Get Started

Getting Started

Deploy

Onboard and Manage Accounts

Amazon Web Services (AWS)

Google Cloud Platform (GCP)

Microsoft Azure

Oracle Cloud Infrastructure (OCI)

Additional Providers

Collect and Integrate Data

Harvesting & Event-Driven Harvesting

Integrations

Understand Data

Visibility & Reporting

Inventory

Query Filters & Insights

Manage and Act on Data

Bots & Automation

Infrastructure as Code (IaC) Security

Cloud IAM Governance

Vulnerability Management

Workload Security

Manage System Settings

InsightCloudSec System Configuration

Developer Resources

APIs

Support

Resources

In InsightCloudSec, all services, utilities, or functions that make up your cloud are managed as Resources. Resources are fundamental to every feature within InsightCloudSec. After deploying our platform and connecting your cloud accounts, the Resources page is a single location from which to view resources across all of your cloud accounts. This visibility is the key building block for creating meaningful reporting, management, and automation.

Resource terminology

Resources are the normalized InsightCloudSec representation of components of cloud computing. Since our platform is multi-cloud, we developed a standardized (or "normalized") terminology for every resource that is displayed, so that it can be understood in a global context regardless of which provider it comes from.

For example, a "Storage Container" in InsightCloudSec is the normalized term used to refer to: AWS’ S3 Bucket, GCP’s Cloud Storage, Azure’s Blob Storage Container, or Alibaba’s Object Storage Bucket.

Many of these terms will be obvious, but for those terms that aren't clear, or for users that may not be as familiar with certain providers, we want to make that easy to understand.

In the product, you can hover over a resource will display both the specific resource name and the associated Cloud Service Provider (CSP).
Review our in-depth Resource Type Definitions for the normalized name of each Resource Type we support, the category, and a general definition.
Review our Resource Matrix to see every Resource Type in a table format alongside its CSP-specific name.

Connect cloud account resources

Before getting started with Resources, you will need to have a functioning InsightCloudSec installation that includes at least one connected cloud account. If you haven't connected any cloud accounts, there won't be any resources to view.

Take a look at our Cloud Account Setup page to review the steps for connecting your cloud account(s).

Refining resources

Starting with your Resources, InsightCloudSec capabilities allow you to refine your view by applying Query Filters to create Insights or Insight Packs, and then take action using Bots.

Understanding resources

Clicking the Resource option on main navigation in InsightCloudSec expands to display the following features:

Feature	Description
Resources	This page walks through the details around the information available in the main Resources section of the InsightCloudSec platform (or the first option under the Resource menu). InsightCloudSec includes 6 categories of resources: Compute, Containers, Storage, Network, Identity & Management, and Machine Learning & AI.
Resource Groups	Resource Groups offer a way to more efficiently manage resources, enabling users to apply functionality to groups of resources.
Application Context	Application Context provides visibility into your Applications, which are collections of resources/infrastructure that are dynamically built and maintained
Tag Explorer	The Tag Explorer of InsightCloudSec allows users to create tagging configurations to view breakdowns of tagged (or untagged) resources.

Navigating Resources

Resources under each category are organized alphabetically. You can modify the view of your resources using search, scope, or Query Filters. You can also toggle the list of resources for each category using the Vertical Ordering toggle. Navigation tools include:

Tool	Description
Resource Type Search	Click the arrow to expand the full list, otherwise begin typing to narrow the selection with suggestions. This search box supports provider-specific terminology. For example, searching for and selecting 'S3 Bucket' will navigate you to the Storage Container Resource Type.
Scopes	Displays resources associated with selected clouds or selected resource groups. You can scope clouds using Badges or searching for specific cloud accounts. You can scope resource groups or applications by searching for specific names (or portions of names) of the resource group or application (respectively). To reset this list, select Actions > X Clear All . To remove specific clouds from the scope, select the X next to the cloud name beside Scopes.
Query Filters	Displays resources scoped by Query Filters. You can search for specific filters by name or partial name, cloud type (e.g., AWS), or resource type (e.g. Storage Container) and explore the results with the pagination controls. To reset this list, select Clear All next to Actions.
My Resources	Shows only the resources belonging to you, the current owner. To reset the list of resources, click My Resources again.

All resources matching your scopes and selected Query Filters will be displayed as a list beneath the resource categories. This list will show different resource characteristics, depending on the resource type selected.

For example, characteristics describing a Database Snapshot -- a Storage resource type --may include Snapshot type, Size, and State (Availability). Characteristics describing a Storage Container --also a Storage resource type---may include Total Objects, Size, and Logging Bucket.

This page contains high-level information

This page is a high-level overview of navigating the Resources landing page within the InsightCloudSec platform but it's also important to note that Scoping (via Cloud Accounts, Badges, and Resource Groups), as well as implementing Query Filters, are also accessible through this page, and these capabilities are tied to creating Insights.

