InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Trusting InsightCloudSec with AWS GuardDuty

Instructions for Configuring AWS GuardDuty to Trust InsightCloudSec IP Addresses

Overview

If you use AWS GuardDuty, you will need to add the IP address range associated with your InsightCloudSec instances to the trusted IP list in the AWS accounts you will be scanning. This action must be completed through the AWS console under the GuardDuty service.

Prerequisites

You must be a user of a master GuardDuty account to upload and manage trusted IP addresses; users who are members of GuardDuty accounts do not have these privileges.

🚧

Required Permissions to Manage Trusted Lists:

"iam:PutRolePolicy"
"iam:DeleteRolePolicy"

Adding InsightCloudSec to the Trusted IP Address List

Identify the Trusted IP Address for Your InsightCloudSec Instance

1. Log in to the AWS console and navigate to the GuardDuty page. Select "Findings".

2. Select the Finding Type/Resource you wish to trust. Scroll down in the panel that opens on the right and identify the IP address for your resource.

3. Note the IP address.

4. Repeat #2 and #3 above for each Finding Type/Resource you wish to trust.

AWS Findings - IP AddressAWS Findings - IP Address

AWS Findings - IP Address

Create the List of Trusted IP Addresses

1. Create a text file in which to log the IP addresses you wish to trust, one IP address per line.

2. Move your list of trusted IP addresses to an S3 bucket. Note the S3 bucket’s name.

Add the Trusted IP Address List to GuardDuty

1. Navigate to the “Lists” section of the GuardDuty page.

2. Select “Add a trusted IP list”:

  • Give your list a name
  • Add the file containing your list (Click here for details about creating and uploading lists.)

3. Select “Active” to make your list active.

Trust IP ListTrust IP List

Trust IP List

Note: At any given time, you can have only one uploaded trusted IP list per AWS account per region.

Updated about a month ago

Trusting InsightCloudSec with AWS GuardDuty


Instructions for Configuring AWS GuardDuty to Trust InsightCloudSec IP Addresses

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.