Cortex XDR enables you to view specific cloud assets from a designated cloud assets category in the Specific Cloud Asset pages.
Note
Ingesting and Viewing Cloud Inventory Assets requires a Cortex XDR Pro per GB license.
The Specific Cloud Assets pages enable you to view specific cloud assets from a designated cloud assets category from all the assets you configured to collect from Google Cloud Platform, Microsoft Azure, and Amazon Web Services using the Cloud Inventory data collector. These asset cloud categories are based on a combination of asset types and subtypes. Each specific table contains the common columns that are listed in the All Cloud Assets table and some additional specific columns that are relevant for this type of cloud asset.
To view the Specific Cloud Assets pages, select → → , and select a specific cloud asset category.
By default, the Specific Cloud Assets pages display the cloud assets according to the most recent time that the data was updated. To search for specific assets, use the filters above the results table to narrow the results. You can export the tables and respective asset views to a tab-separated values (TSV) file. From the Specific Cloud Assets page, you can also manage the asset's output using the right-click pivot menu. For more information, see Manage Your Cloud Inventory Assets.
When any row in the table is selected, a side panel on the right with greater details is displayed, where you can view additional data divided by sections, such as Asset Metadata and Asset Editors. The Asset Editors section also provides a link to open a predefined query in XQL Search on the cloud_audit_log dataset to view the edit operations by the identity selected for this asset in the last 7 days.
The image below is an example of a Specific Cloud Assets page for Compute Instances.
The table below describes the different Specific Cloud Assets pages the following.
Specific Cloud Assets—The name of the specific cloud asset page.
Asset Type—The asset type that is automatically associated with this specific cloud asset page.
Asset Subtype—The asset subtype that is automatically associated with this specific cloud asset page.
Unique Fields—The unique fields that are only available when viewing this specific cloud asset page, and are displayed in addition to the common fields listed for the All Cloud Assets page. These fields are exposed by default.
Specific Cloud Assets | Asset Type | Asset Subtype | Unique Fields |
|---|---|---|---|
Compute Instances | Compute | Instance |
|
Disks | Compute | Disk |
|
Storage Buckets | Storage | Bucket |
|
Virtual Private Clouds (VPCs) | Compute | VPC | DEFAULT VPC—Displays a boolean value as either Yes or No to indicate whether this asset is the default VPC. |
Subnets | Compute | Subnet | No specific unique fields are displayed in addition to the common fields. |
Security Groups (FW Rules) | Compute | Security Group | No specific unique fields are displayed in addition to the common fields. |
Images | Compute | Image | No specific unique fields are displayed in addition to the common fields. |
Network Interfaces | Compute | Network Interfaces | No specific unique fields are displayed in addition to the common fields. |
Cloud Functions | Cloud Function | Cloud Function | No specific unique fields are displayed in addition to the common fields. |