Data Inventory

The new Data Inventory (
Inventory
Data
) provides information on the number of S3 storage buckets being monitored and summary data cards that provide status on how objects are exposed—public, sensitive, or malware, along with a detailed inventory view of objects across accounts, account groups, buckets and regions. It also provides a number of filters such as Time Range, Bucket Name, Bucket Exposure, Object Profile, Object Pattern to find the specific buckets or objects they are interested in.
  1. The Data Inventory page displays 6
    data cards
    :
    • Total Buckets
      • Total number of buckets discovered in AWS (except empty buckets)
    • Public Buckets
      • Total number of buckets identified as public based on exposure
    • Total Objects
      • Total number of files discovered in buckets
    • Public Objects
      • Total objects with exposure public.
    • Sensitive Objects
      • Total number of objects containing sensitive data such as Financial Information, Healthcare, PII and Intellectual Property
    • Malware Object
      • Total number of objects identified by Wildfire as Malware
  1. The Inventory table at the bottom of this page represents a hierarchical view of data grouped by account name, service name and region name. There are 4 views available on this table with the default view under cloud type followed by service name followed by bucket view followed by object view.
  • View 1 (Cloud View)
  • View 2 (Service View)
  • View 3 (Bucket View)
  • View 4 (Object View)
The Object View above includes the following information
  • Object Name
    • Name of the file as discovered in the bucket
  • Object Exposure
    • Private, public, or conditional
  • Data Profile
    Scanned content is classified under one of the following profiles: Financial Information, Healthcare, PII, or Intellectual Property. If an object belongs to any of the above categories, it is identified as sensitive data. The status of a scan can be one of the following:
    • Scanning
      —Object is submitted successfully.
    • Failed
      —Object could not be submitted for scanning.
    • Not Sensitive
      —The object does not contain sensitive information for the data profiles and data patterns used to scan.
    • Not Supported
      —File type is not supported for scanning. See Supported File Extensions—Prisma Cloud Data Security.
    • Too Large
      —File size is greater than 20MB.
  • Data Patterns
    • Data Profiles include one or more data patterns. For example, the PII data profile includes the Driver’s License #, SSN, Tax Identification Number, among other patterns.
  • Snippet Status
    Displays the three states that your snippet scan can be in. In order to view the masked data your Snippet Status must show
    Available
    .
    • Not Available
      —Indicates that the
      Snippet Masking
      option you selected has not been applied to your data. Click
      Generate Snippets
      to apply the mask.
    • In Progress
      —The state that Prisma Cloud be in after you click
      Generate Snippets
      and are applying the
      Masking Option
      to your sensitive data.
    • Available
      —The masked data is ready to be viewed. Click
      Available
      to view it.
  • Snippet Last Scanned
    • Provides details of when the scan last occurred.
  • Malware
    For malware you can review the following information
    • Malware Scan Timestamp—The time when Prisma Cloud received the verdict from WildFire.
    • Malware Scan Status:
      • Scanning
        —Object is submitted successfully.
      • Failed
        —Object could not be submitted for scanning.
      • Not Supported
        —File type is not supported for scanning. See Supported File Extensions—Prisma Cloud Data Security.
      • Too Large
        —File size is greater than 20MB.
      • Scanned-Malware
        —The object is identified as malware.
      • Scanned-Not Malware
        —The object is benign.
  • User
    • Owner of the object
  • Bucket Name
    • Name of the bucket that the object belongs to
  • Account Name
    • Name of the account that the object belongs to
  • Region Name
    • Name of the region that the object belongs to
  • Service Name
    • Name of cloud storage service (e.g. S3)
  • Last Modified
    • Object creation time or last updated time in S3.

Recommended For You