DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

System Settings

Overview

DivvyCloud's platform includes numerous administrative configuration elements. Under "Administration" on the main navigation, the options include configurations around third-party Integrations, Plugins, Identity & Management Resources, Harvesting Strategies, and overall System Administration.

This page covers the "System" portion of System Administration which is accessible when you select "System Administration --> System" from the main navigation.

Details for other areas of System Administration are as follows:

For questions regarding these settings or other configuration concerns, reach out to us through [email protected].

System Administration - System Landing Page

The System page is where you can view and configure global settings for your DivvyCloud platform, including all organizations. This section of Administration includes:

  • General Settings
  • Job Backlog Settings
  • Whitelabel Settings
  • Health Notifications
  • Job Scheduler Information
  • System Health
  • Worker Node Status
  • Slowest Jobs
  • Current User Sessions
  • Diagnostics

General Settings

General Settings are available in the first content area on the top left of the "System Administration --> System" section. From here you can view and/or update the following:

📘

Applying Changes

The majority of changes to any values under General Settings, e.g., the Session Timeout or Insight Scan time, will only take effect if the Scheduler is restarted.

Make sure you remember to click SAVE if you make changes to the content in this section.

Base URL - Enter the base URL to your DivvyCloud installation. This URL provides DivvyCloud’s ‘return address’ to third party products--integrations--that DivvyCloud calls. For example, https://divvycloud.companyname.com.

Session Timeout - Set this to the value in minutes when DivvyCloud sessions will automatically timeout. Values may be set from 1-720 minutes, or a maximum of 12 hours. The default value is 60 minutes.

Insight Scan Time - Set this to the value in minutes that you want Insight scanning to occur (60-720). More frequent Insight scanning (lower values) can impact system performance at scale.

System Email Settings (Optional) - Allows you to specify an email address to receive harvesting/monitoring notifications. The email address specified in this field (or domain admins if no address is provided) will receive an email when harvesting capabilities are disrupted. Examples: if a cloud account has invalid credentials, or when EDH is interrupted and your cloud data is not being obtained, or if an admin manually triggers the "run diagnostics" functionality on the System page.

  • This field only supports a single email address, so it's often populated with an alias (e.g., [email protected]).
  • In addition, this field is optional because if no email address is provided, all domain admins will receive system email notifications.
  • Note that this functionality also requires establishing a connection between DivvyCloud and an SMTP Server. Visit SMTP (Email Notifications) for more information.

Sentry Bug URL (Optional) - Enter the Sentry URL here if you wish to send bug and stack traces to Sentry for analysis and tracking.

New Account Email Body (Optional) - This is the default text of the email generated and sent to new users. This feature supports the Jinja2 variables {{ username }}, {{ url }}, and {{ password }}. You can alter this message for consistency in internal branding, i.e., the email appears to come from your organization as opposed to coming from DivvyCloud.

Provisioning Enabled - This checkbox toggles the ability of the user to view the "Provisioning" option "Extensibility --> Provisioning" under the main navigation menu.

System Settings - General

Job Backlog Settings

Use the Job Backlog Settings to select the cloud account to which you would like to export backlog information. Note: This option is currently only available for AWS and GCP. For more information on the Job backlog export, refer to the details here.

For AWS you will also need to:

  • Specify the Target Region.
  • If desired, you can customize the Target Namespace (AWS Only).
  • Check "Use Instance Authentication" to enable the use of credentials generated by the instance profile.

System - Job Backlog Settings

Within CloudWatch if you do not select a custom name, the Custom Namespace defaults to "DivvyCloud". Otherwise, in our example, it will show with the "Target Namespace" (e.g. Your-NameSpace) you specified.

AWS Console - Custom Namespace

Whitelabel Settings

Whitelabel Settings can be used to replace the DivvyCloud logo used throughout the tool with a logo or image of your choosing, e.g., your company’s logo. To do so you will need to:

1.Select an image URL or Base64-encoded PNG image file with approximate dimensions of 115 x 450 px.

2. Select "SAVE" to apply the changes. Valid images will appear in a preview.

System - White Label Example

Health Notifications

Health Notifications allows users to disable notifications, or enable a Slack notification for System Health. When enabled, users can select a cadence for the notifications and, as with the general WebHook integration/configuration, can specify a Slack channel.

Add your Slack WebHook here and your selected channel will receive notifications based on the cadence you select (Daily or Hourly).

  • Check out the Slack Integration page for complete details on generating this WebHook.

Add a Slack WebHook for Health Notifications

📘

System & Health Notifications

System/Health notifications are typically generated based on issues related to the following: system clock drift, job scheduling (no harvest within 24 hours), invalid credentials, assume role failures, and invalid permissions.

Insight Exemptions

By default the Insight Exemptions section of the System settings will be blank. If no settings are specified here, exemptions that are within 72 hours of expiration automatically generate a report to notify the creator.

Changes implemented here will supersede these defaults.

Manage Insight Exemptions

Insight Exemptions settings allow a user with the appropriate permissions to define requirements around Insight Exemptions as follows:

  • Exemption Notification Days - This is the number of days before the expiration of an exemption will trigger an email.

