Badges
Badges are key-value pairs that allow you to customize the organization of your cloud accounts within InsightCloudSec. Badges are similar to AWS tags or GCP labels. However, where tags and labels are applied to resources, badges are applied to entire cloud accounts. For example, one badge might have a key of environment
and a value of production
and another might use environment
with the value testing
, allowing your organization to group cloud accounts based on usage. Most badge features require appropriate permissions. Learn more about required permissions in our Users, Groups, and Roles (Administration) documentation.
Accessing Badges
Existing Badges are accessible from the Cloud Accounts section of InsightCloudSec.
To see all available Badges and Badge trends:
- Login to InsightCloudSec.
- Navigate to Cloud Accounts > Badges.
To see Badges for a specific cloud account:
- Login to InsightCloudSec.
- Navigate to Cloud Accounts > Listing.
- For a given cloud account, click the value in the Badges column.
Badge types
Badging within InsightCloudSec is a powerful system that allows you to establish a taxonomy across your cloud and Kubernetes footprint. It can be used for reporting and automation purposes as well as authorization within the Role Based Access Control (RBAC) system. There are 3 types of badges:
System
System Badges are automatically applied when services such as AWS, Microsoft Azure, Google Cloud Platform (GCP), and Kubernetes and their respective resources are connected to the product. There are 2 badges that fall into this category that are always assigned: system.cloud_type
and system.resource_type
. These badges cannot be modified and remain in a fixed state within the database.
system.cloud_type
Defines the type for a given cloud. For example: amazon web services
, microsoft azure
.
Example usage:
Create a Bot with a scope containing the badge system.cloud_type:amazon web services
. As InsightCloudSec automatically onboards additional AWS accounts and assigns them the system.cloud_type:amazon web services
badge, new accounts are automatically incorporated into the scope of the existing Bot. This is a great maintenance-free way to scale your Bot automation alongside the growth of your cloud footprint.
system.resource_type
Defines the internal type for a given resource. For example: system.resource_type: cloud
, system.resource_type: k8s cluster
.
Example usage:
Create a Bot with a scope containing the badge system.resource_type: cloud
to include every cloud account to monitor for public object storage such as AWS S3, Google Cloud Storage, or Azure Blob Containers. Any time one of these resources is exposed to the public and puts an organization's data at risk, the Bot can respond. This particular badge can be configured to monitor accounts that exist in the InsightCloudSec platform today as well as those that are added in the future.
Auto-generated
Auto-generated badges are similar to System Badges in that they cannot be modified or deleted within the product. However, they are inherited from the tags/labels associated with the cloud itself. If you associate tags with your AWS Cloud Accounts (this requires AWS Organizations), labels on your GCP Projects, or tags on your Azure Subscriptions, they are automatically funneled into the system as auto-generated badges. This capability is only supported when connecting InsightCloudSec to the organization (or master) account of your AWS, Microsoft Azure, or Google Cloud Platform. Documentation on this capability for each provider can be found here:
Custom
Custom badges are defined as key-value pairs within InsightCloudSec. They can be created, modified, and deleted by any user with administrative privileges and there's no limit to the number of badges that can be associated with a cloud account. If your organization does not have a pre-built taxonomy that can be inherited from your cloud accounts or Kubernetes clusters using Auto-generated Badges, then these can be used as an alternative.
Custom badges can be used to organize reporting to identify alerts and vulnerabilities associated with resources that are owned by a particular user or those associated with accounts that are high risk based on the classification of data. Badges also assist Bot users to dynamically route alerts and notifications to any number of integration options, including Slack, Microsoft Teams Channels, email distribution lists, and more based on the value of a target badge. For example:
owner: joe.smith@acmecorp.com
risk: high
environment: production
slack_channel: #acmecorp-ics-alerts
Add or modify a Badge
You can add or modify a badge from the Cloud Accounts Listing page. Note the following limitations:
- The maximum length for the badge key and value is 255 characters.
- Custom badges cannot start with
system
. - Badge keys and values are case sensitive.
To add a badge:
- Login to InsightCloudSec.
- Navigate to Cloud Accounts > Listing.
- For a given cloud account, locate the Badges column and click the value in that column.
- Click the Add Badge.
- Update the Badge Key and Badge Value as necessary.
- Click Submit.
To modify a badge:
- Login to InsightCloudSec.
- Navigate to Cloud Accounts > Listing.
- For a given cloud account, locate the Badges column and click the value in that column.
- Update the Badges as necessary. System and auto-generated badges are not editable.
- Click Submit
Remove a Badge
To remove a Badge from a specific account:
- Login to InsightCloudSec.
- Navigate to Cloud Accounts > Listing.
- For a given cloud account, locate the Badges column and click the value in that column.
- For each Badge you want to delete, click the trash can icon (Delete). System and auto-generated badges do not have the trash can icon.
- Click Submit.
To remove a Badge from all accounts:
- Login to InsightCloudSec.
- Navigate to Cloud Accounts > Badges.
- Locate the Badges you want to delete.
- If there is only 1:
- Click the Action menu (...), then click Delete Badge.
- If there are multiple:
- Select the checkbox next to each Badge.
- Click Delete.
- If there is only 1: