InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Resource Type Definitions

Definitions of InsightCloudSec Normalized Terminology for Your Cloud Infrastructure

The following table provides an alphabetized list with brief definitions of the InsightCloudSec normalized terminology for all resources, services, utilities, or functions that make up your cloud infrastructure. Resource types are organized into five categories: Compute, Containers, Storage, Network, and Identity and Management.

You can read more about the details of the specific resource types on their individual pages as follows:

Resource Type Definitions

Resource Type

Description

Category

Access List

Used to protect and ingress/egress traffic to cloud resources (Security Groups/NACLs)

Network

Access List Flow Log

Allows users to log information about IP traffic flowing through a Network Security Group

Network

Access List Rule

Ingress/Egress traffic rules for Security Groups/NACLs

Network

Access Analyzer

Identifies security risks through unintended access to your resources and data by identifying resources or roles that are shared with an external entity (AWS IAM Access Analyzer)

Identity & Management

Airflow Environment

Managed orchestration for Apache Airflow to programmatically author, schedule, and monitor sequences of processes and tasks.

Compute

API Access Key

Used to make programmatic calls to Cloud Provider’s API

Identity & Management

API Accounting Config

Logs and tracks all calls made to the provider API (AWS CloudTrail, GCP Logs Storage)

Identity & Management

App Run Service

Managed services that simplify deploying containerized web applications and APIs quickly at scale with little to no experience (AWS App Runner, GCP Cloud Run)

Containers

App Server

Defines the region of the physical server where your app will be hosted and the amount of storage, RAM, and CPU the physical servers will have (Azure App Service Plan)

Compute

Application Gateway

Facilitates the creation, use, and management of APIs at any scale (AWS API Gateway)

Network

Application Gateway Domain

Allows the creation, use, and naming of custom domain name (AWS API Gateway Domain)

Network

Application Key

Generates API keys (AWS Gateway Key)

Network

Application Stage

Sets up a stage, a named reference to a deployment, which can be used to manage and optimize the deployment (AWS API Gateway Stage)

Network

Autoscaling Group

Collection of instances used for scaling and management

Compute

Autoscaling Launch Configuration

Configuration for autoscaling groups (min, max, etc.)

Compute

Backend Services

Configuration for load balancing services (GCP Load Balancer Backend Services)

Network

Backup Vault

Container for organizing your backups

Storage

Batch Environment

An environment containing many compute nodes that can run large-scale parallel and high-performance computing batch jobs efficiently (AWS Batch Compute Environment, Azure Batch Account)

Compute

Batch Pool

A group of compute nodes that is used in a batch environment to run large-scale parallel and high-performance computing batch jobs efficiently (Azure Batch Pool)

Compute

Big Data Instance

Big data/data warehouse instances (AWS Redshift, GCP Big Table)

Compute

Big Data Snapshot

Point-in-time back up of a big data instance

Storage

Big Data Workspace

Analytics service that combines data integration, data warehousing, and big data analytics (Azure Synapse)

Compute

Build Project

Integration service for compiling source code, running tests, and producing deployable software packages (AWS CodeBuild)

Compute

Cache Database Cluster

A Cache Database Cluster is an in-memory database service that provides fast performance and durability (AWS MemoryDB)

Compute

Cache Instance

Memory cache instance (AWS ElastiCache, Redis, etc.)

Compute

Cache Snapshot

Point-in-time backup of Redis cluster (AWS ElastiCache Snapshot, Alibaba Cloud Redis Snapshot)

Storage

Cloud Access Point

A feature to simplify managing data access at scale for applications using shared data sets (AWS S3 Access Point)

Identity & Management

Cloud Account

Secure, world-wide storage and retrieval of any amount of data at any time

Identity & Management

Cloud Advisor Check

A recommendation guide that analyzes your configuration and usage (AWS Trusted Advisor)

Identity & Management

Cloud Alarm

Notification on events from a Content Delivery Network (AWS Cloudwatch Events)

Identity & Management

Cloud Dataset

Top-level containers for organizing and controlling access to tables and views (GCP BigQuery Dataset)

Storage

Cloud Domain Group

A virtual group of all accounts created in an organization's master account (GCP Domain Groups)

Identity & Management

Cloud Domain User

Cloud Identity User able to manage across your entire domain (GCP Only)

Identity & Management

Cloud Event Bus

A serverless event bus that facilitates connecting applications together using data from your own (SaaS or other) applications or services (AWS EventBridge)

