SMTP (Email Notifications)
Simple Mail Transfer Protocol (SMTP) enables InsightCloudSec to send email notifications and is compatible with all InsightCloudSec resources. This functionality, once configured, enables users to create notifications for emails in a variety of different scenarios. For example, a user can generate an email that includes a list of all Instance Owners who have provisioned an instance without corporate-required tags. Alternatively an email notification could also be generated to list all Instance Owners who have modified an instance removing corporate-required tags. This example is just one of hundreds of possibilities that you can explore based on your specific needs and driven by your deployed cloud resources, security and compliance goals, and operational strategy.
Amazon SES
To leverage Amazon SES refer to our example here.
Prerequisites
Before you get started you will want to ensure you have the following:
- A functioning InsightCloudSec installation with the appropriate admin permissions
- Details about your SMTP server (hostname, IP, port, etc.)
Email notifications are isolated to an Organization. This allows you to tailor email settings to business units, geographies, or however your enterprise is structured.
If you have questions or issues with this capability reach out to us through the Customer Support Portal.
Integrations and Templating
InsightCloudSec includes support for Jinja2 Templating and numerous third-party Integrations. Check out the links for details on configuring these capabilities.
Steps to Configure SMTP
Follow the steps below to configure an SMTP server in InsightCloudSec.
- Login to InsightCloudSec and navigate to System Administration.
- From the Organizations tab, locate the Actions menu for the organization to wish you wish to send emails and select Configure Email (SMTP).
- To configure SMTP, enter the information relevant to your organization (you may need to scroll through the dialog to access all inputs):
- Hostname/IP -- Enter the name or IP address of the host used for SMTP transactions, e.g., smtp.your-company-name.com.
- Port -- Enter the port used for SMTP transactions, e.g., 465.
- Use SSL (checkbox) -- Select if you want InsightCloudSec to use Secure Sockets Layer (SSL) to encrypt the connection; this selection is recommended if you are sending sensitive information.
- Username (optional) -- Enter the username for the account that you will use to connect to the SMTP server, e.g.,
your.username@your-company-name.com
. - Password (optional) -- Enter the password of the account that you will use to connect to the SMTP server.
- Email -- Enter the email address you wish to use as the default for emails sent from InsightCloudSec (e.g.,
InsightCloudSec-NoReply@your-company-name.com
) - Domain Whitelist (optional) -- If desired enter an optional list of whitelisted recipient domains (e.g.,
gmail.com
,acmecorp.com
, etc.). Email recipients not in this list will be discarded. - Set as Global Config (checkbox) - If selected, the configuration for SMTP supplied here will be applied to all other organizations within your domain.
- To confirm/test your settings click TEST. You should see a confirmation message indicating success (that the SMTP messages was generated) and also verify you've received the email.
- Click Submit to save your settings. You should see Email Configured has a checkmark next to the organization you modified.
Configuring an Example Bot
Part of the SMTP functionality allows users to take advantage of the InsightCloudSec email action within a Bot configuration. To test, you can create a Bot that, based upon its scope and filtering, will return a positive result. In this example, we walk through setting up a Bot to verify that a cloud account has a cloud user.
- Check out our BotFactory documentation to learn more about this feature.
- You can also review Working with Bots (Best Practices & Examples) for specific examples.
Email Matching
You will receive one email per match, so choose a test without too many matches!
- Navigate to Automation > BotFactory from the main menu.
- Select Create Bot and give your Bot a name, description, and category. Click Next.
- Select the Scope of your Bot and Filters and click Next.
- Select Add Action and search for/select Send Delayed Email to send yourself an email for all matches.
- Use Jinja2 templating to add resource-specific data in your email.
- You can also dynamically assign a recipient via one or more tags. (You may need to scroll through the dialog to access all setup fields.)
- Select when to run your Bot.
- Review and run your Bot.
Bot Status (Paused)
Bots are created in a paused state. This default allows you to review your Bot before running your Bot. You can review your Bot using the Bot Overview, available via Automation > Botfactory, by clicking on the name of the target Bot on the Listing page. When you are ready to run your Bot, on the Bot Listing page, select the target Bot and then Enable from the action submenu next to the name of your Bot. Return to the action submenu and select On demand Scan.
- Finally, check your email to see the results.
Pack-Level Notifications
Pack-level notifications enable customers to send emails based on packs of Insights. This includes both the out-of-the-box Compliance Packs that are included with InsightCloudSec and any Custom Packs a customer may create for their specific environment. In our previous Bot example we configured a single email for a single Insight. While this single email per Insight may be appropriate for your use, you may also seek a different level of granularity. Pack-level notifications can configure a single email that can be generated for an entire group of Insights. The pack-level notification capability includes cadence settings to send an email weekly, daily, or hourly. It allows for the delivery of information around an entire category of Insights, enabling organizations to cut down on the "noise" of notifications generated from several bots, since each Bot can only send an email for a single Insight.
Prerequisites
Before setting up a pack-level notification email, you will need:
- An InsightCloudSec installation with Organization or Domain Admin permissions
- A working SMTP configuration
Delivery Cadence
It's important to note that selecting a specific hour or minute will not guarantee delivery of an email notification at the specified time. When selecting a delivery time you must account for the time required to process the request and create the data for the email notification. For example, if the cadence is shorter than the time to takes the system to process the request and generate the reports, a user may receive two copies of the email notification. To avoid issues with your delivery we recommend a cadence that is at least 10 minutes or longer.
Pack-level Email Notification Setup
To configure an email notification, you can set up the notification (subscription) based on an Insight Compliance Pack or a Custom Pack. Complete the following steps.
- Navigate to Security > Insights and locate the Insight Pack you want to use as the basis of your notification.
- Click the actions menu to the left of the name of the target Insight pack. Select Manage Subscriptions.
- Click Add New Subscription and complete the details for your email subscription including the following details:
- Subscription Name
- Description (optional)
- Recipient Email(s) - drop-down men
- Your desired frequency
- Click Ok when you have completed the fields as desired.
- To test your newly created subscription, open the Manage Subscriptions list and click the Send Now arrow.
- If you've supplied an invalid email address or you do not have an SMTP server configured, the system will respond with an error.
- This is where you will also access any existing subscriptions or notifications if you need to edit or update them.
- Success! Your intended recipients should receive an email with the details you configured.
- Download the excel attachment to view your report findings for the notification (e.g., HIPPA Subscription).