Inventory
Sysdig Secure SaaS currently offers Inventory as Technical Preview.
Overview
With this release of Inventory, you can:
- View all deployed resources across your cloud environment(s)
- View all code resources from IaC integrations
- Protect all resources and mitigate blind spots
- Know all current resources in your infrastructure that share properties
- Know which resources belong to a business unit
- Review posture violations for a resource and take action (remediate or handle risk)
Enablement Steps
- If you are already leveraging the new Compliance module, no further configuration is required for Posture data
- If you are new to Sysdig Secure, enable KSPM in the agent or connect a cloud account or both
- To view code resources from Git integrations, enable and configure IaC scanning
Usage
Navigate the Inventory Landing Page
Access: Log in to Sysdig Secure and click the
Inventory
top-level menu item.Inventory displays all resources from cloud accounts, Kubernetes data sources, and IaC Git resources connected to Sysdig, along with their Compliance policy passing score.
Data shown in the UI is refreshed every 24 hours when a compliance evaluation is run.
Filter: Use the unified filter to find targeted resources. Some common Featured Queries are offered below.
Use Policy Data: Within a resource card,
hover
over the Posture Policies Passing gauge to open the popover and see the failing/passing policies applied to your resource. You can also link directly to the policy from there.View a Resource 360: Click a card to review the resource Posture and Configuration details (below).
Use the Resource Posture Tab
Sysdig provides sample queries related specifically to posture. For every resource, we provide visibility into its posture status based on the zones and policies it belongs to.
Click a resource card to open the resource’s 360 drawer and access the Posture tab.
The number of failed policies is highlighted next to the tab name.
Select a failed policy to see the relevant controls to be remediated. The controls are grouped by requirement within each policy.
For more information, see Evaluate and Remediate from Inventory.
Use the Resource Configuration Tab
Click a resource card to open the resource’s 360 drawer and access the Configuration tab. It contains additional metadata and configuration details.
You can copy this or save it as a
.txt
file.For Kubernetes hosts and clusters, you can search within the resource configuration by
Origin
orAttribute
.
Work with IaC Resources
If you have configured IaC scanning, you can view the resources supported by the Git-integrated scanner in the Inventory (YAML, Terraform, Helm charts, etc.). The 360-view of each code resource includes:
- resource metadata
- configuration details
- posture violations that can be remediated with automated workflows.
Search for IaC Resources
IaC resources from Git repository scans are labeled code in the Inventory UI, to distinguish them from deployed resources in your cloud environments.
Filter for
Resource Origin = Code
.Notice the resulting list includes a visual tag
(< >)
on the logo to distinguish code resources.Other options: Filter by Source Type, Location, Git Integration, or Repository.
Featured Queries
The following are ways to structure queries in the unified filter to solve common use cases.
Find Resources by Name and/or Attributes
- I want to search for all S3 buckets in the EU regions
Resource Type
containsS3
ANDRegion
startsWitheu
- I want to search for all Workloads of type host with names starting with prod
Resource Type
ishost
ANDName
startsWithprod
- I want to view the configuration of my GKE Worker nodes
Node Type
isWorker
ANDKubernetes Distribution
isgke
- I want to search for all clusters running on OpenShift V4
Resource Type
isCluster
ANDKubernetes Distribution
isocp4
- I want to search for all IaC resources
Resource Origin
isCode
Find Resources Owned by Business Unit
I want to search for all resources belonging to my PCI zones
Zones
startsWithPCI
I want to search for all resources labeled
app:retail
Labels
inapp:retail
I want to search for all resources within the
finance
namespaceNamespace
isfinance
I want to search for all resources belonging to my
docker
clustersCluster
containsdocker
Find your Environment Blind Spots
- I want to view all resources on which there are 0 policies applied
Posture Applied Policy
not exists
- I want to view all resources that belong to 0 zones
Zones
not exists
- I want to view all resources that are not labeled
Labels
not exists
Find Resources by Posture Details
I want to view all resources on which policy X is applied
Posture Applied Policy
is (p1)Posture Applied Policy
in (p1, p2, p3)
I want to view all resources on which
CIS Kubernetes V1.23 Benchmark
policy is appliedPosture Applied Policy
in CIS Kubernetes V1.23 Benchmark
I want to view all resources that fail ISO/IEC 27001 policy
Posture Failed Policy
inISO/IEC 2700
I want to view all resources that are failing at least one policy
Posture Failed Policy
exists
I want to view all resources that are failing at least one control
Posture Failed Contro
lexists
I want to view all resources for which a risk has been accepted on a control
Posture Accepted Risk
exists
Find IaC Resources
- I want to find the code for the deployment of my mobile app’s frontend
Resource Origin
isCode
ANDResource Type
isDeployment
ANDLocation
containsmobile-app
ANDName
containsmobile-frontend
- I want to see all Terraform code managed by the Marketing team
Source Type
isTerraform
ANDLabels
inOwnedBy:team-marketing
ANDRepository
ismy-git-repo
I want to know which IaC of my EC2 Instances are failing a control
Resource Origin
isCode
ANDResource Type
isEC2 Instance
ANDPosture Failed Control
exists
I want to see all IaC repos not being evaluated by policies
Git Integration
ismy-iac-repos
ANDPosture Applied Policy
not exists
View a Resource’s Applied Configuration
- I want to view the bucket policy for
bucket
123
Resource Type
containsbucket
ANDName
contains123
+ click on resource card to scroll through configuration details
- I want to view the default
runAsUser
applied configuration for workloadabc
Name
isabc
+ click on resource card to scroll through configuration details
Evaluate and Remediate from Inventory
You can now evaluate and remediate posture violations for your deployed and code (IaC) resources from within the Inventory interface.
