Getting Started with InsightCloudSec
Welcome to InsightCloudSec! To get started, onboard a cloud account to begin harvesting and normalizing cloud data. After harvesting, you can review your data, tune your environment, and explore and analyze risk.
Step 1: Connect cloud data
You must connect a cloud account to access InsightCloudSec
When you open InsightCloudSec for the first time or if you have not successfully connected an account, you are prompted to onboard a cloud account through an onboarding wizard. If you close the wizard before completing account onboarding, you can resume onboarding from the page you were on last.
Go to Onboard a Cloud Account to get started.
After installing InsightCloudSec you will need to connect the platform to your cloud data by onboarding one or more cloud accounts. InsightCloudSec includes support for the following Cloud Service Providers (CSP):
- Amazon Web Services, including AWS GovCloud and AWS China
- Microsoft Azure, including Azure GovCloud and Azure China
- Google Cloud Platform
- Alibaba Cloud (Ali Cloud)
- Oracle Cloud Infrastructure
We also support Amazon Elastic Container Service for Kubernetes (Amazon EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), and Kubernetes.
After connecting your cloud account(s), InsightCloudSec will start the process to collect or harvest that cloud account and normalize the data.
Harvesting is the term for collecting data or the process of connecting with your clouds and pulling in the data stored there. InsightCloudSec provides a suggested harvesting schedule but also includes the flexibility to adjust your harvesting strategy based on your organizational needs.
Normalizing the data means that we ingest and identify any resource that is part of your cloud with standard vernacular in simple categories regardless of provider.
Normalizing allows us to combine the data from all of your different cloud accounts and display this data through a single pane of glass through our Resources page and features like Layered Context.
Step 2: View your data (Resources)
After InsightCloudSec harvests and normalizes data from your cloud accounts, you will start to see the resources, virtual services, utilities, or functions that make up your clouds displayed in the resource section of InsightCloudSec. This section provides visibility into your cloud footprint and allows you to drill down and inspect specific resources.
Step 3: Configure your environment
The following table describes the different features related to configuring your environment.
|InsightCloudSec has the ability to dynamically group infrastructure into Applications. An Application is a collection of resources/infrastructure that’s dynamically built and maintained as infrastructure scales up/down to support the customers' workloads. These collections are built based on the presence of a specific tag key that is configured within InsightCloudSec. While on the surface they seem similar to Resource Groups, Applications go much further, providing customers with a real time view of the infrastructure backing their apps while also providing data.
|Badges are key-value pairs that allow you to customize the organization of your cloud accounts within InsightCloudSec. Badges, as key-value pairs, are similar to AWS tags or GCP labels. However, where tags and labels are applied to resources, badges are applied to entire cloud accounts.
|InsightCloudSec is designed to integrate with external systems for both inbound (data aggregation, data collection) and outbound (notifications, ticketing) actions. Integrations within InsightCloudSec enables easy configuration of third-party integrations, such as those for Slack, PagerDuty, ServiceNow, and others.
|InsightCloudSec uses a number of general administrative settings that can help you manage your organization and system information. Take a closer look at our documentation on topics like:
Step 4: Explore and Analyze Risks
The following table describes the different features related to exploring and analyzing risks.
|Insights and Compliance Packs
|Use Insights (checks) to understand where you may have misconfigurations, and to know how compliant you are using our built in 'Compliance Packs'. A built-in group of Insights can be organized around a specific compliance standard (Compliance Pack) for powerful custom analysis.
|Layered Context provides a holistic view of the most critical resources found in all environments that are connected to InsightCloudSec. It provides capabilities including:
|Container Vulnerability Assessment
|Container Vulnerability Assessment can continuously assess all container images specified in production workloads to detect installed packages with known vulnerabilities.
|Infrastructure as Code (IaC) Security
|IaC Security employs the IaC Analyzer to analyze, or scan, your preconfigured infrastructure templates against Insight packs to gain specific feedback about violations and determine compliance before infrastructure is deployed. Each scan can be performed locally using the CLI IaC Scanning Tool or in an automated fashion via a CI/CD pipeline integration and will generate a detailed report of the results.
|Cloud IAM Governance - Overview
|Cloud IAM Governance functionality is available through IAM-related Query Filters, Insights, Principal Activity (for AWS & Azure), detailed views through the Principal Explorer through our Resources page and the Identity Analysis feature.
Learn more about different ways to explore IAM and security with the Identity Analysis feature.
|Threat Findings provides a single view that collects all runtime threat detection findings from various sources. The unified view provides various filtering options, while offering security context by associating the findings with the relevant cloud resource(s) and resource properties. This uniform solution allows users to explore findings using filters and Bot automation.