Cloud Inventory Assets - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-13
Category
Administrator Guide
Abstract

Cortex XSIAM provides a unified, normalized asset inventory for cloud assets to provide deeper visibility and context for incident investigation.

Cortex XSIAM provides a unified, normalized asset inventory for cloud assets in Google Cloud Platform, Microsoft Azure, and Amazon Web Services. This capability provides deeper visibility to all the assets and superior context for incident investigation. To receive cloud assets, you must first configure a Cloud Inventory data collector for the vendor in Cortex XSIAM . As soon as Cortex XSIAM begins receiving cloud assets, you can view the data in AssetsCloud Inventory, where All Cloud Assets and Specific Cloud Assets pages display the data in a table format.

The following are some of the main features available on these pages.

  • When any row in the table is selected, a side panel on the right with greater details is displayed, where you can view additional data divided by sections. The following are some descriptions of the main sections.

    • Internet Exposure: when there are any open external ports, these ports and their corresponding details are displayed, so you can quickly identify the source of the problem. You can also view the raw JSON text of the banner details obtained from Cortex Xpanse.

    • Asset Editors: displays the identities of the latest 5 editors listing the percentage of editing actions for a single identity. A link is provided to open a predefined query in XQL Search on the cloud_audit_log dataset to view the edit operations by the identity selected for this asset in the last 7 days.

    • Asset Metadata: details the asset metadata collected for the selected row in the table.

  • Depending on the cell you’ve selected in the table, different right-click pivot menus are available, such as Open IP View and Open in Quick Launcher.

  • You can export the tables and respective asset views to a tab-separated values (TSV) file.

For more information on these sections in the side panel, see Manage Your Cloud Inventory Assets.