InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Self-Hosted - Getting Started Guide

Details for Self-Hosted Customers (or Prospects) on How to Get Started with InsightCloudSec

đź‘Ť

Rebranding In Progress

Rebranding for DivvyCloud, now InsightCloudSec is ongoing. Logos, URLs, text, and images may reference either InsightCloudSec or DivvyCloud.

The most important thing to note is that the product functionality has remained the same. If you have any questions or concerns reach out to [email protected].

Welcome to InsightCloudSec. This pages provides a high-level overview of the order of operations for getting started with the InsightCloudSec platform. The topics are presented in a roughly sequential order to represent the steps you'd follow from initial deployment, to system configuration and customization, and finally to feature exploration. The content here is organized specifically for customers that are self-hosted (e.g., deploy and manage their own InsightCloudSec environment).

If you're new to our platform you may find it helpful to review:

What You'll Find Here

Each heading below (accessible through the in-page navigation on the right) includes a high-level summary of what this step of the process entails, including links to additional detailed documentation for that part of the process.

Deployment - Setup for your InsightCloudSec Platform

Under Production Deployments we talk about the methods of deployment to production. In addition, we offer Test Drive Deployments for users who are still investigating.

Before you start the deployment/installation process you will want to ensure that you have a good understanding of your environment (e.g., your operating system) as well as your overall cloud footprint (e.g., approximate number of cloud accounts--many? just a few?) so that you can choose the most appropriate installation for your needs.

If you're interested in trying us out, reach out to support or take a look at our Test Drive Deployments options.

Adding Cloud Accounts - Connecting Your Clouds to InsightCloudSec

After installing InsightCloudSec you will need to connect the platform to your cloud account(s). Our supported Cloud Service Providers (CSPs) include AWS, Azure, GCP, and more (read the full list here).

Large Cloud Accounts

For organizations with multiple cloud accounts or larger footprints across multiple Cloud Service Providers (CSP), we recommend taking advantage of our support of AWS, Azure, and GCP Organization capabilities. For AliCloud, Oracle, and other providers or scenarios, reach out to us for the best options to get your clouds connected.

Individual Cloud Accounts

For users looking to connect cloud accounts individually or to add a cloud account to an existing InsightCloudSec platform, we recommend the Cloud Account Setup process.

  • Check out Clouds to learn more about viewing your cloud details once they're connected.
  • Refer to individual sections for additional configuration details around individual CSPs.

Harvesting - Bring Data into InsightCloudSec

After connecting your cloud account(s), InsightCloudSec will start the process to collect or harvest that cloud account and normalize the data.

What do we mean by harvesting?
Harvesting is simply our term for how we collect data, or the process of connecting with your clouds and pulling in the data stored there. InsightCloudSec provides a suggested harvesting schedule but also includes the flexibility to adjust your harvesting strategy based on your organizational needs.

What do we mean by normalizing?
Normalizing the data means that we ingest and identify any resource that is part of your cloud with standard vernacular in simple categories regardless of provider.

Normalizing is a key part of InsightCloudSec; it allows you to view the data from all of your different cloud accounts through a "single pane of glass" via our Resources feature.

Resources - Cloud Footprint Visibility

After InsightCloudSec harvests and normalizes data from your cloud accounts, you will start to see the resources, virtual services, utilities, or functions that make up your clouds displayed in the resource section of InsightCloudSec. This section provides visibility into your cloud footprint and allows you to drill down and inspect specific resources.

Learn more about Resources and Resource Terminology.

Insights - Understanding Your Cloud Footprint

Once you can view your cloud accounts' resources within InsightCloudSec, you can gain a better understanding of them using Insights. Insights use Filters to help provide visibility in to specific behaviors, characteristics, or elements of a cloud resource or resources.

  • InsightCloudSec includes out-of-the-box Insights (a library of over 300)
  • Custom Insights (create your own)
  • Compliance Packs are Insights gathered for over a dozen compliance standards including HIPAA, PCI DSS, CIS, and more)
  • Custom Packs are created packs of multiple Insights designed by your organization)

Visit the Insights documentation to learn more.

Bots - Taking Action on the Data

With a better understanding of your resources through Insights, you can take action on those Insights using Bots. Both Insights and Bots are extremely powerful, complex, and flexible features within InsightCloudSec.

Bots are automated programs comprising a scope, filter(s), and action(s) that allow you to act on the findings from your Insights. For example, you can use a Bot to send an email notification containing relevant information about a specific resource based on a characteristic, status, or event defined within an Insight. Bots can delete a non-compliant resource or start/stop an instance.

Additional Configurations - Fine Tuning Your Environment

Organizations

In InsightCloudSec, organizations allow for multi-tenant functionality to logically isolate resources, users, Bots, and Insights according to their unique uses. For example, Managed Service Providers can onboard multiple customers in one install. For more information on this capability, check out the complete documentation on Organizations.

Badges

Badges allow you to identify your cloud accounts in InsightCloudSec with key-value pairs of cloud account metadata. You can create and use Badges to narrow the focus of actions taken on resources or to fine-tune your reporting.

Identity Management, Users, Groups, Roles

Check out our Identity, Access, & Permissions section for content around topics including Users, Groups, and Roles (Administration) and Just In-Time (JIT) User Provisioning - a capability to synchronize users and groups from an external Identity Provider (IDP) authentication server such as Okta, LDAP, Ping, and Microsoft's Active Directory.

Resource Groups

You can organize your resources into Resource Groups for creating custom reports or taking custom Bot actions.

Tag Explorer and Tags

The Tag Explorer allows you to view and explore resource tags within your cloud accounts.

Scheduled Events

Here you can see an event overview of scheduled actions (e.g., starting and stopping instances, creating or deleting tags) that Bots will take against your resources.

Integrations

InsightCloudSec provides Integrations with external systems for handling various actions, such as data aggregation and collection, notifications, and ticketing. These integrations include Slack, ServiceNow, Jira, Jinja2, and others.

General Settings

Check out the Platform Configuration & Settings page for a quick summary of general system administration pages and options.

Advanced Features - Expanded InsightCloudSec Capabilities

Infrastructure as Code (IaC Security)

InsightCloudSec's IaC Security employs the IaC Analyzer to analyze, or scan, your preconfigured infrastructure templates against Insight packs to gain specific feedback about violations and determine compliance before infrastructure is deployed. Each scan can be performed ad-hoc or in an automated fashion via a CI/CD pipeline integration and will generate a detailed report of the results.

Cloud IAM Governance (Access Explorer)

InsightCloudSec's Add-On Cloud IAM Governance module (through Access Explorer) enables organizations to manage IAM challenges across the full scope of their cloud footprint. Within AWS there are five different ways to specify or grant access to an individual resource. Attempting to track these various methods of access across dozens of resource types through separate console interfaces with differing structures is a time-consuming and error-prone process. Access Explorer gives you the ability to pull all of this information into a single interface. This capability dramatically improves visibility across your entire cloud, ensuring access defined around users and associated resources are accounted for.

Updated 9 days ago

Self-Hosted - Getting Started Guide


Details for Self-Hosted Customers (or Prospects) on How to Get Started with InsightCloudSec

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.