloudSec normalized terminology. Hovering over an individual resource provides the CSP-specific terminology with the associated logo to help users confirm the displayed information. For example in InsightCloudSec a Network refers to Amazon "VPC", Azure's "Virtual Network" and Google's "VPC", etc.

For a detailed reference of this normalized terminology check out our Resource Terminology.

🚧

A Note About Resource Attributes

A large number of Resource Attributes are offered for the resources outlined here. Because we are continuously expanding our supported resources the attributes and details included here can not be guaranteed to include every resource or every attribute.

If you need information about the attributes of a particular resource we are happy to help get those details for you - reach out to [email protected] with any questions!

Access List

Access Lists are used to protect any ingress/egress traffic to cloud resources (e.g. Security Groups/NACLs).

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

access_list_id

The provider ID of the access list

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region in which the access list resides

access_list_type

The security Group or NACL

name

The name of the access list

parent_resource_id

The resource ID of the parent network

creation_date

The date resource was created

description

The description of the Access List

default_acl

Boolean value denoting if the access list is provider default

association_count

The number of resources the resource access list is associated with

Access List Flow Logs

Access List Flow Logs (Azure NSG Flow Logs) allow users to log information about IP traffic flowing through a Network Security Group (e.g. Azure NSG). Data that is logged is stored and can be exported.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region in which the access list resides

name

The name of the Access List Flow Log

namespace_id

The fully qualified ID of the resource, including the resource name and resource type

provisioning_state

The provisioning state (e.g., succeeded) of the Access List Flow Log

target_resource_id

The Access List Flow Log target resource identifier

storage_id

The Access List Flow Log storage identifier

retention_enabled

Boolean value denoting if retention is enabled

retention_time

The Access List Flow Log retention time (in days)

traffic_analytics_enabled

Boolean value denoting if traffic analytics is enabled

traffic_analytics_interval

Traffic interval in minutes which specifies how frequently TA service should do flow analytics

Access List Rule

Access List Rules are Ingress/Egress traffic rules for Security Groups/NACLs. They contain basic information about a single rule entry in an access list resource.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

rule_id

The provider ID of the access list rule

organization_service_id

The ID of the parent organization service (cloud)

parent_resource_id

The resource ID of the parent service access list rule

access_list_name

The name of the parent access list

region_name

The region the rule resides in

name

The name of the Rule

rule_action

Denotes if traffic is allowed or denied

direction

The direction of traffic (ingress or egress)

priority

The rule priority, applies to type network ACLs only

ip_protocol

The protocol to which this rule applies (TCP, UDP, ICMP)

source_from_port

The Source Port Range :The start of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

source_to_port

The Source Port Range : The end of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

destination_from_port

The destination Port Range : The start of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

destination_to_port

The destination Port Range: The end of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

icmp_code

The number denoting ICMP code

icmp_type

The number denoting ICMP type

source_network

The source network ID

source_network_from_ip

The start of IP range associated with source network.

source_network_to_ip

The end of IP range associated with source network

destination_network

Denotes the type of network

destination_network_from_ip

The start of the IP range associated with destination network

destination_network_to_ip

The end of the IP range associated with destination network.

is_temporary

The bool for true/false.

schedule_data_create_rule

Denotes association of a create rule.

schedule_data_delete_rule

Denotes association of a delete rule

scheduled_event_id_create_rule

The event id of a create rule execution

scheduled_event_id_delete_rule

The event id of a delete rule execution

Application Gateway

An Application Gateway is an application program that runs on a firewall system between two networks, for example an AWS API Gateway.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

api_id

The API identifier

name

The name of the API

description

The description of the resource

version

The version of the application gateway

creation_date

The date the API was created

api_key_source

The API key source

endpoint_configuration

The endpoint configuration of the API

policy

The policy associated with the application gateway

trusted_accounts

The list of trusted accounts

Application Gateway Domain

An application gateway domain is a domain name typically designated and configured for use with an API Gateway. An example of this type of resource is AWS API Gateway Domain.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region in which the application gateway domain resides

domain_name

The domain name of the application gateway domain

certificate_arn

The certificate arn for the application gateway domain

endpoint_type

The endpoint type (e.g., 'edge', 'regional') for the application gateway domain

security_policy

The security policy for the application gateway domain (e.g., 'TLS_1_0', 'TLS_1_2')

version

The version of the application gateway domain (e.g., 'v2')

Application Key

Application Keys or AWS API Gateway keys are alphanumeric string values that you distribute to application developer customers to grant access to your API.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

key_id

The provider id for the encryption key

name

The name of the REST API Key

customer_id

The customer id of the API key

description

The description of the resource

enabled

Denotes whether or not the secret is enabled

creation_date

The time the REST API Key was created

last_updated

The time the REST API Key was last updated

Application Stage

In AWS the Application Stage, or the APT Gateway Stage is a resource (often used in CloudFormation templates) to create a stage for a deployment.

