Cloud Inventory - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Product
Cortex XPANSE
Version
2
Creation date
2024-08-29
Last date published
2024-11-12
Category
User Guide
Solution
Cloud
Abstract

View your Cloud Inventory, which includes assets discovered through our cloud integrations and Prisma Cloud integration.

The Cloud Inventory includes the following asset types:

  • Cloud Compute Instances—Assets discovered through your Cloud Inventory integrations with Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure.

  • Prisma Cloud Resources—Assets discovered through your integration with Prisma Cloud.

To view your cloud inventory, navigate to InventoryCloud Inventory. From there you can choose to view All Cloud Assets or separate pages that list only Cloud Compute Instances or Prisma Cloud Resources.

Cloud Compute Instances
Abstract

View your assets discovered through cloud inventory integrations with Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.

Cloud Compute Instances are ingested into Expander through our Cloud Inventory integration, which can be configured with AWS, Google Cloud, or Azure. Expander tracks attributes about each cloud compute instance including the following:

  • ID

  • Name

  • IP Addresses

  • Account ID

  • Provider

  • Region

  • Cloud Tags

Other relevant metadata may be included and depends on the cloud provider.

Navigate to Asset InventoryCloud Compute Instances to view the complete list of cloud compute instances discovered by Cortex Xpanse. Cloud compute instances are also included in All Assets list view.

Click on a row in the Cloud Compute Instances or All Assets list view to display the details in the details pane on the right.

Refer to the Unified Inventory section for descriptions of all the fields displayed on the Cloud Compute Instances list view.

Prisma Cloud Resources
Abstract

View your cloud resources that were ingested through the Prisma Cloud integration for Cortex Xpanse.

The Prisma Cloud integration for Cortex Xpanse enables Expander to ingest cloud context from Prisma Cloud for for the following providers:

  • Amazon Web Services (AWS)

  • Google Cloud Platform (GCP)

  • Microsoft (MS) Azure

  • Alibaba Cloud

Expander identifies services and creates alerts and incidents based on the ingested context and uses the data to identify the following categories of cloud assets:

  • Managed Prisma Cloud—Cloud assets that were discovered by Xpanse and are supported and present in your Prisma Cloud inventory. For example, if Xpanse finds a service on AWS that is also in Prisma Cloud, the asset is considered Managed Prisma Cloud.

  • Unmanaged Prisma Cloud—Cloud assets that were discovered by Xpanse but are not present or supported in your Prisma Cloud inventory. For example, if Xpanse finds a service on HiNet, it is considered Unmanaged Prisma Cloud because it is not one of the supported providers. If Xpanse finds a service on a MS Azure asset that is not in Prisma Cloud, it is also considered Unmanaged Prisma Cloud

Incidents and alerts have a Cloud Management Status field that enables you to filter and sort on Managed Cloud and Unmanaged Cloud.

Note

You must have configured the Prisma Cloud integration with Cortex Xpanse before Prisma Cloud Resources appear in your Inventory and before the Unmanaged Cloud Dashboard is visible.

To set up the Prisma Cloud integration with Cortex Xpanse, see Ingest Cloud Resources from Prisma Cloud.

View Your Prisma Cloud Resources

To view your Prisma Cloud Resources, navigate to InventoryCloud InventoryPrisma Cloud Resources.

prisma-cloud-resources.png

For descriptions of the fields that appear on the Prisma Cloud Resources page, see All Assets.

To view your complete cloud inventory, which includes Cloud Compute Instances and Prisma Cloud Resources, navigate to InventoryCloud Inventory. Prisma Cloud Resources are also included in the All Assets view.

Click on any row in the Prisma Cloud Resources page to display details about the asset in the details pane on the right.

Unmanaged Cloud Dashboard

The Unmanaged Cloud dashboard provides an overview of Cortex Xpanse-discovered services and alerts that are not under the management of your Prisma Cloud deployment. The data on this dashboard will help you quantify the scope and risk of your unmanaged Prisma Cloud services, and provide actionable details on services that may need to be brought under Prisma Cloud management.

The Unmanaged Cloud dashboard also provides insights into services and alerts that are under the management of your Prisma Cloud deployment.

View the Unmanaged Cloud dashboard in Expander at DashboardsUnmanaged Cloud.

unmanaged-cloud-dashboard.png

This dashboard is visible in Expander after the Prisma Cloud integration with Xpanse has been configured.