The steps are the same as in the Compliance module, with the following modification:
- For IaC resources, there is no manual remediation nor “Accept Risk” function.
For certain controls, you can open a pull request to remediate a code resource, as described in Continue Remediation > Pull Request .
Use the Inventory API
Query the Secure API to get a list of multiple inventory resources or retrieve a single one.
For API doc links for additional regions, or steps to access them from within the Sysdig Secure UI, see the Developer Tools overview.
Inventory Data Dictionary
You can construct searches/filters by attribute name in the Inventory unified filter.
Filter Operators |
---|
is (=) is not (!=) in (in) not in (!in) startsWith (^) contains (%) (wildcards not supported) exists/not exists |
Attribute Name | Attribute Definition |
---|---|
Account | The container for your AWS resources. You create and manage your AWS resources in an AWS account. |
Attribute* | The attributes defined within the configuration of your Kubernetes host or cluster * Only filtered from within a Kubernetes host or cluster resource configuration. |
Cluster | Name of your Kubernetes cluster |
External DNS | The DNS name of your Kubernetes host’s node that will resolve into an address with external address characteristics |
Git Integration | Name of the Git integration. See IaC Scanning/Git Integrations |
Kubernetes Distribution | GKE, EKS, AKS, Rancher, Vanilla, OpenShift v4, IKS, MKE |
Labels | Labels are key/value pairs (ex: team:research ) that you have applied to your resource from Kubernetes or Managed Cloud platforms (AWS, GCP, Azure). For Kubernetes, the Labels field includes all the labels for the resource (including nested labels). For example, a search on a label that exists on a container will return the workload that contains the container. |
Location | Path to the file or module directory in the repository (IaC resources): - Kubernetes manifest: path to the YAML file- Helm charts: Helm chart folder- Kustomize: path to the manifests folder (folder containing the base kustomization.yaml file)- Terraform: path to the .tf module folder |
Name | Name of your resource |
Namespace | Kubernetes cluster namespace |
Node Type | Master or Worker node of your Kubernetes host |
Operating System | Operating System of your Kubernetes host |
Organization | Root node of your managed cloud resources hierarchy |
Origin* | The origin of your Kubernetes host’s or your cluster’s configuration (Docker, Linux, Kubernetes, etc.) * Only filtered from within a Kubernetes host’s resource configuration.. |
OS Image | Name and version of your host’s Operating System |
Platform | AWS, Azure, GCP, Kubernetes, or Linux |
Posture Accepted Risk | Whether or not a risk has been accepted for a resource’s control |
Posture Applied Policy | Name(s) of the policies applied to the resource |
Posture Failed Control Severity | High, medium, or low |
Posture Failed Control | Name(s) of the failed control(s) applied to the resource |
Posture Failed Policy | Name(s) of the failed policy(ies) applied to the resource |
Posture Failed Requirement | Name(s) of the failed requirement(s) applied to the resource |
Posture Passed Policy | Name(s) of the passed policy(ies) applied to the resource |
Project | The container for your Google Cloud resources. You create and manage your GCP resources in a GCP project |
Region | Region of the world where your managed cloud resource is deployed (such as us-east, eu-west, asia-northeast) |
Repository | Name of the repository, example: IaC_Demo |
Resource Origin | - Code: IaC resources from Git integrations - Deployed: Runtime resources |
Resource Type | For Kubernetes, can be a Workload, Service Account, Role, Cluster Role, Host, User, Cluster, or Group. For managed clouds, it can be a Resource (S3 bucket, Deployment, DaemonSet…) or an Identity (Access Key, User, Policy…) |
Source Type | Possible values for IaC source: YAML , Helm , Kustomize , Terraform |
Subscription | The container for your Azure resources. You create and manage your Azure resources in an Azure subscription |
Version | The version of your cluster |
Zones | A business group of resources, defined by a collection of scopes of various resource types (for example: “Dev” - all my development resources) |
Additional Attributes
Attributes that appear in the interface but cannot be searched/filtered on include:
Attribute Name | Attribute Definition |
---|---|
Last Seen | Last date when the resource was evaluated |
Value* | The value of your Kubernetes host’s or your cluster’s attribute. * Only for Kubernetes hosts and clusters |
For information on using Zones, see Zones.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.