Attribute

Description

resource_id

primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

stage_id

The ID of the application stage

parent_resource_id

The ID of the parent resource

name

The name of the application stage

gateway_name

The name of the associated gateway

description

The description of the resource

certificate_id

The certificate value

cache_cluster_size

The size of the cache data if its enabled

cache_data_encrypted

Denotes whether or not cache data is encrypted

access_logging

Denotes the stage logs access requests

tracing_enabled

Boolean value to denote if tracing is turned on or off

web_acl_id

The value for the web access control list

creation_date

The date when resource was created

last_updated

The date when resource was last updated

arn

The ARN being used with the corresponding resource

Backend Services

In GCP, a backend service that contains configuration values for Google Cloud Platform load balancing services.

Attribute

Description

resource_id

primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

name

The name of the Backend Service

kind

The kind of backend service

storage_container_resource_id

The value for the storage container resource

protocol

The protocol of the backend service

port_name

The name of the port being used

port

The port number being used

description

The description of the resource

created_time

The time resource was created

scheme

The backend service scheme

security_policy

The security policy in use

backends

The JSON of the Backend Service

Content Delivery Network

Content Delivery Networks is a system of servers that delivers content to users based on geographic location. This class inherits from TopLevelResource and has direct access to the resource's database object.

Attribute

Description

resource_id

primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The identifier of the parent organization service (cloud)

distribution_id

The provider given of the CDN

domain_name

The name of the domain being used with by the reousrce

alternate_domain_names

The alternate domain names that can be used with resource

delivery_method

The delivery method of the CDN (web, RMTP, etc)

root_object

The object you want the CDN to request from your origin

status

The status of the CDN (inprogress, deployed, etc)

state

The state of the CDN (enabled, disabled, etc)"

http_versions

The supported versions of HTTPs

https_required

Boolean value on if HTTPS is required

ipv6_enabled

Boolean value on if IPv6 is enabled in the CDN

last_modified

The date of last resource modification

log_bucket

The bucket to store logs in

origins

The location from which you want the CDN to get objects. RMPT only has one origin

origin_access_identities

The use to configure to origins so that viewers can only access objects through the CDN

security_policy

The security policy being used

certificate

The SSL certificate of the CDN

certificate_resource_id

The value for the SSL certificate of the CDN

web_acl_id

The web access lists ID of the CD

price_class

The price class. Costs vary based on performance

comment

The users can leave comments/descriptions on their CDN

arn

The ARN being used with the corresponding resource

logging

Boolean value to denote if logging is enabled or disabled

cookie_logging

The log denoting if cookies are enabled or disabled

geo_whitelist

The list of whitelisted countries to the CDN

geo_blacklist

The list of blacklisted countries to the CDN

DDoS Protection

In AWS, Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.

resource_id

primary resource identifier that takes the form of a prefix followed by numbers and letters

protection_id

The value for identifying which unique protection is being used

ref_resource_type

The resource type identifier

ref_resource_id

The value for the category of protection that is being used

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

arn

The ARN used with this resource

name

The name of the DDoS Protection resource

enabled

Boolean value denoting if resource is enabled or disabled

last_attack_start

The start time of the most recent DDoS attack

last_attack_end_time

The end time of the most recent DDoS attack

last_attack_type

The type of DDoS attack used

Direct Connect

Direct Connect is a private connection between environments to reduce network costs, increase bandwidth throughput, and provide a more consistent network experience than internet-based connections. (See AWS Direct Connect, Azure Express Route Circuit)

resource_id

primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

the ID of the parent organization service (cloud)

region_name

The name of the region

connection_id

The value used to denote unique connection

name

The name of the direct connect resource

state

Denotes if the resource is active or inactive

location

The direct connection file is location

direct_connect_type

The type of direct connection being used

creation_timestamp

The time the direct connection was created

bandwidth

The range of frequencies for the Direct Connect

DNS Zone

DNS Zones are responsible for housing all zone and record information associated for a particular zone. This resource inherits from Resource and has direct access to the resource’s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

id

The provider ID of the zone

domain

The domain that the zone controls

comment

The descriptive comment about the zone

private_zone

Denotes whether or not this is a private zone

records

The listing of DNS records associated with this zone

networks

The listing of private networks that are associated with this zone

dns_security

The JSON of the DNS Security policy

class DivvyResource.Resources.dnszone.DnsZone(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

dns_zone

static get_db_class()

get_domain()
Retrieve the domain of the DNS zone.