    • For example, when set to "3", the specified approver will receive an email 3 days before the expiration of the exemption, notifying them of the upcoming expiration.
  • Require Approver - When checked/enabled requires an approver for all exemptions.

  • Require Approver Email - When checked/enabled requires the approver field to be populated with a valid email address (this field supports both text and email).

Job Scheduler Information

The Job Scheduler Information pane can be used to refresh the active job scheduler. While DivvyCloud is only architected for one scheduler, a common deployment practice is to have a secondary scheduler as a High Availability (HA) failover option.

This pane displays which scheduler is currently the active (or master), the host for each scheduler, the time each job scheduler last sent a heartbeat to Redis, and the status of any plugins that have been applied to the schedulers.

  • Check out our Product Architecture page to learn more about the role of the scheduler within DivvyCloud's overall workflow.

System - Job Scheduler Information

System Health

This System Health section is a display-only pane that shows the description and status of a dozen parameters describing system health. Note: You must scroll within the pane to view the full details.

Worker Count – The number of workers.
Job Backlog (High Priority) - The number of high priority jobs awaiting completion.
Job Backlog (Medium Priority) - The number of medium priority jobs awaiting completion.
Job Backlog (Low Priority) - The number of low priority jobs awaiting completion.

❗️

Job Backlog (Low Priority) - Important Note

There is a "refresh" button next to the Low Priority Job Backlog. This button does NOT refresh the job backlog count. Pressing this button will completely reset and clear the low priority job backlog queue. Use caution with this functionality.

Daily Queue (sec) – The daily minimum, maximum, average, and deviation in seconds of time in queue.
Daily Job Duration (sec) – The daily minimum, maximum, average, and deviation in seconds of time to complete a job.
Daily Job Count – The daily number of jobs completed.
System Clock Drift – DivvyCloud provides an alert if the system clock is out of sync with the master time server. (If the system clock is more than 5 minutes out of sync, the cloud provider may generate an "invalid credentials" error, even with valid credentials.)
Job Scheduling – Indicates the health of the Job Scheduler and, in particular, whether harvesting is working, including the date and time of last harvest. If harvesting is not working, or has not been done recently, an error status displays here.
Invalid Credentials - Indicates the number of clouds with invalid credentials; clicking on the count will open a detail view. Otherwise a green check mark will indicate that there are no invalid credentials.
Assume Role Failures - Indicates the number of clouds with assume role failures; clicking on the count will open a detail view. Otherwise a green check mark will indicate that there are no assume role failures.
Invalid Permissions - Indicates the number of clouds with invalid permissions; clicking on the count will open a detail view. Otherwise a green check mark will indicate that there are no invalid permissions.

System - System Health Display Pane

Worker Node Status

This Worker Node Status pane displays details for the worker nodes as follows:

Host - The unique host identifier.
Status - The status for the individual worker node.
Plugin Status - The plugin status (if applicable) for the individual worker node.
AWS Role - The corresponding AWS Role for the worker node.

Note: You must scroll within the pane to view the full details.

System - Worker Node Status

Slowest Jobs

The Slowest Jobs pane displays, in descending order, the longest recorded times (in seconds) to complete the most recent jobs and includes the following fields for each:

Most Recent - Name of the most recent job.
Cloud Type - Icon to specify the applicable cloud type, e.g., AWS, GCP, etc.
Longest recorded run (seconds) - Length of the longest recorded run for the applicable job, in seconds.

Note: These jobs typically reflect very large jobs/global harvesting for items like Storage Containers, WAF, IAM, etc.

System - Slowest Jobs

Current User Sessions

The Current User Sessions displays a pane that provides the details of current user sessions. The view includes a "Rows per page" drop-down menu and pagination for browsing. The details of each session include:

User ID - The User ID for the individual session.
Name - The name associated with the user for the individual user session.
Expiry - The date and time of expiration for the individual user session.
Actions - Available actions for the individual user session (e.g., delete - designated by the trash icon).

*Note: Each of the columns above include a "sort" arrow that appears if you hover over the text, allowing you to sort the contents in ascending or descending order.

System - Current User Sessions

Diagnostics

Selecting "Run Diagnostics" triggers a diagnostics report. Click the button to launch the form; Diagnostic information supplied in this report can be used by support when troubleshooting system problems.

This report takes approximately 10-15 minutes to complete.

  • The email notification is sent to the email address configured on profile of the user who clicked the button. (If this information is invalid, you will not receive an email.)
  • The report will display as a .ZIP file for approximately 1 hour after it's completed and can be downloaded from this section of the System tab.

🚧

Important to Note - Before Running Diagnostics

One worker will have reduced job processing capabilities during the diagnostic collection run.

1. Click the "Run Diagnostics" button to start the dialog.

System - Run Diagnostics

2. It is strongly recommended you use the default values (shown below) unless otherwise directed by support. Click "Submit" to launch the diagnostics run.

For questions or concerns, contact [email protected].

Recommended Diagnostic Values

3.. After the diagnostics have completed (which can several minutes), the report will be listed in the "Diagnostics" section of the System tab.

Updated about a month ago

System Settings


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.