Exploring Cloud Anomaly Detection

Feature Not Yet Released

This page is intended for customers with early access to the Cloud Anomaly Detection feature, which is not generally available (GA) yet. We request that you do not share this URL/page outside of the Rapid7 organization or with customers that do not have early access.

This documentation resource is a work-in-progress; if you have questions, issues, or suggestions about the content provided here, we are happy to receive feedback.

For questions or issues, reach out to your CSM or to support through the Customer Support Portal.

All available audit logs can be found by navigating to Cloud > Cloud Accounts > Audit Log Monitoring within your InsightCloudSec instance. Some details to note:

  • There are four tabs available: Organizations, Accounts, Audit Logs, and Kubernetes Clusters
  • Use the Search field to search for a particular account or log
  • Use the checkboxes next to organizations/accounts/logs to enable bulk actions
  • Click the filter icon within a column to automatically filter the selected view to the particular selection
  • If any errors exist for the organization/account/log, click the badge in the Status column to reveal detailed information for each error discovered.
    • After someone fixes the error, you can click Test Changes to have InsightCloudSec test monitoring the log ad hoc
  • From the Audit Logs tab, you can edit the configuration for an individual bucket

Organizations

The Organizations tab displays the organizations that have been harvested by InsightCloudSec and have logs that can be monitored (these can be logs within the organization/management account itself or member accounts). From this tab, you can enable monitoring for both the management/organization account itself as well as new member accounts. You can also see the number of errors encountered for this organization.

Accounts Monitored Percentage

Within the Organizations tab, there's the Accounts Monitored in Organization column that reports the number of member accounts that have at least one monitored CloudTrail. You can click the value in this column to open the Accounts tab filtered to the selected organization.

To enable monitoring for new member accounts within an organization:

Switch the Auto-Monitoring for New Accounts toggle to enable monitoring for accounts within the organization. Any new member accounts that are discovered within the organization in the future will have their audit logs monitored. You can also select the checkbox next to multiple organizations to enable the bulk action for this.

To enable monitoring for new organization logs:

Switch the Auto-Monitoring for New Organization Logs toggle to enable monitoring for the organization. Any new logs discovered within the organization/management account in the future will be monitored; existing logs that do not have monitoring enabled will have to be enabled separately. You can also select the checkbox next to multiple organizations to enable the bulk action for this.

Accounts

The Accounts tab displays the accounts (management or standalone/member) that have been harvested by InsightCloudSec and have logs that can be monitored. From this tab, you can enable monitoring for newly discovered logs associated with an existing account. You can also see the number of errors encountered for this account.

Log Monitoring Coverage

Within the Accounts tab, there's the Log Monitoring Coverage column that reports the number of logs within a given account that are currently being monitored. You can click the value in this column to open the Audit Logs tab filtered to the selected account.

To enable monitoring for new account logs:

Switch the Auto-Monitoring for New Member Logs toggle to ON to enable monitoring for the account. Any new logs discovered within the account in the future will be monitored; existing logs that do not have monitoring enabled will have to be enabled separately. You can also select the checkbox next to multiple accounts to enable the bulk action for this.

Audit Logs

The Audit Logs tab displays all logs that have been discovered by InsightCloudSec. From this tab, you can enable monitoring for individual logs in case you don't want to monitor all logs for a member or management account or you can update the storage configuration. You can also see the number of errors encountered for the log itself. For more information on storage configuration, see Configuring Cloud Anomaly Detection.

Log & Bucket Names

Within the Audit Logs tab, there's the Log Name and Bucket Name columns that allow you to display resource properties for a given log or bucket. You can click the value in this column to open the Resource Properties pane for a given resource. Review Resources for more information.

To enable monitoring for an individual log:

Switch the toggle to ON to enable monitoring for the log. InsightCloudSec will attempt to access the log for monitoring and any errors will be reported.

Kubernetes Clusters

The Kubernetes Clusters tab displays all EKS clusters that have been discovered by InsightCloudSec. From this tab, you can enable monitoring for individual clusters or you can update the storage configuration. You can also see the number of errors encountered for the cluster. For more information on storage configuration, see Configuring Cloud Anomaly Detection.

Cluster & Bucket Names

Within the Audit Logs tab, there's the Cluster Name and Bucket Name columns that allow you to display resource properties for a given cluster or bucket. You can click the value in this column to open the Resource Properties pane for a given resource. Review Resources for more information.

To enable monitoring for an individual cluster:

Switch the toggle to ON to enable monitoring for the cluster. InsightCloudSec will attempt to access the cluster for monitoring and any errors will be reported.