InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

System Settings

Overview

DivvyCloud's platform includes numerous administrative configuration elements. Under "Administration" on the main navigation, the options include configurations around third-party Integrations, Identity & Management Resources, Harvesting Strategies, and overall System Administration.

This page covers the "System" portion of System Administration which is accessible when you select "System Administration --> System" from the main navigation.

Specific documentation for other areas of System Administration are as follows:

For questions regarding these settings or other configuration concerns, reach out to us through [email protected].

System Administration - System Landing PageSystem Administration - System Landing Page

System Administration - System Landing Page

The System page is where you can view and configure global settings for your DivvyCloud platform, including all organizations. This section of Administration includes:

  • General Settings
  • Job Backlog Settings
  • Whitelabel Settings
  • Health Notifications
  • Job Scheduler Information
  • System Health
  • Worker Node Status
  • Slowest Jobs
  • Current User Sessions
  • Diagnostics

General Settings

General Settings are available in the first content area on the top left of the "System Administration --> System" section. From here you can view and/or update the following:

📘

Applying Changes

The majority of changes to any values under General Settings, e.g., the Session Timeout or Insight Scan time, will only take effect if the Scheduler is restarted.

Make sure you remember to click SAVE if you make changes to the content in this section.

Base URL - Enter the base URL to your DivvyCloud installation. This URL provides DivvyCloud’s ‘return address’ to third party products--integrations--that DivvyCloud calls. For example, https://divvycloud.companyname.com.

Session Timeout - Set this to the value in minutes when DivvyCloud sessions will automatically timeout. Values may be set from 1-720 minutes, or a maximum of 12 hours. The default value is 60 minutes.

Insight Scan Time - Set this to the value in minutes that you want Insight scanning to occur (60-720). More frequent Insight scanning (lower values) can impact system performance at scale.

System Email Settings (Optional) - Allows you to specify an email address to receive harvesting/monitoring notifications. The email address specified in this field (or domain admins if no address is provided) will receive an email when harvesting capabilities are disrupted. Examples: if a cloud account has invalid credentials, or when EDH is interrupted and your cloud data is not being obtained, or if an admin manually triggers the "run diagnostics" functionality on the System page.

  • This field only supports a single email address, so it's often populated with an alias (e.g., [email protected]).
  • This field is optional because if no email address is provided, all domain admins will receive system email notifications.
  • Note that this functionality also requires establishing a connection between DivvyCloud and an SMTP Server. Visit SMTP (Email Notifications) for more information.

Sentry Bug URL (Optional) - Enter the Sentry URL here if you wish to send bug and stack traces to Sentry for analysis and tracking.

New Account Email Body (Optional) - This is the default text of the email generated and sent to new users. This feature supports the Jinja2 variables {{ username }}, {{ url }}, and {{ password }}. You can alter this message for consistency in internal branding, i.e., the email appears to come from your organization as opposed to coming from DivvyCloud.

Require Authentication for IaC Scans - This checkbox toggles the ability for the system to run unauthenticated IaC scans, by default this is enabled. Check out IAC Overview for more detailed documentation on this feature.

System Settings - GeneralSystem Settings - General

System Settings - General

Job Backlog Settings

Use the Job Backlog Settings to select the cloud account to which you would like to export backlog information. Note: This option is currently only available for AWS and GCP. For more information on the Job backlog export, refer to the details here.

For AWS you will also need to:

  • Specify the Target Region.
  • If desired, you can customize the Target Namespace (AWS Only).
  • Check "Use Instance Authentication" to enable the use of credentials generated by the instance profile.
System - Job Backlog SettingsSystem - Job Backlog Settings

System - Job Backlog Settings

Within CloudWatch if you do not select a custom name, the Custom Namespace defaults to "DivvyCloud". Otherwise, in our example, it will show with the "Target Namespace" (e.g. Your-NameSpace) you specified.

AWS Console - Custom NamespaceAWS Console - Custom Namespace

AWS Console - Custom Namespace

Whitelabel Settings

Whitelabel Settings can be used to replace the DivvyCloud logo used throughout the tool with a logo or image of your choosing, e.g., your company’s logo. To do so you will need to:

1.Select an image URL or Base64-encoded PNG image file with approximate dimensions of 115 x 450 px.

2. Select "SAVE" to apply the changes. Valid images will appear in a preview.

System - White Label ExampleSystem - White Label Example

System - White Label Example

Health Notifications

Health Notifications allows users to disable notifications, or enable a Slack notification for System Health. When enabled, users can select a cadence for the notifications and, as with the general WebHook integration/configuration, can specify a Slack channel.

