Insights
Insights surfaces security, compliance, and cost findings across your synced cloud infrastructure. Each insight identifies a category of resources that may require attention, with severity levels, affected resource counts, and actionable mitigation guidance.
Sources and Generation
Insights are generated asynchronously after each sync completes. When a sync lands new data for a supported table, the platform queues a job that evaluates the data against insight rules and joins findings to your asset inventory. The Last synced timestamp on each insight shows when it was last evaluated.
Built-in Sources
These activate automatically when you connect the corresponding integration:
| Source | Cloud | Insight Categories | What It Surfaces |
|---|---|---|---|
| AWS Health | AWS | Security, Availability, Maintenance, Cost, Account | Upcoming and open AWS Health events with severity based on required action and event type |
| AWS Security Hub | AWS | Security | Security findings from Security Hub, including remediation guidance when available |
| AWS CUR Cost | AWS | Cost | Resource-level cost data from Cost and Usage Reports, with 30-day and 7-day trends and spike detection |
| GCP Security Center | GCP | Security | Active findings from Security Command Center (project and organization level) |
| Azure Advisor | Azure | Security, Cost, Performance, Operational Excellence | Recommendations from Azure Advisor across all categories |
Each source maps findings to resources in your asset inventory using ARN or resource ID matching, so you can see which specific assets are affected.
Third-Party Sources
Insights can also include findings from external security tools:
- Wiz: data findings (PII detection, financial data exposure) and security findings
Custom Sources
You can define your own insight rules using Policies for organization-specific checks.
Triaging Insights
A typical workflow after your first sync:
- Open Insights from the sidebar. Findings are grouped by severity by default
- Click Add filter, select Severity, and check Critical and High to focus on what matters most
- Click a finding to open its detail page: check the Evidence panel to understand what was detected and the Mitigation panel for remediation steps
- In the resources table, click an affected resource to open its detail drawer and inspect its attributes or check Related Resources for connected assets
- Click Saved filters in the top-right corner, then Save current filters to save this combination for quick access later
Insights List
The main Insights page displays a table of all detected findings with the following columns:
| Column | Description |
|---|---|
| Severity | Low, Medium, High, or Critical |
| Finding | Title describing the insight |
| Source Category | Sub-category within the source (e.g., Policies, Data Findings) |
| Source | Where the finding originated (e.g., AWS Health, Wiz, GCP Security Center) |
| Insight Category | Category of the finding (e.g., Security, Cost, Compliance, PII) |
| Account | The affected cloud account |
| Resource Type | Types of resources involved |
| Resources | Number of affected resources |
All columns are sortable. Click any column header to sort ascending or descending.
Filtering and Grouping
The filter bar above the table lets you narrow results by any combination of:
- Severity — Low, Medium, High, Critical
- Source — the integration that generated the finding
- Source Category — sub-category within the source
- Insight Category — Security, Cost, Compliance, etc.
- Resource Type — the type of cloud resource affected
- Account — the cloud account
- Tags — resource tags
- Ownership Tags — one entry per tag key if you’ve configured Resource Ownership
Adding a filter: Click Add filter, select a field from the left pane, then check one or more values in the right pane. Your selection appears immediately as a chip below the toolbar.
Editing a filter: Click the value portion of any chip to reopen its value picker and toggle values inline. Click the × on a chip to remove that filter entirely.
Clearing all filters: Click Clear filters to reset to the default (unfiltered) view.
Group By: Use the Group by dropdown to group findings by severity, source, source category, insight category, resource type, or account. When you apply a filter, the grouping automatically shifts to the next ungrouped field — for example, filtering by severity switches grouping to source. Select None to show a flat list.
Saved Filters
Click Saved filters in the top-right corner of the page to open the saved filters drawer. From there you can apply, rename, or delete existing saved filters, or click Save current filters to save your current filter and group-by configuration. The save button is only enabled when at least one non-default filter is active. Saved filters are also available via the Platform API.
Insight Detail
Click any insight to open its detail page. The header shows the insight title, severity, affected resource count, and last synced timestamp.
The resources table lists all affected resources. Use the search field to find resources by name, and use the dropdown filters to narrow by account, cloud provider, region, or resource type.
Click any resource to open its detail drawer, which has three tabs:
- Resource Details: cloud provider, name, type, region, tags, and custom column values
- Related Resources: connected resources (e.g., an EC2 instance’s security groups or attached volumes). You can search and click through to drill into nested relationships. Relationships are pre-configured for common resource types across AWS, GCP, and Azure. This tab also appears in the Asset Inventory.
- Insights: other insights affecting this same resource
Side panels on the detail page show additional context when available:
- Evidence: what was detected and why it matters
- Mitigation: steps to resolve the finding
- Additional Properties: source-specific metadata such as aggregated cost values
Configuring Resource Ownership
Ownership tags let you filter and group insights by who owns the affected resources. Once configured, each tag appears as an “Owner: {tag}” filter in the Insights filter bar. See Resource Ownership for setup instructions.
Next Steps
- Policies: create custom rules that generate insights specific to your organization
- Alerts: get notified when new findings match conditions you define
- Asset Inventory: browse and search the resources that insights are evaluated against
- Reports: build dashboards that visualize insight trends over time
- SQL Console: write queries directly against your synced data for analysis beyond what insights surfaces