Identity & Management

Cloud Event Rule

A Cloud Event Rule matches incoming Cloud Alarms ("events") and routes them to targets for processing (AWS CloudWatch Rule)

Identity & Management

Cloud Group

A cloud provider group within an organization service

Identity & Management

Cloud Limit

Limits placed on amount of services available for cloud provider accounts

Identity & Management

Cloud Log Destination

A physical resource that enables you to subscribe to a stream of log events (AWS CloudWatch Logs Destination)

Identity & Management

Cloud Outpost

Managed service for hybrid cloud

Identity & Management

Cloud Policy

A policy that will gave specific permissions to Cloud Users, Groups or Roles (AWS IAM)

Identity & Management

Cloud Region

Where cloud resources are located

Identity & Management

Cloud Resource Group

Used for related resources (e.g., Azure Resource Group)

Identity & Management

Cloud Role

A cloud provider role within an organization service

Identity & Management

Cloud Service Cost

Cost associated with cloud provider services

Identity & Management

Cloud User

A cloud user account used to access the provider console/API (AWS IAM)

Identity & Management

Clusters

Runs the Kubernetes management infrastructure (AWS EKS, GCP GKE, Azure Kubernetes Service)

Containers

Cold Storage

Deep archive storage (AWS Glacier)

Storage

Container Image

Assists in storing, managing, and deploying Docker container images (AWS Container Image (ECR), Azure Container Image, GCP Container Image)

Containers

Container Instances

Assists in running Kubernetes without standing up or maintaining own Kubernetes control plane (AWS Container Instance (EKS), MS Azure Container Instance)

Containers

Container Registry

Docker container registry assisting developers in storing, managing, and deploying Docker container images (AWS Container Registry (ECR), Azure Container Registry, GCP Container Registry)

Containers

Containers

Manages container services (AWS Container (ECS))

Containers

Content Delivery Network

A service that securely delivers data (AWS CloudFront)

Network

Data Analytics Workspace

Interactive query service for data analytics (AWS Athena)

Storage

Data Factory

Managed, serverless data integration (Azure Data Factory)

Storage

Data Lake Storage

Enterprise-wide hyper-scale repository for big data analytic workloads (Azure Data Lake Storage Gen1)

Storage

Data Stream

The transfer of data at a steady high-speed rate (AWS Kinesis)

Storage

Data Sync Task

Tasks associated with online data transfer (AWS DataSync Task)

Storage

Database

Relational database service (GCP Cloud SQL, Azure SQL Database/Dedicated SQL Pool)

Compute

Database Cluster

One or more DB instances and a cluster volume that manages the data for those instances (AWS RDS Aurora Cluster, Neptune, Document DB)

Compute

Database Instance

Database instance (RDS, CloudDatabase, etc.)

Compute

Database Migration Instance

Migrates on-premises database to the cloud (AWS Database Migration Service (DMS))

Storage

Database Proxy

Simplifies connection management by handling network traffic between client applications and the database (AWS RDS Database Proxy)

Storage

Database Snapshot

Point-in-time backup of a database instance

Storage

Databricks Workspace

Collaborative analytics platform based on Apache Spark (Azure Databricks Workspace)

Storage

DDoS Protection

Distributed Denial of Service (DDoS) protection service that safeguards applications running in the cloud (AWS Shield)

Network

Delivery Stream

Load streaming data into data stores and analytics tools (AWS Firehose)

Storage

Deployments/Tasks

Works with container tasks (AWS Container Task (ECS))

Containers

Diagnostic Settings

Configuration profile that enables sending platform metrics and logs to various destinations (Azure Diagnostic Settings)

Identity & Management

Direct Connect

Establishes dedicated network from your premises to the cloud (AWS Direct Connect, GCP Cloud Interconnect, Azure Express Route Circuit)

Network

Directory Service

Collection of services for managing users and devices on a network (e.g., Azure AD)

Identity & Management

Distributed Table

NoSQL database table (AWS DynamoDB)

Compute

Distributed Table Cluster

In-memory cache for Distributed Tables (DynamoDB DAX)

Compute

DNS Domain

For managing domain names in a Domain Name System (DNS), (AWS Route53 Domain)

Identity & Management

DNS Zone

Used to store DNS records for name public/private name resolution (AWS Route53)

Network

Elasticsearch Instance

A restful search and analytics engine (AWS Elasticsearch)

