All Cloud Assets

Cortex® XDR™ enables you to view all your cloud assets from the various cloud assets categories in the All Cloud Assets page.
Ingesting and Viewing Cloud Inventory Assets requires a Cortex XDR Pro per TB license.
The
All Cloud Assets
page enable you to view all your cloud assets from the various cloud assets categories that you configured for collection from Google Cloud Platform, Microsoft Azure, and Amazon Web Services using the Cloud Inventory data collector.
To view the
All Cloud Assets
page, select
Assets
Cloud Inventory
All Cloud Assets
.
By default, the
All Cloud Assets
page displays all cloud assets according to the most recent time that the data was updated. To search for specific assets, use the filters above the results table to narrow the results. You can export the tables and respective asset views to a tab-separated values (TSV) file. From the
All Cloud Assets
page, you can also manage the assets output using the right-click pivot menu. For more information, see Manage Your Cloud Inventory Assets.
The
All Cloud Assets
table is comprised of a number of common fields that are available when viewing any of the Specific Cloud Assets pages. The
TYPE
and
SUBTYPE
fields are only available in the
All Cloud Assets
table as these fields determine the
Specific Cloud Assets
categories, and can be used to filters the different types of assets from the entire list of assets.
When any row in the table is selected, a side panel on the right with greater details is displayed, where you can view additional data divided by sections, such as
Asset Metadata
and
Asset Editors
. The
Asset Editors
section also provides a link to open a predefined query in XQL Search on the
cloud_audit_log
dataset to view the edit operations by the identity selected for this asset in the last 7 days.
The following table describes the fields that are available when viewing
All Cloud Assets
in alphabetical order.
Certain fields are exposed and hidden by default. An asterisk (*) is beside every field that is exposed by default.
Field
Description
AVAILABILITY ZONE
*
Displays the
AVAILABILITY ZONE
according to the cloud provider.
CLOUD TAGS
*
Displays any cloud tags or labels configured according to the cloud provider.
CREATION TIME
*
Displays the time that the cloud asset was created.
1
This information is not always available.
EXTERNAL IPS
*
Displays list of external public IPs.
GEO REGION
*
Displays the normalized value indicating the geographic region, such as North America or Middle East.
HEIRARCHY
*
Displays the hierarchy of the associated
PROJECT
in the cloud provider separated by a forward slash (
/
) similar to a file path.
The
PROJECT
is called something else in each cloud provider. For more information, see the
PROJECT
description.
INTEGRATION KEY
Internal Cortex XDR identification of the integration collection.
INTERNAL IPS
*
Displays list of internal private IPs.
INTERNET EXPOSURE (PORTS)
*
Displays list of ports, where the details regarding these ports are available to view in the side panel.
LAST REPORTED STATUS
*
Last reported status of the asset, such as
AVAILABLE
or
READY
.
NAME
*
Name that describes the asset as given in the cloud provider, if provided.
PROJECT
*
Displays the associated project name as provided by the Cloud provider. For each cloud provider the project is called something else.
  • AWS
    —Account
  • GCP
    —Project
  • Microsoft Azure
    —Subscription
PROJECT ID
Displays the associated project ID as provided by the Cloud provider, where the project is called something else in each cloud provider. See
PROJECT
description.
PROVIDER
*
The cloud provider used to collect these cloud assets as either
GCP
,
AWS
, or
Azure
.
RAW ASSET
Internal Cortex XDR debug information that displays the raw data used to parse the data.
REGION
*
Displays the region as provided by the Cloud provider.
RESOURCE GROUP
Displays the
RESOURCE GROUP
when using a Azure
PROVIDER
.
RESOURCE ID
Displays the
RESOURCE ID
as provided from the cloud provider.
SECONDARY ASSET ID
Displays a
SECONDARY ASSET ID
provided by the cloud provider that is used in Cortex XDR to identify the asset if a
NAME
is not provided.
SUBTYPE
*
Subtype of cloud asset based on the
TYPE
configured, which can be defined as one of the following.
Each Subtype is displayed with an icon beside it.
  • VM Instance
  • Bucket
  • Disk
  • Image
  • Subnet
  • Security Group
  • Other
This field is unique to the
All Cloud Assets
table.
TYPE
*
Type of cloud asset, which can be defined as one of the following.
  • Compute
  • Cloud Function
  • Storage
  • Other
This field is unique to the
All Cloud Assets
table.
UPDATE TIME
*
Displays the time that the cloud asset was updated. This information is not always available.
1
Due to a known AWS synchronization issue, where the creation time displayed in the AWS Console does not match the actual time when the AWS Bucket was created, the
CREATION TIME
in Cortex XDR does not always match the AWS Console as Cortex XDR displays the actual time.

Recommended For You