InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Org-Level EDH (AWS - CloudTrail Mode)

Overview

In addition to existing Event-Driven Harvesting (EDH) capabilities, DivvyCloud includes support for Org-level (CloudTrail Mode) EDH. In the regular deployment, EDH augments standard harvesting methods, pulling data from AWS CloudWatch Events and AWS CloudTrail into a central Eventbus for DivvyCloud’s consumption.

More information on standard EDH, including a detailed diagram, is included on the Event-Driven Harvesting (AWS) page. Org-Level EDH behaves in the same way as the existing EDH but with two key differences:

  • Org-Level EDH retrieves information in approximately 10-15 minute intervals.
    • This interval is imposed by AWS at the cloud-level and is determined by the collection and reporting times associated with the configuration.
  • Org-Level EDH does not require additional manual configuration when new cloud accounts are added.
    • Any new cloud accounts added to your overall footprint are automatically discovered and included in your EDH setup. There are no complex configuration requirements to connect new cloud accounts and ensure the associated resources are harvested.

📘

Getting Started with Org-Level EDH

Event-Driven Harvesting is an advanced and complex feature. Before getting started, we recommend reaching out to [email protected] to ensure that you have the best possible experience getting started with EDH.

Deployment Diagram

Org-Level EDH DeploymentOrg-Level EDH Deployment

Org-Level EDH Deployment

Prerequisites

  • A functioning DivvyCloud Platform
  • AWS Organization(s) added to DivvyCloud (https://docs.divvycloud.com/docs/aws-cloud-setup-organizations)
  • DivvyCloud Admin permissions
  • Basic familiarity with Terraform and the general capabilities.
    • If you are not familiar with Terraform we are happy to assist with this configuration, reach out to us through [email protected]
  • Required Terraform template(s) (provided below)
    • For customers that do not anticipate using Terraform to deploy, reach out to us for assistance in creating the files required to establish this configuration.
  • Admin access to your AWS Master/Payer Account.
    • We strongly recommend installing Org-Level EDH inside of the master/payer AWS account and not in the same account that you are using to run your DivvyCloud platform (this avoids conflicting issues around permissions during configuration).

Required Permissions

🚧

The role applying the Terraform template requires the following permissions:

https://s3.amazonaws.com/get.divvycloud.com/prodserv/divvycloud-deployment-native/aws/iam/DivvyCloud-EDH-CloudTrail-Org-Deployment.json

Required Templates

🚧

DivvyCloud EDH Org CloudTrail via Terraform

https://s3.amazonaws.com/get.divvycloud.com/prodserv/divvycloud-tf/divvycloud-org-cloudtrail-edh-tf.zip

Configuring Org-Level EDH

Terraform Setup (v0.12.x required)

For this part of the deployment we assume that you have downloaded the required templates and have the appropriate permissions to execute the required Terraform commands.

🚧

Variables.tf

The template below is provided as an example and will need to be updated to reflect the configuration for your specific needs.

// AWS master/payer account
variable "aws_account_id" {
  type    = string
  default = "XXXXXXXXXXXX"
}

// AWS target region
variable "region" {
  type    = string
  default = "us-east-1"
}

// Existing harvesting role in master/payer account
variable "existing_harvesting_role" {
  type    = string
  default = "DivvyCloud-Standard-Role"
}

// If set to false, CloudTrail and associated S3 bucket are not created
variable "create_cloudtrail" {
  type    = bool
  default = false
}

// If `create_cloudtrail` is false, specify existing CloudTrail S3 bucket and associated SNS topic name
variable "existing_cloudtrail_bucket" {
  type    = string
  default = "arn:aws:s3:::EXISTING-CLOUDTRAIL-BUCKET-NAME"
}

// Update `arn:aws:sns:REGION:ACCOUNT-ID:DivvyCloud-EDH-Org-CloudTrail` in provided IAM policy to reference existing SNS topic
variable "existing_cloudtrail_topic" {
  type    = string
  default = "EXISTING-SNS-TOPIC-NAME"
}

DivvyCloud Setup

Refer to the steps below to configure Org-Level EDH in DivvyCloud. In general, we do not recommend changing an existing setup or creating a new setup to use Org-Level EDH that would compete with an existing setup.

1. In the DivvyCloud platform navigate to “Cloud → Clouds -> Event-Driven Harvesting”.

2. Select “Add Consumer” and click on the “Enable CloudTrail Mode” button.

3. Provide the URL for the SQS Queue. Note this URL should come from the “Consumer” not “Capture”.

4. Click "Setup Consumer" to complete your setup.

DivvyCloud- Add CloudTrail ModeDivvyCloud- Add CloudTrail Mode

DivvyCloud- Add CloudTrail Mode

Updated 16 days ago

Org-Level EDH (AWS - CloudTrail Mode)


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.