get_networks()
Retrieve the networks associated with a private zone.

get_private_zone()
Retrieve the value of the private zone boolean.

static get_provider_id_field()

get_resource_name()

static get_resource_name_field()

static get_resource_type()

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

top_level_resource = True

zone_id

Forwarding Rules

Forwarding rules or in the case of Azure, a Load Balancer rule, is used to define how traffic is distributed to the VMs. (See also GCP's Load Balancer Forwarding Rules).

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

name

The name of the Forwarding Rule

load_balancer_resource_id

The load balancer resource identifier

target_proxy_resource_id

The target proxy resource identifier

ip_address

The unique internet protocol address of the machine

ip_protocol

The ip protocol used

ip_version

The ip version used

network_tier

The network tier

description

The description of the resource

created_time

The time port forward rules were created

scheme

The forwarding rule scheme

Global Load Balancer

A global, scalable entry-point that uses a global edge network to create fast, secure, and widely scalable web applications (e.g., Azure Front Door).

Attribute

Description

name

The name of the global load balancer

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

global_load_balancer_id

The provider ID of the global load balancer

region_name

The region that the instance resides in

state

The state of the global load balancer (e.g., Enabled)

all_session_affinity_enabled

An indicator of the enabled status of "all session affinity" of the global load balancer ('0' or '1')

all_health_probes_enabled

An indicator of the enabled status of "all health probes" of the global load balancer ('0' or '1')

only_https_accepted_protocol

An indicator of the enabled status of "only https accepted protocol" of the global load balancer ('0' or '1')

only_https_forwarding_protocol

An indicator of the enabled status of "only https forwarding protocol" of the global load balancer ('0' or '1')

waf_enabled

An indicator of the enabled status of "WAF" of the global load balancer ('0' or '1')

all_load_balancers_enabled

An indicator of the enabled status of "all load balancers" associated with the global load balancer ('0' or '1')

Internet Gateway

Network Gateway resources allow communication between instances in your network and the internet. This resource inherits from Resource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

gateway_id

The unique value denoted for the internet gateway

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

name

The name of the internet gateway

network_resource_id

The unique value provided for the internet gateway resource id

state

The state of the spanner

Load Balancer

Load balancers are used in multi-tier apps to distribute load across a variety of compute instances. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the instance resides in

load_balancer_id

The provider ID of the load balancer

name

The name of the load balancer

lb_type

The type of load balancer (eg: Application, Classic, Network)

created_time

The time the resource was created

fqdn

The fully qualified domain name of the load balancer

scheme

Denotes whether or not the load balancer is public facing

arn

The ARN associated with this load balancer

attributes

The load balancer targets

networks

Returns a list of associated networks

subnets

Returns a list of subnets associated with this load balancer

instances

Returns a list of instances associated with this load balancer

access_lists

Returns a list of associated security groups

class DivvyResource.Resources.loadbalancer.LoadBalancer(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

LoadBalancer Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

classmethod filter_query_for_global_search(query, search_string)
Apply the query filters that will restrict a provided query to the provided global search string and return the modified query.
Parameters:
query (sqlalchemy.orm.query) – Original query that includes this resource type
search_string (basestring) – Single string to search for across all important text fields for this resource
Returns: Modified query including filters that match search string
Return type: sqlalchemy.orm.query

get_date_created()
Retrieve the time from the provider that this resource was created (if available).

static get_db_class()

static get_provider_id_field()

static get_resource_type()

get_supported_actions()
Retrieve all the actions which are supported by this resource.

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc)

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc)

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session This gives an opportunity for post-modification hooks

load_balancer_id

loadbalancer

top_level_resource = True

NAT Gateway

Enables instances in a private network to forward traffic to the Internet (e.g. AWS Nat Gateway VPC, GCP Cloud NAT, Azure NAT Gateway).