Compute

Email Service Domain

A cloud-based email sending service (AWS SES)

Compute

Encryption Key

A master key used to encrypt cloud volumes, databases and more (AWS KMS)

Identity & Management

Encryption Key Vault

Secure key management (GCP Cloud KMS Keyring, Azure Key Vault)

Identity & Management

ETL Data Catalog

An index to the location, schema, and runtime metrics of your data; supports extract, transform, and load (ETL) service (AWS Glue Data Catalog)

Storage

ETL Security Configuration

A set of security properties that can be used by your extract, transform, and load (ETL) service (AWS Glue Security Configuration)

Storage

Event Subscription

Allow notifications when events within an event category occur (AWS RDS Event Subscription)

Compute

File Share

A cloud storage service that provides on-premises access to cloud storage (AWS NFS/SMB File Gateway Share)

Storage

Forwarding Rules

Manage frontend configuration of a load balancer (GCP Load Balancer Forwarding Rules, Azure Load Balancing Rules)

Network

Global Load Balancer

A global, scalable entry-point that uses a global edge network to create web applications (e.g., Azure Front Door)

Network

GraphQL API

GraphQL manages services that improve performance, support real-time updates, and make connecting to secure datasources easy. An example of this type of resource is AWS AppSync API.

Storage

Hypervisor

A hypervisor/dedicated host responsible for housing compute instances

Compute

Identity Provider

Creates, maintains, and manages identity information, providing authentication (SAML, AD)

Identity & Management

Ingress

Exposes HTTP and HTTPS routes from outside a Kubernetes cluster to services within the cluster (Kubernetes Ingress)

Containers

Instance

Compute instance (EC2, CloudServers, etc.)

Compute

Internet Gateway

A logical connection between a network and the internet

Network

Lightsail

Provides compute, storage, and networking capacity and capabilities for websites and web applications in the cloud (AWS Lightsail)

Compute

Load Balancer

Used in multi-tier apps to distribute load across a variety of compute instances

Network

Logic App

Integration platform as a service that promotes scale and portability while offering critical workflow automation from a workspace of any size (Azure Logic App)

Compute

Log Analytics Workspace

Container used for storing and analyzing log data and configuration (Azure Log Analytics Workspace)

Identity & Management

Log Group

Group of Event logs within a Log Stream (e.g., AWS CloudWatch Log Groups)

Identity & Management

Machine Learning Instance

Prepare and processes data, trains and deploys machine learning models.

Compute

MapReduce Cluster

A programming model for processing and generating large data sets (Hadoop)

Compute

Message Broker Instance

Managed message broker service (AWS MQ)

Compute

Message Queue

Message queuing services (AWS SQS)

Compute

Namespace

A virtual cluster backed by a physical cluster; typically, there are several distinct namespaces on a single physical cluster (Kubernetes Namespace)

Containers

NAT Gateway

Enables instances in a private network to forward traffic to the Internet

Network

Network

Logically isolated virtual environment within a Cloud Provider (AWS VPC)

Network

Network Address Group

Provides visibility into defined network address prefixes (AWS Managed Prefix List, Azure IP Group)

Network

Network Endpoint

Enables private connection of your VPC to cloud services

Network

Network Endpoint Service

Enables you to privately connect your VPC to supported provider services (AWS VPC Endpoint Services, Azure Service Endpoint)

Network

Network Firewall

A managed, cloud-based network-security service that protects network resources (Azure Firewall)

Network

Network Firewall Rule

Firewall rules including:NAT rules, network rules, and applications rules.
(Azure Firewall Rule)

Network

Network Firewall Rule List

Firewall rule collections processed according to the rule type in priority order.
(Azure Firewall Rule Collection)

Network

Network Flow Log

Stores configuration and delivery info regarding traffic flows in a cloud network

Network

Network Interface

Virtual interfaces that can allow communication between networks/subnets

Network

Network Peer

Interconnects two private networks

Network

Notification Subscription

Subscription-based notifications (AWS SNS, GCP Pub/Sub)

Compute

Notification Topic

Topic to use when delivering notifications

Compute

Pod Security Policies

(Kubernetes Pod Security Policy)

Containers

Pods

Kubernetes Pod

Containers

Private Image

Private/shared image which can be used to create a compute instance

Compute

Private Subnet

Private logical subdivision of a network

Network

Public IP

Elastic/Floating IP addresses which allow communication over the Internet

Network

Query Log Config

Enables DNS query resolution across entire hybrid cloud (AWS Route53Resolver Configuration)

Network

Reserved Instance

Guaranteed, available virtual private servers (AWS RIs, Azure Pre-Paid Instances)

Compute

Route

Used to determine where network traffic from your subnet or gateway is directed (AWS Route, Azure Route)

Network

Route Table

Used to store routes

Network

Search Cluster

A cluster of Elasticsearch Instances

Compute

Search Index

A highly accurate intelligent search service for unstructured data using natural language.

