Understand Risks with Insights

An Insight is a check on a specific behavior, condition, or characteristic of a cloud resource. Built from a continuously growing library of Query Filters, an Insight provides an in-depth understanding of your infrastructure's security, compliance, optimization, or other characteristics that you specify. Insights can focus on specific characteristics or configuration issues, for example, to identify a network missing an internet gateway or to identify a database without encryption.

Some examples of common Insights include:

  • Storage Container Exposing Access to the World
  • Database Instance Publicly Accessible
  • Volume Encryption Not Enabled

As a key feature, Insights provide customization, flexibility, and extensibility to support a variety of cloud environments. The InsightCloudSec platform comes with a library of hundreds of built-in Insights. Check out the FAQ for more information.

Exploring Insights

Navigate to Security > Insights to begin exploring Insights. There are three navigational tabs for this feature:

  • Library - A library containing all Insights that you or InsightCloudSec have created. The Library is the default view for Insights.
  • Compliance Packs - A list of the Compliance Packs that InsightCloudSec has created. Compliance packs are groups of Insights that generally align to popular Compliance frameworks, for example, CIS - AWS 2.0.0, ISO 27017:2022, and more. For more information, see Compliance Packs.
  • Custom Packs - A list of the custom Insight Packs your Organization has made within InsightCloudSec. For more information, see Custom Packs.

Using the Library

Use the various filters on the page (Resource Type, Cloud, Show Favorites, Scopes) to narrow the view to the Insights you want to interact with. Each Insight record includes the severity, number of findings, how many Bots are using the Insight, how many exempted resources are associated with the Insight, when the Insight was released (if it was created by InsightCloudsec), when the Insight was last updated, and who owns the Insight. You can edit the Metadata and Severity on Insights owned by InsightCloudSec, but not the scope (you can use custom Insights to avoid this limitation). Any Insight can be added to a Custom Pack or your Favorites. Any details can be edited for custom Insights and only custom Insights can be cloned or deleted. For more information on custom Insights, see Using custom Insights.

Metadata

You can update the Compliance Pack membership or add annotations for Insights using the Edit Metadata function. Updating Compliance Pack membership will remove the Insight from other Compliance Packs.

To edit an individual Insight:

  1. Using the various filters on the page, find the Insight you want to edit.
  2. Click the Action menu (...).

To edit a group of Insights:

  1. Select individual Insights or use the column-level checkbox to select all Insights. The action buttons (for example, Edit Metadata, Add to Custom Pack) will become active.
  2. Click an action button to perform that action for all selected Insights.

Bulk edit limitations

These actions can only be performed on an individual Insight:

  • View the Insight Report, which includes the following:
  • A report of the resources (per cloud account) impacted by the Insight
  • Insight details, including supported clouds and remediation help
  • Detailed analytics, including total resources impacted by the Insight over time
  • Add Labels, which are strings that can be used to add categorization to Insights to improve searchability. Each Insight created by InsightCloudSec has labels associated with it by default.
  • Create Bot Automation, which is a shortcut to the Bot Creation workflow using the selected Insight.

Using custom Insights

While InsightCloudSec includes an extensive library of Insights with your deployment, you can also create custom Insights. Custom Insights can be used to tailor InsightCloudSec-owned Insights to your specific needs or to create an Insight that InsightCloudSec may not have created quite yet.

To create a custom Insight:

  1. Go to Inventory > Resources.
  2. Optionally, click Scopes to open a panel containing the Clouds, Resource Groups, and Applications found in your InsightCloudSec organization and apply a specific scope.
  3. Click Query Filters, then select and configure at least one Query Filter.
  4. Click Save Insight.
  5. Provide a name, description, optional labels, and severity.
  6. Optionally, mark yourself as the owner of the Insight. If it the Insight is yours, it will not be visible to other users.
  7. Optionally, mark the Insight as a favorite. This will include it on the Summary page.
  8. Select at least one resource type for the Insight to apply to. Select the Include All checkbox to include all resource types.
  9. Click Submit. After saving, the Insight appears as a Custom Insight in the Insights Library.

To create a custom Insight from an existing Insight:

  1. Go to Security > Insights.
  2. For a given Insight, click the Action menu (...).
  3. Click View Insight Report.
  4. Click View Results.
  5. Optionally, adjust the scope (Clouds, Resource Groups, Applications).
  6. Click Query Filters, then select and configure any additional Query Filters. You won't be able to create a custom Insight if you don't change the scope or the Query Filters.
  7. Click Save Insight.
  8. Provide a name, description, optional labels, and severity.
  9. Optionally, mark yourself as the owner of the Insight. If it the Insight is yours, it will not be visible to other users.
  10. Optionally, mark the Insight as a favorite. This will include it on the Summary page.
  11. Update the resource types as necessary. Select the Include All checkbox to include all resource types.
  12. Click Submit. After saving, the Insight appears as a Custom Insight in the Insights Library.

To edit the scope of a Custom Insight:

  1. Go to Security > Insights.
  2. For a given Insight, click the Action menu (...).
  3. Click View Insight Report.
  4. Click View Results.
  5. Click Record Changes.
  6. Adjust the scope (Clouds, Resource Groups, Applications), edit existing Query Filters (using the pencil icon), or add Query Filters as necessary.
  7. Click Save Changes.
  8. Update the Insight information as necessary (for example: name, description, or severity).
  9. Click Submit.