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

gateway_id

The service-provided ID for this NAT gateway

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

name

The name of the NAT gateway

network_resource_id

The resource ID of the network to which this NAT gateway belongs. Not used for some cloud providers

subnet_resource_id

The resource ID of the subntet to which this NAT gateway belongs. Not used for some cloud providers

network_interface_resource_id

The resource id of the network interface to which this nat gateway belongs. Not used for some cloud providers

public_ip

The public-facing internet address for this NAT gateway

private_ip

The internal address for this NAT gateway

state

The state of this NAT gateway

create_time

The creation time for this NAT gateway

Network

Logically isolated virtual environment within a Cloud Provider (AWS VPC, Azure Virtual Network, Google VPC, etc.)

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

network_id

The provider id of the network

region_name

The name of the region

name

The name of network

state

The state of the network

cidr

The limiting IP address range for the network. Apples to AWS (optional)

prefix

The optional sub-directory to begin with

user_defined

The indicator of whether this network is user defined or default

type

The network type

shared

Denotes whether or not this is a shared network

default_network

The specified default network

dhcp_options_id

The DhcpOptions ID, if applicable (AWS Only)

associations

The list of the resource IDs that are associated

Network Address Group

A Network Address Group provides visibility into defined network address prefixes (AWS Managed Prefix List, Azure IP Group).

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

name

The name of the Network Address Group

group_id

The primary group identifier that takes the form of a prefix followed by numbers and letters

state

The state of the Network Address Group

addresses

The list of addresses associated with the Network Address Group

customer_managed

Denotes whether the Network Address Group is managed by the customer

namespace_id

The ARN associated with the Network Address Group

associations

Lists the number of resources associated with the Network Address Group

Network Endpoint

A Network Endpoint endpoint enables you to privately connect your VPC to supported services. In AWS the VPC endpoint services are powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. In Azure, Service endpoints provide the ability to secure Azure service resources to your virtual network by extending VNet identity to the service.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

endpoint_id

The provider ID of the network endpoint

name

The name of the Network Endpoint

endpoint_type

The endpoint type of the resource

state

The ID of the requester VPC

service_name

The service name that the endpoint connects to

network_id

The CIDR block of the requester VPC

policy

The the IAM access policy of the resource

trusted_accounts

The trusted accounts that can interact with the peer

public_access

Denotes whether the network peer is exposed to the public

owner_id

The ID of the network endpoint owner

creation_date

The time when network endpoint was created

private_dns_enabled

Denotes whether private DNS is supported

Network Endpoint Service

Network Endpoint Services enable you to privately connect your VPC to supported provider services (AWS VPC Endpoint Services).

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

service_id

The ID for the network endpoint service

name

The local name of the network endpoint service

service_type

The type of the network endpoint service, e.g., 'interface'

state

The state of the network endpoint service, e.g., 'available'

service_name

The full name of the network endpoint service

trusted_accounts

The trusted accounts associated with the network endpoint service

publicly_accessible

An indicator of the public accessibility of the network endpoint service (''0' or '1')

acceptance_required

An indicator of whether or not VPC endpoint connection requests to the service must be accepted by the service owner ('0' or '1')

manages_vpc_endpoints

An indicator of whether the network endpoint service manages VPC endpoints ('0' or '1')

load_balancer_count

The number of load balancers associated with the network endpoint service

availability_zones

A list of availability zones for the network endpoint service, e.g., "us-east-1a"

connections

A list of key:value pairs identifying the connections for the network endpoint service, e.g., "endpoint_id:<endpoint ID>", "connection_state:available"

connections_count

The number of connections associated with the network endpoint service

Network Firewall

A managed, cloud-based network-security service that protects network resources. An example of this resource is Azure Network Firewall.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the instance resides

name

The name of the network firewall resource

firewall_id

The ID of the network firewall resource

state

The state of the network firewall resource

firewall_type

The type of the network firewall resource

zones

The zones associated with the network firewall

threat_intel_mode

The threat intel mode for the network firewall resource

dns_proxy_enabled

An indicator showing whether the DNS proxy is enabled

dns_servers

The DNS servers associated with the network firewall resource

network_resource_id

The ID for the network resource associated with the network firewall resource

subnet_resource_id

The ID for the subnet resource associated with the network firewall resource

management_subnet_resource_id

The ID for the management subnet resource

management_ip_resource_id

The ID for the management IP resource associated with the network firewall resource

namespace_id

The ID os the namespace associated with the network firewall resource

Network Firewall Rule

A network firewall rule is a firewall rule that can include NAT rules, network rules, and applications rules. An example of this type of resource is Azure Firewall Rule.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the instance resides

rule_list_resource_id

The ID of the rule list resource

rule_list_type

The rule type of the network firewall rule

name

The name of the network firewall rule

description

A description of the network firewall rule.

