Glossary
This page provides a glossary of terminology with definitions for terms used in Cloud Risk Complete. At this time, some terminology may vary based on the product capabilities of InsightCloudSec, InsightVM, InsightAppSec, and InsightConnect. Any inconsistencies are noted.
A through B
API
API
Application program interface, a set of functions and procedures allowing the creation of applications that access the features or data of an operating system, application, or other service.
InsightCloudSec’s API can be used to create Insights and Bots, modify Compliance Packs, and perform other functions outside of the platform user interface. See the InsightCloudSec API documentation for details.
Admin, Administrators
Admin
A User with the highest level of privileges or authorizations. Admins generally will retain all permissions to read/view, write/edit, delete, etc.
There are two types of Admins, Domain Admins and Org Admins. A Domain Admin can do everything in the tool. An Org Admin can do everything operational in their organization in the tool.
See also Domain Admin and Org Admin, or check out our User Entitlements Matrix for a single source on what user type(s) can perform certain actions.
Assets (InsightVM)
Asset
An asset is a single device on a network that the application discovers during a scan. In the Web interface and API, an asset may also be referred to as a device. See Managed asset and Unmanaged asset. An asset’s data has been integrated into the scan database, so it can be listed in sites and asset groups. In this regard, it differs from a node. See Node.
Asset group
An asset group is a logical collection of managed assets to which specific members have access for creating or viewing reports or tracking remediation tickets. An asset group may contain assets that belong to multiple sites or other asset groups. An asset group is either static or dynamic. An asset group is not a site. See Site, Dynamic asset group, and Static asset group.
Asset Owner
Asset Owner is one of the preset roles. A user with this role can view data about discovered assets, run manual scans, and create and run reports in accessible sites and asset groups.
Managed asset
A managed asset is a network device that has been discovered during a scan and added to a site’s target list, either automatically or manually. Only managed assets can be checked for vulnerabilities and tracked over time. Once an asset becomes a managed asset, it counts against the maximum number of assets that can be scanned, according to your license.
Authentication Servers
Background Job
Background Job
Background Jobs are worker processes that run on a schedule to keep InsightCloudSec current (e.g., harvesting Insights) and optimized (e.g., OrphanedResourceCleanup). Background Jobs are distinct from On-Demand jobs in that they are not run immediately. Resource harvest jobs, which can be accessed via the Cloud details section, can be thought of as specialized Background Jobs.
Badges
Bot
BotFactory
C
CI/CD
Cloud, Cloud Service Provider (CSP), Cloud Type
Cloud, CSP, Cloud Type
A cloud, or cloud account, is an account for cloud services (storage, compute, etc.) from a cloud service provider (Cloud Provider or CSP), such as AWS, GCP, Azure. You can have multiple accounts (“clouds”) from a single provider, or you can use multiple providers to create your overall cloud infrastructure.
Note: Each Cloud Provider users their own terminology for “cloud accounts”: AWS uses the term “accounts”, GCP uses the term “projects”, and Azure uses the term “subscriptions”.
Cloud Automation (Workflows & Response)
Cloud Automation
Automation lets you create custom Bots to automatically notify relevant resource owners and stakeholders when an issue arises, with the option to auto-remediate without needing to include humans in the process (if desired).
You can quickly and easily create workflows automatically when a policy is violated. Using Bots, with responses ranging from notification to remediation, helps drastically reduce response time and provides a consistent approach to fixing problems across multiple cloud service providers.
Cloud Identity Access Management (IAM)
Cloud Identity Access Management (IAM)
Cloud IAM analyzes the complex roles and identities of cloud environments to help reduce excessive entitlements and streamline least-privilege access (LPA) controls.
Your developers have the freedom to innovate through visibility and tooling that manages the complexity across roles and permissions. Cloud IAM allows you to maintain compliance with regulatory requirements, industry best practices, and organizational controls.
Cloud Security Posture Management (CSPM)
Cloud Security Posture Management
CSPM capabilities allow InsightCloudSec to continuously monitor the state of cloud environments to protect against misconfigurations and policy violations.
You can rest easy knowing all of your cloud and container environments are monitored for visibility into changes and misconfigurations. Numerous workflows allow you to easily identify and fix changes that don’t fit into regulatory or internal policies.
