Automate with Bots
Copy link

Bots can automate compliance, curation, lifecycle, and notification actions on a select group of resources. Bots are created and managed in the Bot Factory.

Prerequisites
Copy link

Before getting started with Bots you will need:

  • Permissions in a cloud account related to the Bot scope, actions, and run options you want to use
  • Editor or Administrator entitlements for Bot Factory in Cloud Security (InsightCloudSec)

Frequently Asked Questions (FAQ)
Copy link

How does a Bot work?

Bots can automatically perform actions, like adding tags, populating a resource group, or curating a custom Insight, on a group of qualified resources. When you create a Bot, you’ll define:

  • Scope: Specifies the resources that the Bot evaluates. A Bot only evaluates resources associated with selected badges, cloud accounts, Kubernetes clusters, or resource groups.
  • Query Filters: Defines the conditions that must be met before a Bot can act. For example, resources that are older than 180 days, resources that have a specific instance type, or resources exposing a specific port.
  • Action: Specifies what a Bot does. Actions are executed one resource at a time. When a Bot includes multiple actions, the actions are executed in parallel. If you want actions to run in a specific order, some actions can be set to wait a certain amount of time after the Bot is triggered. For example, resources are added to a resource group or scheduled for a restart.
  • Run Options: Specifies triggers for when a Bot runs. For example, when any resource is created, when a resource has a vulnerability or package change, or on a nightly schedule.

When you activate the Bot, it will run according to its run options. If its Query Filters are met, then it will perform its configured actions on its scope.

ℹ️

Looking for Bot examples?

Our documentation about Working with Bots includes detailed examples of Bot configurations and best practices.

How do I create a Bot?

Review Create a Bot for details.

How do I reconfigure or rescope a Bot?

Review Manage Bots for details.

What cloud account permissions are required to run a Bot?

Bot actions are permission-dependent. A Bot can evaluate resources and take action only if InsightCloudSec has the required permissions for the scoped resource in the connected cloud account. If permissions are read-only, Bots can still identify issues and apply non-destructive actions, such as curating an Insight or Resource Group, but cannot modify or delete resources.

How do I copy an existing Bot?

Review Manage Bots for details.

How do I delete a Bot?

Bots can’t be deleted, but they can be archived, which permanently disables the Bot. The Bot’s history and metadata are retained, but scheduled events and noncompliance data are deleted. Review Managing Bots for details.

How do I see a Bot’s recent actions?

From the Bot Listing page, click the Bot you want to review and select the Audit tab. This displays a log of actions the Bot has performed successfully or unsuccessfully. You can also view Bot events in the Bot Factory. Review Managing Bots for details.

What happens to a Bot if a cloud account in its scope is removed from Cloud Security (InsightCloudSec)?

Bots will remain active and operate on their defined schedules but return 0 resource results. You will need to pause or archive any Bots manually.

What happens to a Bot if the linked Insight is edited?

The Bot configuration will automatically update to include edits and the Bot will continue to run.

What happens to a Bot if the linked Insight is deleted?

If you delete an Insight associated with a Bot, Cloud Security (InsightCloudSec) will show you any associated Bots after the Insight is deleted. Associated Bots will be automatically paused.

Renaming a Bot and Scheduled Events

If you reconfigure an existing Bot to change the name, any currently active events will be deleted. To simply rename a Bot, use Update Information and any currently active events will remain.