protocols

An array of application rule protocols for the network firewall rule

source_address_groups

An array of source address groups associated with the network firewall rule

service_tags

An list of service tags associated with the network firewall rule

destination_address_groups

A list of destination address groups associated with the network firewall rule

destination_fqdns

A list of destination FQDNs associated with the network firewall rule

translated_address

The translated address for the network firewall rule

translated_port

The translated port for the network firewall rule

Network Firewall Rule List

Firewall rule collections processed according to the rule type in priority order. An example of this type of resource is Azure Firewall Rule Collection.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the instance resides

name

The name of the network firewall rule list

firewall_resource_id

The ID of the firewall resource

list_type

The type of the network firewall rule list

priority

The priority of the network firewall rule list

action

The action type of the network firewall rule list

namespace_id

The ID of the namespace associated with the network firewall rule list

Network Flow Log

Network flow log resources store configuration and delivery information regarding traffic flows between networking components in a cloud network. This resource inherits from Resource and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region where the instance resides

flow_log_id

The provider ID of the flow log

status

The status of log delivery (active, inactive)

traffic_type

The type of traffic being logged

log_group_name

The name of the logging group

delivery_status

The logging status of the flow log (success, failed)

delivery_error

The delivery error description

creation_time

The time the flow log was created

class DivvyResource.Resources.networkflowlog.NetworkFlowLog(resource_id)
Bases: DivvyResource.Resources.resource.Resource

Network Flow Log Operations

flow_log

flow_log_id

static get_db_class()

get_parent_resource_id()

static get_provider_id_field()

get_resource_name()

static get_resource_name_field()
Network flow logs don’t have a name so we will use the log_group_name as the name.

static get_resource_type()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None, project_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

Network Interface

Network Interface resources store configuration and delivery information regarding traffic flows between networking components in a cloud network. This resource inherits from Resource Class and has direct access to the resource's database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

network_interface_id

The cloud id for the network interface

name

The name of the network interface

description

The optional description of the network interface

subnet_resource_id

The resource id for the subnet that the interface is attached

network_resource_id

The resource id for the network this interface is attached to

region_name

The name of the region

zone

The availability zone where the interface is deployed

instance_resource_id

The instance identifier that the interface belongs to

device_index

The device index of the interface

mac_address

The MAC/hardware address of the interface

private_ip_address

The Private IP address associated with this network interface

private_dns_name

The private DNS name of the interface

public_ip_address

The Public IP address associated with this network interface

public_dns_name

The public DNS name of the interface

attachment_id

The ID of the attached resource, if known

owner_id

The owner of the image

interface_type

The type of an nsx edge interface

ipv6_address

The IPv6 Address associated with this interface

source_dest_check

Denotes if source/destination checking is enabled for this device

Network Peer

Network peer resources interconnect two private networks. This resource inherits from Resource Class and has direct access to the resource’s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the network resides in

peer_id

The ID of the network

name

The name of the network

status

The state of the network peer status

requester_vpc_owner

The owner of the network requesting peering access

requester_vpc_id

The ID of the network requesting peering access

requester_vpc_cidr

The CIDR block of the network requesting peering access

accepter_vpc_owner

The owner of the network accepting the peer request

accepter_vpc_id

The ID of the network accepting the peer request

accepter_vpc_cidr

The CIDR block of the network accepting the peer request

allow_egress_classic

Denotes if you’ve enabled any EC2-Classic instances to communicate with instances in the peered network

allow_egress_vpc

Denotes if your network is a source or destination for ingress or egress rules in your resource access lists

allow_dns_resolution

Denotes if your network peer connection has enabled DNS hostname resolution

class DivvyResource.Resources.networkpeer.NetworkPeer(resource_id)
Bases: DivvyResource.Resources.resource.Resource

