InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Using the Principal Explorer

Accessing, Navigating, and Using the Principal Explorer

Once you have completed the setup and configuration to launch Cloud IAM Governance - Access Explorer, InsightCloudSec offers a Principal Explorer that is accessed from the Resources page of the product.

We have added three new columns (Matching Services, Allowed Services, Allowed Actions) that help you surface AWS users and roles that have extensive permissions to various AWS services within your environment.

Once you have found Principals with the most privileges, the Principal Explorer provides a quick way to drill down into the types and level of permissions the user or role has.

Using the Principal Explorer

To launch the Principal Explorer, navigate to “Resource → Resources” on your InsightCloudSec platform, then navigate to the "Identity & Management" tab. The Principal Explorer can only be accessed on the Cloud Users and Cloud Roles resources.

Once you've selected the desired resource, you will see the three new columns (in addition to the other columns that are normally there for the resource):

  • Matching Services (at least 90% allowed)
    • Note: 90% is the default value for the column but can be adjusted using filters. See below for details.
  • Allowed Services
  • Allowed Actions

Each of these column's values is a link. Clicking the value will open the "Principal Explorer". Alternatively, click the actions menu ("..."), then click "Principal Explorer".

Accessing the Principal ExplorerAccessing the Principal Explorer

Accessing the Principal Explorer

Fine-tuning Your Resource Results

Before opening the Principal Explorer, it may make sense to filter your environment results first. As mentioned previously, InsightCloudSec displays users or roles that have 90% or more access to a service by default, i.e., the user or role has 90% of the available service permissions or the user or role is 90% of the way to wildcard, or full, access. This number can be adjusted in several different ways:

1. With the Cloud User or Cloud Role resource open, click "Filters" in the top right-hand corner.

FiltersFilters

Filters

2. Search for "actions count".

Principal Explorer FiltersPrincipal Explorer Filters

Principal Explorer Filters

3. Select a filter:

  • "Principal has Wildcard Access to Services with Denied Actions Count Below Threshold (AWS)" -- Select this filter if you would like to search for users/roles based on how many actions they have denied to them.
  • "Principal has Effective Access to Services with Allowed Actions Count Above Threshold (AWS)" -- Select this filter if you would like to search for users/roles based on how many actions they have granted to them.

4. Optionally, provide a service you want to filter on.

5. Select a "Tolerance Type": "Action Count" or "Percentage".

  • Note: An Action is equivalent to a specific service permission, e.g., "ec2:DescribeAccountAttributes", so you're essentially choosing between raw number and percent.

6. Provide a tolerance value.

7. Click "Apply".

  • Note the "Matching Services... " column will be updated to match the selected filter.
Configured FilterConfigured Filter

Configured Filter

Principal Explorer

After optionally filtering your results and opening the Principal Explorer, you'll be greeted by a three-panel window. The three panels from left-to-right are the Policy Stack, the Policy Viewer, and Effective Access.

Policy Stack

The Policy Stack provides information into the policies inherited via Service Control Policies, inherited via IAM Groups, and applied directly to the user/role themselves.

Expand each grouping to view the policies that are inherited or directly applied.

Deselecting a policy will simulate removing that policy and will update the "Effective Access" panel; clicking a policy will scroll to the policy and highlight it in the "Policy Viewer".

Policy StackPolicy Stack

Policy Stack

Policy Viewer

The Policy Viewer displays a JSON file containing the user/role's ARN, type, and attached policies. Click the "search button" (magnifying glass) to open a field that can be used to search for terms throughout the policy. Click "Download" to download the JSON file to your web browser.

Policy ViewerPolicy Viewer

Policy Viewer

Effective Access

Effective Access displays the various permissions, or actions, that this user or role has access to, grouped by service. Clicking on the right-facing arrow to the right of each service name will open a list of the actions that are granted for that service. You can use the search bar to search for permission names or services and the list will automatically filter as you type.

Effective AccessEffective Access

Effective Access

Updated 15 days ago

Using the Principal Explorer


Accessing, Navigating, and Using the Principal Explorer

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.