Getting Started with InsightCloudSec

Welcome to InsightCloudSec! To get started, onboard a cloud account to begin harvesting and normalizing cloud data. After harvesting, you can review your data, tune your environment, and explore and analyze risk.

Step 1: Connect cloud data

You must connect a cloud account to access InsightCloudSec

When you open InsightCloudSec for the first time or if you have not successfully connected an account, you are prompted to onboard a cloud account through an onboarding wizard. If you close the wizard before completing account onboarding, you can resume onboarding from the page you were on last.

Go to Onboard a Cloud Account to get started.

After installing InsightCloudSec you will need to connect the platform to your cloud data by onboarding one or more cloud accounts. InsightCloudSec includes support for the following Cloud Service Providers (CSP):

We also support Amazon Elastic Container Service for Kubernetes (Amazon EKS), Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), and Kubernetes.

Data harvesting

After connecting your cloud account(s), InsightCloudSec will start the process to collect or harvest that cloud account and normalize the data.

Harvesting is the term for collecting data or the process of connecting with your clouds and pulling in the data stored there. InsightCloudSec provides a suggested harvesting schedule but also includes the flexibility to adjust your harvesting strategy based on your organizational needs.

Normalizing data

Normalizing the data means that we ingest and identify any resource that is part of your cloud with standard vernacular in simple categories regardless of provider.

Normalizing allows us to combine the data from all of your different cloud accounts and display this data through a single pane of glass through our Resources page and features like Layered Context.

Step 2: View your data (Resources)

After InsightCloudSec harvests and normalizes data from your cloud accounts, you will start to see the resources, virtual services, utilities, or functions that make up your clouds displayed in the resource section of InsightCloudSec. This section provides visibility into your cloud footprint and allows you to drill down and inspect specific resources.

Learn more about Resources and Resource Terminology.

Step 3: Configure your environment

The following table describes the different features related to configuring your environment.

Application ContextInsightCloudSec has the ability to dynamically group infrastructure into Applications. An Application is a collection of resources/infrastructure that’s dynamically built and maintained as infrastructure scales up/down to support the customers' workloads. These collections are built based on the presence of a specific tag key that is configured within InsightCloudSec. While on the surface they seem similar to Resource Groups, Applications go much further, providing customers with a real time view of the infrastructure backing their apps while also providing data.
BadgesBadges are key-value pairs that allow you to customize the organization of your cloud accounts within InsightCloudSec. Badges, as key-value pairs, are similar to AWS tags or GCP labels. However, where tags and labels are applied to resources, badges are applied to entire cloud accounts.
IntegrationsInsightCloudSec is designed to integrate with external systems for both inbound (data aggregation, data collection) and outbound (notifications, ticketing) actions. Integrations within InsightCloudSec enables easy configuration of third-party integrations, such as those for Slack, PagerDuty, ServiceNow, and others.
General AdministrationInsightCloudSec uses a number of general administrative settings that can help you manage your organization and system information. Take a closer look at our documentation on topics like:

Step 4: Explore and Analyze Risks

The following table describes the different features related to exploring and analyzing risks.

Insights and Compliance PacksUse Insights (checks) to understand where you may have misconfigurations, and to know how compliant you are using our built in 'Compliance Packs'. A built-in group of Insights can be organized around a specific compliance standard (Compliance Pack) for powerful custom analysis.
Layered ContextLayered Context provides a holistic view of the most critical resources found in all environments that are connected to InsightCloudSec. It provides capabilities including:
  • High-level visualizations around the most critical high risk resources
  • A resource-centric view of risk across multiple security domains in a unified, consolidated framework
  • Easy access to details of risk surrounding a specific resource
  • Filtering for context with Clouds and Applications, and on specific resource types, severities, and security domains for better triaging/risk prioritization
Container Vulnerability AssessmentContainer Vulnerability Assessment can continuously assess all container images specified in production workloads to detect installed packages with known vulnerabilities.
Infrastructure as Code (IaC) SecurityIaC Security employs the IaC Analyzer to analyze, or scan, your preconfigured infrastructure templates against Insight packs to gain specific feedback about violations and determine compliance before infrastructure is deployed. Each scan can be performed locally using the CLI IaC Scanning Tool or in an automated fashion via a CI/CD pipeline integration and will generate a detailed report of the results.
Cloud IAM Governance - OverviewCloud IAM Governance functionality is available through IAM-related Query Filters, Insights, Principal Activity (for AWS & Azure), detailed views through the Principal Explorer through our Resources page and the Identity Analysis feature.

Learn more about different ways to explore IAM and security with the Identity Analysis feature.
Threat FindingsThreat Findings provides a single view that collects all runtime threat detection findings from various sources. The unified view provides various filtering options, while offering security context by associating the findings with the relevant cloud resource(s) and resource properties. This uniform solution allows users to explore findings using filters and Bot automation.