Network Peer Operations

static get_db_class()

get_parent_resource_id()

static get_provider_id_field()

static get_resource_type()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None, project_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

network_peer

peer_id

Private Subnet

Private logical subdivision of a network.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

subnet_id

The subnet id that the interface belongs to

network_resource_id

The resource id of the network to detach

name

The name of the private subnet

cidr

The classless inter-domain routing of the network

prefix

The optional sub-directory to begin at

available_ips

The number of available IPs in the subnet

availability_zone

The availability zone in which the cluster is located

region_name

The name of the region

gateway_address

The route configuration gateway address

public_ip_on_launch

The public ip address when subnet is initially launched

Public IP

Public IP addresses are used to communicate over the Internet. Examples of these include AWS Elastic IPs. This class inherits from TopLevelResource and has direct access to the resource’s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The region that the public IP resides in

public_ip

The publicly accessible IP address

private_ip

The private IP that this public IP will pass through to

domain

The domain associated with this public IP

network_interface_resource_id

The resource ID of the network interface the IP is associated to

allocation_id

The provider allocation ID of the public IP

association_id

The provider association ID

allocation_type

Denotes an ephemeral vs persistent IP address

class DivvyResource.Resources.publicip.PublicIp(resource_id)
Bases: DivvyResource.Resources.toplevelresource.TopLevelResource

IP Address Operations (Elastic/Floating/Public IPs)

allocation_id

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

get_attached_instance()
Retrieve the attached instance (Resource object).

get_attached_network_interface()
Retrieve the network interface (Resource object) this IP is attached to, or None if not attached.

static get_db_class()

get_domain()
Retrieve the domain of the resource (e.g., vpc)

static get_provider_id_field()

get_resource_name()
Public IPs are not named by the user. We return the ip address itself.

static get_resource_name_field()

static get_resource_type()

get_supported_actions()

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to projects/groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from projects/groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

ip_address

is_ephemeral

public_ip

top_level_resource = True

Query Log Config

Query Log Config enables DNS query resolution across entire hybrid clouds (e.g., AWS Route53Resolver Configuration).

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the organization service (cloud) this access list belongs to

region_name

The region where this resource resides

config_id

The ID for the query logging configuration

name

The name of the query logging configuration resource

arn

The ARN for the query logging configuration

association_count

The number of VPCs associated with the query logging configuration

owner_id

The account ID for the account that created the query logging configuration

destination_arn

The ARN of the resource where you want to send query logs

destination_type

The type of resource where query logs will be received (e.g., S3, CloudWatch Logs)

create_time

The time the query logging configuration was created

status

The status of the query logging configuration (e.g., 'Created', 'Creating', 'Deleted', and 'Failed')

Route

The Route resource is used to determine where network traffic from your subnet or gateway is directed (e.g., AWS Route, Azure Route).

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the organization service (cloud) this access list belongs to

region_name

The region where this resource resides

route_table_resource_id

The ID for the route table resource

cidr

The Classless Inter-domain Routing (CIDR) address of the Route resource

target_id

The ID of the target, e.g., 'Internet'

target_type

The target type, e.g., 'gateway'

state

The state of the route resource, e.g., 'active'

Route Table

Network route tables contain a set of rules, called routes, that are used to determine where network traffic is directed. Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table. This class inherits from Resource and has direct access to the resource’s database object.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the organization service (cloud) this access list belongs to

region_name

The region where this resource resides

name

The name of this route table

network_resource_id

The resource ID of the parent (network)

vpc_association_id

The the virtual private cloud that this route table is associated with

routes

The routes that belong to this table

class DivvyResource.Resources.routetable.RouteTable(resource_id)
Bases: DivvyResource.Resources.resource.Resource

Route Table Operations

delete(user_resource_id=None)
Delete this resource. If wrapped in a with JobQueue() block, this will queue the deletion job to the wrapped queue, otherwise it calls immediately.

static get_db_class()

get_network_id()
Retrieve the network ID that the route table belongs to.

static get_provider_id_field()

static get_resource_type()

get_supported_actions()

get_vpc_association_id()
Retrieve the VPC association ID of the route.

handle_resource_created(user_resource_id=None, project_resource_id=None)
This should be called when a resource is created/discovered after the basic data is added to the database. This gives an opportunity for post-addition hooks (assignment to groups, alerts, etc).