This page will not cover the specific details on configuring these additional capabilities, but if you are looking for more information, refer to the following pages: Query Filters, Badges, Resource Groups, Insights.

Query Filters

To narrow your view of Resources, select the Query Filters option at the top of the page.

The Query Filters panel allows you to narrow the scope of your resources using Query Filters that you can identify using any of the following:

Filter	Description
Search	Use text search based on Query Filter names to identify Query Filters
Clear	Allows you to clear all selected criteria and start over
Select Cloud	Identify Query Filters based on their supported Cloud Service Provider or multiple providers (e.g., AWS, Azure, GCP, etc.) by selecting or text searching. Hover over the Cloud Service Provider icon to see all supported options (e.g. AWS, AWS GovCloud, AWS China).
Select Resource Type	Identify Query Filters based on supported resource type (e.g., storage container, instance, database) by selecting or text searching
Category	Identify Query Filters based on category (e.g., Compute, Container, Network) by selecting

Viewing Query Filter Details

Each line in the panel shows the name of the Query Filter along with the icons for all supported Cloud Service Providers. Click on the arrow to the left of any Query Filter name to see additional details for any Query Filter including:

Description of the Query filter behavior
Supported Resource Types
Query Filter code

If these details are not visible, your InsightCloudSec platform installation may not include support for an associated feature. Reach out to our team through Getting Support to confirm, or discuss access.

Apply Query Filters

Enter your query filter criteria.
Select Config or Apply to apply the Query Filter to your resources view.
- If your desired Query Filter has a Config button next to it, you will need to supply additional details before applying to the filtered Resource view.
- If your desired Query Filter has an Apply button next to it, click Apply to view the filtered Resource view.
To close and view your filtered resources, click the X in the top right of the Query Filter panel.
The Resources Page will display your results with the selected Query Filter(s) applied. The filtered view will show the number of Query Filters applied, the name(s) of the Query Filters, and what resource types are supported.
- To start over, select Clear All.
- To turn the filtered view into a custom insight, select Save Insight.
- To download the filtered set of resources, click Download Resources.

The name of the Query Filter will appear red if it is misconfigured. Hover over the name to see details about the issue.

Download resources

At the top of the Resource Management page, you have the option to download your full cloud asset/resource inventory up to 250,000 items. To ensure your download does not exceed 250,000 items, you can filter through the Download modal or by selecting a query filter and downloading the results.

Download Resource JSON

In addition to viewing details about an individual resource you can also download the details in JSON format. This downloads all of the data associated with this resource (Properties, Actions, Dependencies, Activity, etc) in JSON format.

Select the individual resource you want to download, expand the detail blade view, and click on the arrow located in the top right of the individual resource view.

Resource Properties

For visibility into each resource, click on the box-with-arrow icon just to the left of the resource name. In the newly opened pane, the following list shows the most common information available for resources:

Field	Description
Properties	All resource attributes that are directly accessible, e.g., name, cloud, account ID.
Actions	All actions you can take for this resource directly from the InsightCloudSec console, e.g., Delete Resource, Remove Public Permission.
Related Resources	Other resources, if any, associated with the resource. Review Related Resources for details.
Activity	Scheduled events (if any) and the cloud history for the resource. Cloud history is currently only available for AWS resources.
Insight Findings	Specific Insights where Bots have found violations or noncompliance, if any, for this resource. Click an Insight's title to open the Insight Report in a new browser tab.
Tags	Existing tags for this resource with options to edit these as well as add new tags.

Depending on the resource, additional information will display, e.g., Permissions for Storage Container resources, InsightVM Vulnerabilities, etc.

Other Important Properties

All Resources also include a Last Full Harvest status under the resource properties, note this may be blank if a resource was not recently harvested. Check out Harvesting Overview for more information.

The following additional resource properties are particularly useful when working on configuration around security and compliance for these specific resources.

Go to Storage > Container Images and review the Vulnerabilities tab.
Go to Compute > Instances and review the Threat Findings tab.

Source Documents (Data)

For select AWS resource types, there is an additional detail pane, Source Documents, that surfaces raw data about the resource harvested directly from the Cloud Service Provider (CSP). This additional context about your resources can help to further investigate configuration issues or provide deeper analysis.

Click into the document viewing area, then use ⌘F (MacOS) or CTRL+F (Windows) to search through the data. This data is also included with the resource download, or can be viewed and copied directly from the Source Documents pane.

Source Documents Supported Resources

Support for this feature is currently available for a subset of AWS resource types. More resources will be added over time along with coverage for other CSPs, including Azure and GCP. The Source Documents detail pane will inform you if the selected resource is not supported.

