Self-Hosted - Getting Started Guide
Details for Self-Hosted Customers (or Prospects) on How to Get Started with InsightCloudSec
Welcome to InsightCloudSec. This pages provides a high-level overview of the order of operations for getting started with the InsightCloudSec platform. The topics are presented in a roughly sequential order to represent the steps you'd follow from initial deployment, to system configuration and customization, and finally to feature exploration. The content here is organized specifically for customers that are self-hosted (e.g., deploy and manage their own InsightCloudSec environment).
If you're new to our platform you may find it helpful to review:
- Terminology common in our product and space in the Glossary
- High-level information about our Product Architecture
- Details about our Production Deployments and the options available
What You'll Find Here
Each heading below (accessible through the in-page navigation on the right) includes a high-level summary of what this step of the process entails, including links to additional detailed documentation for that part of the process.
- Deploying and initial setup will consist of (at a minimum): Deployment, Adding Cloud Accounts, and Harvesting
- Once you have a functional deployment you'll want to check out: Resources, Insights, and Bots
- If you want to dive a bit deeper into the configuration capabilities we have, definitely check out all of the things under Additional Configurations
- And finally in addition to the main product features InsightCloudSec includes some Advanced Features
Deployment - Setup for your InsightCloudSec Platform
Under Production Deployments we talk about the requirements of deploying to production in an AWS region of your choice. In addition, we offer Test Drive Deployments for users who are still investigating.
Before you start the deployment/installation process you will want to ensure that you have a good understanding of your environment (e.g., your operating system) as well as your overall cloud footprint (e.g., approximate number of cloud accounts--many? just a few?) so that you can choose the most appropriate installation for your needs.
If you're interested in trying us out, reach out to us through Getting Support or take a look at our Test Drive Deployments options.
Adding Cloud Accounts - Connecting Your Clouds to InsightCloudSec
After installing InsightCloudSec you will need to connect the platform to your cloud account(s). Our supported Cloud Service Providers (CSPs) include AWS, Azure, GCP, and more (read the full list here).
Large Cloud Accounts
For organizations with multiple cloud accounts or larger footprints across multiple Cloud Service Providers (CSP), we recommend taking advantage of our support of AWS, Azure, and GCP Organization capabilities. For Alibaba Cloud, Oracle, and other providers or scenarios, reach out to us for the best options to get your clouds connected.
- For GCP, refer to Organizations (GCP)
- For AWS, refer to Organizations (AWS)
- For Azure refer to Organizations (Azure)
Individual Cloud Accounts
For users looking to connect cloud accounts individually or to add a cloud account to an existing InsightCloudSec platform, we recommend the Cloud Account Setup process.
- Check out Clouds to learn more about viewing your cloud details once they're connected.
- Refer to individual sections for additional configuration details around individual CSPs.
Harvesting - Bring Data into InsightCloudSec
After connecting your cloud account(s), InsightCloudSec will start the process to collect or harvest that cloud account and normalize the data.
What do we mean by harvesting?
Harvesting is simply our term for how we collect data, or the process of connecting with your clouds and pulling in the data stored there. InsightCloudSec provides a suggested harvesting schedule but also includes the flexibility to adjust your harvesting strategy based on your organizational needs.
What do we mean by normalizing?
Normalizing the data means that we ingest and identify any resource that is part of your cloud with standard vernacular in simple categories regardless of provider.
Normalizing is a key part of InsightCloudSec; it allows you to view the data from all of your different cloud accounts through a "single pane of glass" via our Resources feature.
Resources - Cloud Footprint Visibility
After InsightCloudSec harvests and normalizes data from your cloud accounts, you will start to see the resources, virtual services, utilities, or functions that make up your clouds displayed in the resource section of InsightCloudSec. This section provides visibility into your cloud footprint and allows you to drill down and inspect specific resources.
Learn more about Resources and Resource Terminology.
Insights - Understanding Your Cloud Footprint
Once you can view your cloud accounts' resources within InsightCloudSec, you can gain a better understanding of them using Insights. Insights use Filters to help provide visibility in to specific behaviors, characteristics, or elements of a cloud resource or resources.
- InsightCloudSec includes out-of-the-box Insights (a library of over 300)
- Custom Insights (create your own)
- Compliance Packs are Insights gathered for over a dozen compliance standards including HIPAA, PCI DSS, CIS, and more)
- Custom Packs are created packs of multiple Insights designed by your organization)
Visit the Insights documentation to learn more.
Bots - Taking Action on the Data
With a better understanding of your resources through Insights, you can take action on those Insights using Bots. Both Insights and Bots are extremely powerful, complex, and flexible features within InsightCloudSec.
Bots are automated programs comprising a scope, filter(s), and action(s) that allow you to act on the findings from your Insights. For example, you can use a Bot to send an email notification containing relevant information about a specific resource based on a characteristic, status, or event defined within an Insight. Bots can delete a non-compliant resource or start/stop an instance.
- Check out our Working with Bots (Best Practices & Examples) page for examples of Bots you can deploy
Additional Configurations - Fine Tuning Your Environment
Organizations
In InsightCloudSec, organizations allow for multi-tenant functionality to logically isolate resources, users, Bots, and Insights according to their unique uses. For example, Managed Service Providers can onboard multiple customers in one install. For more information on this capability, check out the complete documentation on Organizations.
Badges
Badges allow you to identify your cloud accounts in InsightCloudSec with key-value pairs of cloud account metadata. You can create and use Badges to narrow the focus of actions taken on resources or to fine-tune your reporting.
Identity Management, Users, Groups, Roles
Check out our Identity, Access, & Permissions section for content around topics including Users, Groups, and Roles (Administration) and Just In-Time (JIT) User Provisioning - a capability to synchronize users and groups from an external Identity Provider (IDP) authentication server such as Okta, LDAP, Ping, and Microsoft's Active Directory.
Resource Groups
You can organize your resources into Resource Groups for creating custom reports or taking custom Bot actions.
Tag Explorer and Tags
The Tag Explorer allows you to view and explore resource tags within your cloud accounts.
Scheduled Events
Here you can see an event overview of scheduled actions (e.g., starting and stopping instances, creating or deleting tags) that Bots will take against your resources.
Integrations
InsightCloudSec provides Integrations with external systems for handling various actions, such as data aggregation and collection, notifications, and ticketing. These integrations include Slack, ServiceNow, Jira, Jinja2, and others.
General Settings
Check out the Platform Configuration & Settings page for a quick summary of general system administration pages and options.
Advanced Features - Expanded InsightCloudSec Capabilities
Infrastructure as Code (IaC Security)
InsightCloudSec's IaC Security employs the IaC Analyzer to analyze, or scan, your preconfigured infrastructure templates against Insight packs to gain specific feedback about violations and determine compliance before infrastructure is deployed. Each scan can be performed ad-hoc or in an automated fashion via a CI/CD pipeline integration and will generate a detailed report of the results.
- Check out the IaC Security Overview to learn more about the great feature.
Cloud IAM Governance (Access Explorer)
InsightCloudSec's Add-On Cloud IAM Governance module (through Access Explorer) enables organizations to manage IAM challenges across the full scope of their cloud footprint. Within AWS there are five different ways to specify or grant access to an individual resource. Attempting to track these various methods of access across dozens of resource types through separate console interfaces with differing structures is a time-consuming and error-prone process. Access Explorer gives you the ability to pull all of this information into a single interface. This capability dramatically improves visibility across your entire cloud, ensuring access defined around users and associated resources are accounted for.
- Check out the Cloud IAM Governance - Access Explorer section of our documentation to learn more about this Add-On Module.
Updated about 1 month ago