Add your Slack WebHook here and your selected channel will receive notifications based on the cadence you select (Daily or Hourly).

  • Check out the Slack Integration page for complete details on generating this WebHook.
Add a Slack WebHook for Health NotificationsAdd a Slack WebHook for Health Notifications

Add a Slack WebHook for Health Notifications

📘

System & Health Notifications

System/Health notifications are typically generated based on issues related to the following: system clock drift, job scheduling (no harvest within 24 hours), invalid credentials, assume role failures, and invalid permissions.

Exemptions

By default the Insight Exemptions section of the System settings is blank. If no settings are specified here, exemptions that are within 72 hours of expiration automatically generate a report to notify the creator.

Changes implemented here will supersede these defaults.

Manage Insight ExemptionsManage Insight Exemptions

Manage Insight Exemptions

Insight Exemptions settings allow a user with the appropriate permissions to define requirements around Insight Exemptions as follows:

  • Exemption Notification Days - This is the number of days before the expiration of an exemption will trigger an email.

    • For example, when set to "3", the specified approver will receive an email 3 days before the expiration of the exemption, notifying them of the upcoming expiration.
  • Require Approver - When checked/enabled requires an approver for all exemptions.

  • Require Approver Email - When checked/enabled requires the approver field to be populated with a valid email address (this field supports both text and email).

Job Scheduler Information

The Job Scheduler Information pane can be used to refresh the active job scheduler. While DivvyCloud is only architected for one scheduler, a common deployment practice is to have a secondary scheduler as a High Availability (HA) failover option.

This pane displays which scheduler is currently the active (or master), the host for each scheduler, the time each job scheduler last sent a heartbeat to Redis, and the status of any plugins that have been applied to the schedulers.

Users also have the ability to "Flush Redis" to flush Redis cache and address issues that cannot be otherwise resolved or managed. If you have questions about this feature we recommend reaching out to [email protected].

  • Check out our Product Architecture page to learn more about the role of the scheduler within DivvyCloud's overall workflow.
System - Job Scheduler InformationSystem - Job Scheduler Information

System - Job Scheduler Information

System Health

This System Health section is a display-only pane that shows the description and status of a dozen parameters describing system health. Note: You must scroll within the pane to view the full details.

  • For users that want to receive this information they can choose to opt-in under their profile. Details on that setting are available here.

❗️

Job Backlog (Low Priority), Daily Queue, and Daily Job Duration Action

For Job Backlog (Low Priority), clicking the trash can icon in the "Action" field will completely reset and clear the low priority job backlog queue.

For Daily Queue (any) and Daily Job Duration (any), there is a "refresh" icon in the "Action" field. Clicking this icon does NOT refresh the Daily Queue and Daily Job Duration statistics and instead will completely reset the statistics.

Use caution when using either of these actions.

Health Check

Description

Internal Scheduler Mailbox Queue

Indicates the number of internal DivvyCloud scheduler jobs that are currently in queue. The queue should stay around 0 or at least be consistently decreasing.

Worker Count

The number of workers.

Job Backlog (High Priority)

The number of high priority jobs awaiting completion.

Job Backlog (Medium Priority)

The number of medium priority jobs awaiting completion.

Job Backlog (Low Priority)

The number of low priority jobs awaiting completion.

Daily Queue All Queues (sec)

The daily minimum, maximum, average, and deviation in seconds of time in queue (across all priorities).

Daily Queue High Priority (sec)

The daily minimum, maximum, average, and deviation in seconds of time in queue (across the high priorities).

Daily Queue Medium Priority (sec)

The daily minimum, maximum, average, and deviation in seconds of time in queue (across the medium priorities).

Daily Queue Low Priority (sec)

The daily minimum, maximum, average, and deviation in seconds of time in queue (across the low priorities).

Daily Queue Lowest Priority (sec)

The daily minimum, maximum, average, and deviation in seconds of time in queue (across the lowest priorities).

Daily Job Duration (sec)

The daily minimum, maximum, average, and deviation in seconds of time to complete a job (all priorities).

Daily Job Duration High Priority (sec)

The daily minimum, maximum, average, and deviation in seconds of time to complete a job (high priorities).

Daily Job Duration Medium Priority (sec)

The daily minimum, maximum, average, and deviation in seconds of time to complete a job (medium priorities).

Daily Job Duration Low Priority (sec)

The daily minimum, maximum, average, and deviation in seconds of time to complete a job (low priorities).

Daily Job Duration Lowest Priority (sec)

The daily minimum, maximum, average, and deviation in seconds of time to complete a job (lowest priorities).