Compute

Secret

Confidential or secure data (AWS Secret)

Identity & Management

Secure File Transfer

Allows secure transfer of files using SFTP protocol (AWS SFTP Server)

Storage

Serverless Application

Framework for building serverless applications (AWS Serverless Application)

Compute

Serverless Function

A compute service that runs code in respose to events

Compute

Service Control Policy

A type of policy to manage your application (AWS Service Control Policy)

Identity & Management

Service Detector

Threat detection service (AWS GuardDuty Detector)

Identity & Management

Services

(Kubernetes Service)

Containers

Shared File System

Scalable volumes that can be shared between multiple instances (eg: AWS EFS)

Storage

Shared Gallery

Shared Image Gallery (Azure) to build structure around images

Compute

Shared Gallery Image

Image definitions for logical version grouping

Compute

Shared Gallery Image Version

Image versioning, as used in environments

Compute

Site-to-Site VPN

Enable access to your remote network from your VPC (AWS Site-to-Site VPN (VPC), GCP VPN Tunnel)

Network

Snapshot

Point-in-time backups of volumes

Storage

Spanner

A globally-distributed, and synchronously-replicated database

Storage

SSH Key Pair

Public and Private keys associated with a cloud provider within an organization service

Identity & Management

SSL Certificate

A certificate bound to a load balancer to facilitate secure client/server communication

Identity & Management

SSM Document

A script or document written in JSON or YAML that provides instructions to the Systems Manager for how to interact with your managed instances (Systems Manager (SSM) Document)

Compute

Stack Template

Infrastructure as code (CloudFormation Templates)

Compute

Stackdriver Sink

A Stackdriver Sink controls how logs are routed throughout your environment (GCP Stackdriver Sink)

Identity & Management

Storage Account

Contains all Azure storage data objects (Azure Storage Account)

Storage

Storage Container

Object storage (S3, Cloud Storage, Blob Storage, etc.)

Storage

Stored Parameters

Secure storage for configuration data as parameter values (AWS Systems Manager Parameter Store Parameter)

Storage

Stream Instance

Streaming data service (AWS MSK Instance)

Compute

Target Proxies

Load balancing component that routes incoming requests to a URL map, terminates connection to the user (GCP Load Balancer Target Proxies)

Network

Task Definitions

Task Definitions are required to run Docker containers within container management services in the cloud (AWS ECS Task Definition)

Container

Threat Findings

Threat detection service (AWS GuardDuty/Macie)

Identity & Management

Timeseries Database

Timeseries databases store and analyze trillions of events daily for internet of things (IoT) and operational applications (Amazon Timestream)

Storage

Traffic Mirror Target

An elastic network interface or a network load balancer (AWS VPC Traffic Mirror Targets)

Network

Transcoding Pipeline

A queue that manages media transcoding jobs (AWS Elastic Transcoder Pipeline)

Compute

Transit Gateway

Service enabling connection of VPCs and on-premises networks to a single gateway (AWS Transit Gateway)

Network

User Pool

Allows your users to sign in to your web or mobile app (AWS Cognito User Pool)

Identity & Management

Video Stream

Service to stream live video from devices to the cloud (AWS Kinesis Video Stream)

Storage

Virtual Private Gateway

Private virtual interface for one or more connections.

Network

Volume

Network attached storage (EBS, Virtual Disks, etc.)

Storage

Web App

Service providing app hosting (AWS Elastic Beanstalk Environment, Azure App Service)

Compute

Web App Group

Service for deploying and scaling web applications and services (AWS Elastic Beanstalk Application)

Compute

Web Application Firewall

Web application security (AWS Application Firewall (WAF), WAFv2)

Network

Workspace

Virtual desktops (AWS Workspaces)

Compute

Updated about a month ago

Resource Type Definitions


Definitions of InsightCloudSec Normalized Terminology for Your Cloud Infrastructure

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.