Cloud Threat Detection
Cloud Threat Detection
Threat Detection capabilities help address the volume of individual threat signals generated from numerous cloud resources and services. Threat scale cannot be overstated and the scope has a measurable impact on the time it takes to identify and respond to risk.
Cut through the noise by analyzing risk in complete context from every layer of the cloud stack, allowing you and your teams to identify and prioritize remediation efforts on the misconfigurations and vulnerabilities that present the highest level of risk to your business in 60 seconds or less.T
Cloud Vulnerability Management
Cloud Vulnerability Management
Vulnerability Management analyzes and prioritizes known software vulnerabilities detected in cloud workloads and container images.
You can identify known vulnerabilities and leverage vulnerability context with intelligent, automated routing to rapidly prioritize and remediate risk associated with cloud workloads and container images.
Compliance
Compliance Pack
Compliance Pack
Compliance Packs (a type of Insight Pack) are collections of related Insights pertinent to a specific compliance standard. Compliance Packs may focus on security, costs, governance, or combinations of these across a variety of frameworks. Examples are NIST 800-53, ISO 27001, HIPAA, and PCI DSS. Compliance Packs are accessed from the Compliance Packs tab on the Insights main page.
Compliance Scorecard
Compliance Scorecard
Visually summarizes cloud accounts’ adherence to specific rules or conditions of an Industry Standard, e.g., NIST 800-53 or ISO 27001. This summary is presented as a heat-map type visual; the Compliance Scorecard also provides guidance concerning actions to take on specific resources to mitigate failing issues. Check out more information about Compliance Scorecard .
Container Vulnerabilities (Container Vulnerability Management)
D through H
Data Collections
Disabled Resource
Detection, Finding
Detection, Finding
A “finding” is a single check against a resource. If the resource matches any Query Filter included in the Insight, it is counted as a “finding”. A single resource may be valid for multiple checks and as a result, may have multiple “findings”Check out the Summary Page for an example.
Domain Admin
Domain Admin
A User with the highest level of privileges or authorizations. A Domain Admin can do everything in the tool. There are also read-only Domain Admins who are able to view all resource data among all InsightCloudSec organizations, yet as the name implies, they are not able to make changes to InsightCloudSec. See also Admin.
Entitlements
Entitlements
Entitlements, or Permissions Entitlements, give domain users control over basic users’ and organization admins’ permissions to access certain parts of the tool. These entitlements are available for BotFactory, Tag Explorer, Insights, and Scheduled Events. The four possible permissions levels are “disabled”, “viewer”, “editor”, and “admin”. Entitlements are assigned independently to features, e.g., a basic user might be “disabled” for BotFactory but have “editor” permissions for Tag Explorer.
Event-Driven Harvesting (EDH)
Event-Driven Role
Exemption
Exemption
A Resource Group that defines a collection of resources that are not evaluated against a specific Insight. For example, S3 buckets configured to host websites can be placed in a Resource Group called “Websites” that is then exempted from the Insight “Storage Container Exposed To The Public”.
Failed Insight
Harvesting
Harvesting
Harvesting describes how InsightCloudSec collects data from the cloud providers:
- DH (Event Driven Harvesting) is where the data is pushed to InsightCloudSec when there’s a change in your cloud account.
- Regular harvesting is done using standard polling on a schedule. You can customize that schedule—by service, region, and account—to set how often the platform polls for data.
Host Vulnerabilities (Host Vulnerability Management)
Host Vulnerabilities
A host vulnerability or (Common Vulnerabilities and Exposures (CVEs)) is a vulnerability detected on host instances across clouds accounts.
Host Vulnerability Management offers detection, and assessment of this inventory to enable you to view, prioritize and orchestrate a response to any discovered vulnerabilities.
I through J
Impacted Resource
Infrastructure
Infrastructure as Code (IaC)
IaC
IaC allow you to define infrastructure in the cloud by writing code. Rather than deploying or making changes to your infrastructure manually, users can take advantage of the features typically employed in a code development environment.
- Scans (within IaC). An analysis of a configuration that evaluates compliance before infrastructure is deployed.
- Configuration (within IaC). A check or group of checks used for scanning your infrastructure.