Source Documents - Supported AWS Resources


text
1
Amazon DocumentDB
2
Amazon Macie
3
Amazon MemoryDB for Redis
4
Amazon MQ
5
Amazon OpenSearch Serverless
6
Amazon Redshift (Snapshot)
7
Amazon Sagemaker (Notebook)
8
Amazon Timestream
9
Amazon Transcription
10
API Gateway (Domain, Key, Stage)
11
Athena (Workgroup)
12
AWS App Runner
13
AWS AppSync
14
AWS Auto Scaling (Group, Launch Configurations)
15
AWS Backup (Vault)
16
AWS Glue (Data Catalog, Security Configuration)
17
AWS Outposts
18
AWS Transfer Family (SFTP Server)
19
Batch (Compute Environment)
20
CloudFront
21
CloudHSM
22
CloudTrail
23
CloudWatch (Alarm, EventBridge event bus, Log Group, Rule)
24
Codebuild Project
25
Cognito (User Pool)
26
Container Image (ECR)
27
DataSync (Task)
28
Direct Connect
29
Directory Service
30
Dynamo DB (Accelerator (DAX))
31
DMS Replication Instance
32
EC2 Instance (Amazon EBS Snapshot, Amazon EBS Volume, Launch Template, SSH Key Pair)
33
EFS
34
Elastic Container Service/Fargate (Cluster, Container Task, Task Definition)
35
Elastic Container Registry (Container Image)
36
Elastic IP
37
Elastic Kubernetes Service (Cluster, Container Instance, Node Group)
38
Elastic MapReduce
39
Elastic Network Interface (ENI)
40
Elastic Transcoder (Pipeline)
41
FSx
42
IAM (IAM/ACM SSL Certificate)
43
IAM Policy (Customer-Managed)
44
Key Management Service
45
Kinesis (Data Firehose)
46
Kinesis Video Stream
47
Lambda
48
Managed Apache Airflow (Environment)
49
MSK (Instance)
50
NACL/Security Group
51
NACL/Security Group Rules
52
Neptune
53
RDS (Aurora, Aurora global database, Event Subscription, Snapshot)
54
Route 53 (DNS Zone, Resolver Configuration)
55
Recycle Bin
56
Region
57
S3 (Access Point)
58
S3 Glacier
59
Secrets Manager (Secret)
60
Serverless Application Repository
61
Shield
62
Simple Notification Service (Subscription)
63
Simple Queue Service
64
Step Function State Machine
65
Storage Gateway (NFS/SMB File Share)
66
Systems Manager (Parameter Store (Parameter), Document)
67
WorkSpaces (Instances)
68
VPC (Endpoint/PrivateLink, Elastic Network Interface (ENI), Flow Log, Internet Gateway, Peer, Managed Prefix List, NAT Gateway, Route, Route Table, Site-to-Site VPN, Subnet, Traffic Mirror Target, Transit Gateway, Virtual Private Gateway)
69
VPC Subnet

Source Documents - Supported Azure Resources


Text
1
API Management Service
2
App Registration
3
Azure Active Directory Group
4
Azure Active Directory Service Principal
5
Azure Active Directory User
6
Azure Cosmos DB
7
Data Factory
8
Event Grid Topic
9
Federated Azure AD Group
10
Federated Azure AD User
11
Image
12
Logic App
13
Network Security Group
14
NSG Flow Logs
15
Redis Cache
16
Role Definition
17
Security Rules
18
Service Endpoint/Service Endpoint Policy/Private Endpoint
19
Service Fabric Cluster
20
Snapshot
21
Storage Account
22
Subnet
23
Template Spec
24
Virtual Network

Source Documents - Supported GCP Resources


text
1
Airflow Environment
2
Artifact Registry
3
Autoscalers
4
BigQuery Dataset
5
Bigtable
6
Container Cluster
7
Cloud Armor
8
Cloud Credentials
9
Cloud Function
10
Cloud KMS Cryptoky
11
Cloud KMS Keyring
12
Cloud Run
13
Cloud Spanner
14
Cloud SQL
15
Cloud SQL Backup
16
Data Factory
17
Dataflow Jobs
18
Direct Connect
19
DNS Zone
20
Image
21
Instance
22
Logs Storage
23
NAT Gateway
24
Network
25
Network Flow Log
26
Network Peer
27
Pub/Sub Subscription
28
Pub/Sub Topic
29
Secret
30
Service Account Key
31
Service Certificate
32
Service Certificate Authority
33
Service Domain
34
Service Policy
35
Shared File System
36
Snapshot
37
Stackdriver Sink
38
Subnet
39
URL Map
40
Virtual Private Gateway
41
VPC
42
VPN Tunnel

View & Copy Source Data

From the actions menu and the context details panel, you have the ability to view and copy CSP source data for a given resource. Currently, source data can only be viewed for one resource at a time.

