Cortex XDR provides a unified, normalized asset inventory for cloud assets to provide deeper visibility and context for incident investigation.
Note
Ingesting and Viewing Cloud Inventory Assets requires a Cortex XDR Pro per GB license.
Cortex XDR provides a unified, normalized asset inventory for cloud assets in Google Cloud Platform, Microsoft Azure, and Amazon Web Services. This capability provides deeper visibility to all the assets and superior context for incident investigation. To receive cloud assets, you must first configure a Cloud Inventory data collector for the vendor in Cortex XDR . As soon as Cortex XDR begins receiving cloud assets, you can view the data in → , where and pages display the data in a table format.
The following are some of the main features available to you on these pages.
When any row in the table is selected, a side panel on the right with greater details is displayed, where you can view additional data divided by sections. The following are some descriptions of the main sections.
Internet Exposure—When there are any open external ports, these ports and their corresponding details are displayed, so you can quickly identify the source of the problem. You can also view the raw JSON text of the banner details obtained from Cortex Xpanse.
Asset Editors—Displays the identities of the latest 5 editors listing the percentage of editing actions for a single identity. A link is provided to open a predefined query in XQL Search on the
cloud_audit_log
dataset to view the edit operations by the identity selected for this asset in the last 7 days.Asset Metadata—Details the asset metadata collected for the particular row selected in the table.
Depending on the cell you’ve selected in the table, different right-click pivot menus are available, such as Open IP View and Open in Quick Launcher.
You can export the tables and respective asset views to a tab-separated values (TSV) file.
For more information on these sections in the side panel, see Manage Your Cloud Inventory Assets.