IaC Scanning
IaC Scanning
IaC scanning and analysis provides a single, consistent set of security checks throughout the CI/CD pipeline and exemptions for infrastructure-as-code (IaC) templates. These checks identify problems before they happen, correcting misconfigurations and policy violations without delaying deployment.
You can effectively ensure that IaC templates used by DevOps teams are following best practices and company policy as early as possible, while minimizing developer frustration and delays caused by inconsistent checks at each stage of the CI/CD pipeline.
Insight
Insight
An Insight describes a specific behavior, condition, or characteristic of a cloud resource. Insights are the checks—built on a combination of one or more filters and scopes—that are run on your infrastructure. They can be used to report on resources, or to instruct Bots as to which resources require actions. Insights can be used individually or in packs. Some examples of common Insights include:
- Storage Container Exposing Access to the World
- Database Instance Publicly Accessible
- Volume Encryption Not Enabled
InsightCloudSec offers both Featured and Custom Insights. Featured Insights are maintained by InsightCloudSec and harvested down on a regular schedule. Featured Insights are also organized into Featured Insight Packs that address common use cases, such as General Data Protection Regulation (GDPR) compliance. Custom Insights are those you build yourself.
Insight Pack
Insight Severity
InsightCloudSec
InsightCloudSec
InsightCloudSec (formerly DivvyCloud) is a fully-integrated cloud-native security platform (CNSP) that enables organizations to drive cloud security forward through continuous security & compliance.
With InsightCloudSec, Rapid7 is the first organization to bring together a single solution that integrates posture management, identity & access management, infrastructure-as-code, and Kubernetes protection to enable teams to safely speed up their cloud adoption without compromise.
Integration
Job Backlog
Job Backlog
The number of harvest jobs that are enqueued and waiting on a worker node to process. Job backlogs can rise and fall. For example, adding clouds will cause the job backlog to rise as the initial cloud harvests are scheduled. The number of harvest jobs feeding into the job backlog can be greatly influenced by the cloud harvesting strategy selected; more aggressive strategies lead to more jobs.
Job Scheduler
Jobs (InsightConnect)
K through Q
Kubernetes
Kubernetes and Container Security
Kubernetes and Container Security
Kubernetes and container security support with visibility, alongside your clouds, in a single location. Monitoring for changes and pre-built checks to simplify assessment of Kubernetes production environment.
Kubernetes Guardrails allows you to enforce a least privileged access security model across cloud and container environments, reducing excessive entitlements and minimizing blast radius of malicious activities.
Container Vulnerability Management leverages vulnerability context from sources such as InsightVM and Snyk to prioritize risk associated with cloud assets and workloads.
MFA, 2FA, TFA
Orchestrators (InsightConnect)
Orchestrators
The Insight Orchestrator is a server in your network or cloud environment that integrates your tools and systems with InsightConnect.
When a workflow is running, the Insight Cloud keeps the overall workflow logic and data that is generated from each step. When a step is set to run on an Orchestrator, the Insight Cloud delivers the input data and action instructions to the Orchestrator. The Orchestrator executes the action and passes the data output back up to the Insight Cloud. The Insight Cloud then proceeds to the next step in the workflow.
Org Admin
Owners
Permissions, Permission Type (InsightCloudSec)
Permissions
The cloud provider-defined permissions granted to InsightCloudSec to enable harvesting resource information and allowing InsightCloudSec to take resource management actions.
These permission types can be read-only, admin, or some combination of the two. With each release, InsightCloudSec expands its supported resources and correspondingly requires additional permissions to harvest those resources.
Permission (InsightVM)
Plugin
Policy, Policies (InsightCloudSec)
Policy (InsightVM)
Policy
A policy is a set of primarily security-related configuration guidelines for a computer, operating system, software application, or database. Two general types of polices are identified in the application for scanning purposes: Policy Manager policies and standard policies. The application’s Policy Manager (a license-enabled feature) scans assets to verify compliance with policies encompassed in the United States Government Configuration Baseline (USGCB), the Federal Desktop Core Configuration (FDCC), Center for Internet Security (CIS), and Defense Information Systems Agency (DISA) standards and benchmarks, as well as user-configured custom policies based on these policies.
Policy Rule
A rule is one of a set of specific guidelines that make up an FDCC configuration policy.