Daily Job Count

The daily number of jobs completed.

System Clock Drift

DivvyCloud provides an alert if the system clock is out of sync with the master time server. (If the system clock is more than 5 minutes out of sync, the cloud provider may generate an "invalid credentials" error, even with valid credentials.)

Job Scheduling

Indicates the health of the Job Scheduler and, in particular, whether harvesting is working, including the date and time of last harvest. If harvesting is not working, or has not been done recently, an error status displays here.

Invalid Credentials

Indicates the number of clouds with invalid credentials; clicking on the count will open a detail view. Otherwise a green check mark will indicate that there are no invalid credentials.

Assume Role Failures

Indicates the number of clouds with assume role failures; clicking on the count will open a detail view. Otherwise a green check mark will indicate that there are no assume role failures.

Invalid Permissions

Indicates the number of clouds with invalid permissions; clicking on the count will open a detail view. Otherwise a green check mark will indicate that there are no invalid permissions.

IAM OU/SCP Harvesting Issue

Indicates the number of clouds experiencing an organizational unit/service control policy harvesting issue. Otherwise a green check mark will indicate that there are no issues.

System - System Health Display PaneSystem - System Health Display Pane

System - System Health Display Pane

Worker Node Status

This Worker Node Status pane displays details for the worker nodes as follows:

Host - The unique host identifier.
Status - The status for the individual worker node.
Plugin Status - The plugin status (if applicable) for the individual worker node.
AWS Role - The corresponding AWS Role for the worker node.

Note: You must scroll within the pane to view the full details.

System - Worker Node StatusSystem - Worker Node Status

System - Worker Node Status

Slowest Jobs

The Slowest Jobs pane displays, in descending order, the longest recorded times (in seconds) to complete the most recent jobs and includes the following fields for each:

Most Recent - Name of the most recent job.
Cloud Type - Icon to specify the applicable cloud type, e.g., AWS, GCP, etc.
Longest recorded run (seconds) - Length of the longest recorded run for the applicable job, in seconds.

Note: These jobs typically reflect very large jobs/global harvesting for items like Storage Containers, WAF, IAM, etc.

System - Slowest JobsSystem - Slowest Jobs

System - Slowest Jobs

Current User Sessions

The Current User Sessions displays a pane that provides the details of current user sessions. The view includes a "Rows per page" drop-down menu and pagination for browsing. The details of each session include:

User ID - The User ID for the individual session.
Name - The name associated with the user for the individual user session.
Expiry - The date and time of expiration for the individual user session.
Actions - Available actions for the individual user session (e.g., delete - designated by the trash icon).

*Note: Each of the columns above include a "sort" arrow that appears if you hover over the text, allowing you to sort the contents in ascending or descending order.

System - Current User SessionsSystem - Current User Sessions

System - Current User Sessions

System Diagnostic Reports

Diagnostic Reports

Two types of diagnostic reports are available for immediate download:

  • "Scheduler and Queue Health": a .json file containing various health statistics and information regarding the internal DivvyCloud job scheduler
  • "Bots and Their Configuration": a .json file containing all the Bots available in the current organization as well as their configuration information

To access one of the diagnostic reports:

1. Select a report type from the drop-down menu.

Select a Diagnostic ReportSelect a Diagnostic Report

Select a Diagnostic Report

2. Click "Download Report". The file will be prepared and downloaded.

Download a Diagnostic ReportDownload a Diagnostic Report

Download a Diagnostic Report

Database Performance Reports

Database Performance Reports takes approximately 10-15 minutes to generate and will be sent via email.

  • The email notification is sent to the email address configured on profile of the user who clicked the button. (If this information is invalid, you will not receive an email.)
  • The email will contain a .zip file that features diagnostic and performance information files which can be used by support when troubleshooting system problems.
  • The report will also be available for download via the "System Administration" interface for approximately 1 hour after it was completed.

🚧

Important to Note - Before Running Diagnostics

One worker will have reduced job processing capabilities during the diagnostic collection run.

To access the Database Performance Report:

1. Click the "Run Database Report" button to start the dialog.

System - Run DiagnosticsSystem - Run Diagnostics

System - Run Diagnostics

2. It is strongly recommended you use the default values (shown below) unless otherwise directed by support. Click "Submit" to launch the diagnostics run.

For questions or concerns, contact [email protected].

Recommended Diagnostic ValuesRecommended Diagnostic Values

Recommended Diagnostic Values

3. After the diagnostics have completed (which can take several minutes), the report will be listed in the "System Diagnostic Reports" section of the "System Administration" interface.

Updated about a month ago

System Settings


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.