The source data is available as a JSON file and contains a summary of the information collected directly from the CSP for a given resource (for example just the data collected directly from AWS). To only view and copy this data you will need to cut and paste from the Source Documents tab, the download button will provide all of the details for this resource in JSON format including the content on the Source Data tab.

Additional Resource Details

Some helpful additional Resource details are provided below. This is not an exhaustive list of browsing, filtering, or automation capabilities, but an overview to help build your familiarity with what details are available in this section of the InsightCloudSec platform.

Direct Linking for Resources

As part of your Resource, under Properties, InsightCloudSec includes capabilities to build dynamic links that connect to many resources within Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

To display direct link information for any supported resource, select the resource type from your target category, and click on the Open Resource Properties dialog (next to the checkbox for individual resources). The last line of the resource properties panel, Direct Link, will show the link associated with the applicable resource.

Direct Link Permissions

AWS Required permissions (already in the AWS policy): iam:ListAccountAliases
GCP For GCP resources, "view" permissions will be required to properly display and access any direct links.

Supported Resources

Direct link capabilities are currently available for AWS and GCP. Direct links are not applicable to all resources - we are working to expand coverage with each release. For resources that are not supported, links may be improperly formatted or redirect to general console locations rather than resource-specific locations.

Smartlink with Jinja2

You can also use direct link with Jinja2 to create notifications in Slack that link to the resource. The Jinja2 call is {{resource.get_provider_link()}}. Check out additional details on our Jinja2 - References page.

Six navigation functions are available for viewing individual resources within your selected resource type.

The addition navigation options include:

Option	Description
Include Tags	Allows you to specify up to 5 tags to include in the listing; then displays the values of those tags for each of the listed resources. Learn more about tagging in our page on Tag Explorer.
Create a new resource	Opens the Provisioning screen, from which a new resource can be created. Admin permissions are required.
Refresh Resources in Table	Refreshes the current resources table.
Download CSV	Downloads the resource data from the current view as a CSV file. This will download the data per individual resource type (e.g., Compute, Network, Storage, etc.) All resource attributes are downloaded, not just ones toggled 'on' for display in the on-screen table. (See also "Toggle Column Visibility". Refer to the section on Downloading Resources to download all resources associated with your cloud.
Toggle Column Visibility	Allows you to select the resource attributes to display as columns in the table. The drop-down list shows only attributes relevant to this resource.
Deselect Resource Type	This clears the table and returns you to the "Resources" main page.

Managing Resources

To manage a resource, select the checkbox next to the desired resource. The navigation buttons will be replaced by action buttons, which allow you to take actions based on the resource type.

Action buttons vary by resource type and change dynamically based on the resource selected. Example actions for a resource include:

Action	Description
Add to a resource group	Adds the selected resources to a resource group.
Assign Owner	Opens the Associate Resource Owner dialog window with a drop-down list of names from which you can select and assign an owner.
Permanently delete selected resources	Deletes selected resources after confirmation.
Start selected resources	Starts the selected resource. This action only applies to Compute resources.
Stop selected resources	Stops the selected resource. This action only applies to Compute resources.
Reboot	Restarts the selected resource. This action only applies to Instances.

Resources with Expanded Data

Some resources integrate with internal (InsightCloudSec) and external functionality and provide expanded data as a result:

Resource	Description
Cloud Users / Cloud Roles	These resources integrate with Cloud IAM Governance - Access Explorer, AWS Least-Privileged Access (LPA) - Setup & Config, and Azure Least Privileged Access (LPA) Note: The additional data available with these resources is tied to Access Explorer (which requires a specific license) and the proper configuration of LPA.
Cloud Domain User / Cloud Domain Group	These resources integrate with GCP's Domain-wide delegation, which when configured, provides additional data including MFA Status, Group associations, and last login. Check our the GCP Directory Support page for additional details on configuration.
Instances	Directly connected with the InsightVM Integration
Recommendation	These resources integrate with GCP's Recommendation functionality. Review GCP Recommendation Actions for more information.
Federated User / Federated Group	Azure Users and Groups that have federated access to AWS SSO via Azure AD are now viewable on the Resources page under the Identity & Management section once harvested by the new FederatedPrincipalHarvester. No additional configuration is required for these to appear on the Resources page (previously, they were only viewable via the Access Explorer).

What's Next?

After familiarizing yourself with Resources, and viewing the information available here, we recommend learning more about:

Resource Groups - Collections of resources that can be used to apply granular permissions to a subset of a cloud footprint, to improve visibility or to apply custom policy.
Insights - An Insight describes a specific behavior, condition, or characteristic of a cloud resource. Insights are the checks built on a combination of one or more Query Filters and scopes that are run on your infrastructure. They can be used to report on resources, or to instruct Bots as to which resources require actions.

Did this page help you?