Standard policy
A standard policy is one of several that the application can scan with a basic license, unlike with a Policy Manager policy. Standard policy scanning is available to verify certain configuration settings on Oracle, Lotus Domino, AS/400, Unix, and Windows systems. Standard policies are displayed in scan templates when you include policies in the scope of a scan. Standard policy scan results appear in the Advanced Policy Listing table for any asset that was scanned for compliance with these policies.
Producers
Provider Organization
Provider Organization
In InsightCloudSec, organizations allow for complete isolation between cloud accounts, resources, and users on an installation. Cloud accounts and their resources can only belong to one Organization and cannot be modified or viewed from another Organization.
Note: An InsightCloudSec organization is different from provider-specific organizations. Provider-specific organizations (available under Clouds > Organizations) are used to manage cloud accounts within the respective provider.
Provisioning
Query Filter
Query Filter
A Query Filter is a feature within InsightCloudSec that specifies conditions in searching for and identifying matching resources. An example Query Filter: ‘Resource is not encrypted’.
Query Filters are used in Insights and Bots. Insights combine Query Filters, scope, and reporting. Bots take action based on the output filters, scope, and Insights.
R through Z
Resource
Resource
A virtual (cloud-hosted) service, utility, or function. Cloud accounts are made up of resources; while different providers use different names in referring to their specific offerings, InsightCloudSec uses normalized names throughout the tool for these resources. For example, AWS’ S3 Bucket, GCP’s Cloud Storage, Azure’s Blob Storage Container, and Alibaba’s Object Storage Bucket all refer to storage resources; InsightCloudSec refers to all of these resources as a Storage Container.
Check out more under Resources .
Resource Groups
Resource Type Categories
Risk (InsightVM)
Risk
In the context of vulnerability assessment, risk reflects the likelihood that a network or computer environment will be compromised, and it characterizes the anticipated consequences of the compromise, including theft or corruption of data and disruption to service. Implicitly, risk also reflects the potential damage to a compromised entity’s financial well-being and reputation.
Role, User Role (InsightCloudSec)
Role
Roles are used to manage the permissions of basic users. They can be customized to permit read, manage, and delete privileges. They can be customized to view all resources or resources defined by Cloud account, Resource Group, or Badge.
Note: While roles relate to users generally, entitlements relate to a users’ ability to interact with specific portions of the tool, e.g., Tag Explorer or BotFactory.
Role, User Role (InsightVM)
Scheduled Events
Scope
Tag (Tag Explorer)
Threat Findings (Threats)
Threat Findings
Threat Findings (feature) is a single view that collects all runtime threat detection findings from various sources.
“Threat Findings” (data) item that refers to the detection of a possible malicious behavior. The finding may refer to a specific event occurring at a specific point in time or a behavior that spans a period of time.
User
User
InsightCloudSec users are distinguished by type: Basic User, Domain Admin, or Organization Admin (Org Admin). Basic Users can be assigned various roles and permissions or privileges. These characteristics are established in the Identity Management portion of the tool. Org Admins have all privileges confined to a single InsightCloudSec organization. Domain Admins have all privileges across an entire InsightCloudSec instance.
User Group
Worker
Workflows (InsightConnect)
Workflows
Workflows are automated procedures executed by InsightConnect. Workflows follow a user-defined sequence of steps, starting with a trigger. For example, when a new indicator of compromise is detected by your SIEM, a workflow may automatically lookup the file or process hash in a threat intelligence platform like VirusTotal or Palo Alto Wildfire.
When a workflow is activated, it will run in the background anytime the trigger event occurs. When a workflow is deactivated, then it will stop looking for trigger events. If the workflow is later reactivated, then it will resume looking for trigger events and will again run in the background for any new trigger events. The workflow will not run for any trigger events that occurred while the workflow was deactivated.
Every time a workflow runs, it creates a job. Read more about jobs below.
In addition to the active or inactive state, a workflow may also have unpublished changes. This allows InsightConnect users to modify or extend workflow functionality without needing to deactivate the current workflow version. Once your changes are ready, you may publish them, thereby replacing the current active or inactive workflow with your modified workflow. You may then edit the workflow again and repeat the process.
View and manage your workflows from the Workflows
page in InsightConnect.
Cloud Provider Terminology Resources
Check out the links below for glossaries for individual Cloud Service Providers (CSPs) and information on their specific terminology.