handle_resource_destroyed(user_resource_id=None)
This should be called when a resource is destroyed before the basic data is removed from the database. This gives an opportunity for pre-destruction hooks (removal from groups, alerts, etc).

handle_resource_modified(resource, *args, **kwargs)
This should be called when a resource is modified after the new data has been updated in the DB session. This gives an opportunity for post-modification hooks.

route_table

route_table_id

Site-to-Site VPN

A Site-to-Site VPN connection offers two VPN tunnels between a virtual private gateway or a transit gateway on the cloud provider side and a customer gateway on the remote (on-premises) side.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

vpn_id

The ID of the VPN

name

The name of Site To Site VPN

state

The route state

category

The check category

static_route_count

The number of routes contained within the route table

bgp_route_count

The Border Gateway Protocol (BGP) route count, if applicable

static_routes

The static route count

options

The list of specific user-defined options

customer_gateway_id

The ID of the associated Customer Gateway

virtual_gateway_id

The identifier of the virtual gateway ID hat the route table is associated with

transit_gateway_id

The ID of the associated Transit Gateway

last_updated

The time resource was updated last

Target Proxies

In GCP target proxies are referenced by one or more forwarding rules. In the case of HTTP(S) load balancing, proxies route incoming requests to a URL map.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

the ID of the parent organization service (cloud)

region_name

The name of the region

name

The name of target proxy

kind

The kind of backend service

load_balancer_resource_id

The load balancer resource identifier

service_resource_id

The backend service resource identifier

description

The target proxy description

created_time

The time target proxy was created

Traffic Mirror Target

A Traffic Mirror is an Amazon VPC feature that you can use to copy network traffic from an elastic network interface of Amazon EC2 instances. You can then send the traffic to out-of-band security and monitoring appliances for: content inspection, threat monitoring, and troubleshooting (e.g. AWS VPC Traffic Mirror Target)

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

target_id

The identifier of the target

name

The name of the target

type

The type of target

source

The provider id of the source

source_resource_id

The source resource identifier

source_name

The name of the source

description

The description of the mirror target

owner_id

The owner account identifier of the target

cross_account

Denotes whether or not the target spans accounts

Transit Gateway

A Transit Gateway enables customers to connect private clouds (e.g. Amazon Virtual Private Clouds (VPCs) and their on-premises networks to a single gateway.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

transit_gateway_id

The service provided ID for this transit gateway

name

The name of the Transit Gateway

owner_account_id

The resource ID of the subnet to which this NAT gateway belongs. Not used for some cloud providers

create_time

The time the Transit Gateway was created

state

The state of this Transit Gateway

dns_support

Denotes if the Transit Gateway has DNS support

associated_route_table_id

The ID of the associated route table, if applicable

auto_accept_shared_attachments

The resource id of the subnet to which this Transit Gateway belongs. Not used for some cloud providers

Virtual Private Gateway

A private gateway is a logical, fully redundant distributed edge routing function at the edge of a virtual computing resource, for example, an AWS VPC.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

he ID of the parent organization service (cloud)

region_name

The name of the region

availability_zone

The availability zone for the virtual private gateway

gateway_id

The ID for the virtual private gateway

gateway_type

The type of virtual private gateway, e.g., 'ipsec.1'

name

The name of the virtual private gateway

state

The state of the virtual private gateway, e.g., 'available'

asn

The autonomous system number (ASN) for the virtual private gateway

attachment_count

The number of gateways attached to the virtual private gateway region

Web Application Firewall

A Web Application Firewall is a resource that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources, for example the AWS WAF or Google Cloud Armor.

Attribute

Description

resource_id

The primary resource identifier that takes the form of a prefix followed by numbers and letters

organization_service_id

The ID of the parent organization service (cloud)

region_name

The name of the region

firewall_id

The provider ID of the web application firewall

name

The name of the web application firewall

metric_name

The user defined metrics put in place on the WAF

default_action

The default action to take

arn

The amazon resource name for the WAF

resource_count

The compute/build type of the project

rule_count

Denotes whether the project has elevated privileges

sql_injection_rule_count

The rule count that matches SQLi

geo_match_rule_count

The rule count that matches by GeoIP

xss_match_rule_count

The rule count that filters by XSS

ip_match_count

The rule count that filters traffic by IP

version

The installed version of the web application firewall

rule_names

The names of the WAF rules

Updated 16 days ago

Network Resources


Summaries and Attributes of InsightCloudSec Network Resources

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.