Inventory is currently offered in Sysdig Secure SaaS as Technical Preview.
With this release of Inventory, Sysdig users can achieve goals such as:
- View all resources across my cloud environment(s)
- Protect all resources and mitigate blind spots
- Know all current resources in my infrastructure that share properties
- Know which resources belong to a business unit
- Review posture violations for a resource and take action (remediate or handle risk)
- If you are already leveraging the new Compliance module, no further configuration is required
- If you are new to Sysdig Secure, enable KSPM in the agent or connect a cloud account or both
Navigate the Inventory Landing Page
Access: Log in to Sysdig Secure and click the
Inventorytop-level menu item.
Inventory displays all resources from the cloud accounts and Kubernetes data sources connected to Sysdig, along with their Compliance policy passing score.
Data shown in the UI is refreshed every 24 hours when a compliance evaluation is run.
Filter: Use the unified filter to find targeted resources. Some common Featured Queries are offered below.
Use Policy Data: Within a resource card,
hoverover the Posture Policies Passing gauge to open the popover and see the failing/passing policies applied to your resource. You can also link directly to the policy from there.
View a Resource Card: Click a card to review the resource Posture and Configuration details (below).
Use the Resource Posture Tab
We have provided sample queries related specifically to posture. For every resource, we provide visibility into its posture status based on the zones and policies it belongs to.
Click a resource card to open the resource’s 360 drawer and access the Posture tab."
The number of failed policies is highlighted next to the tab name.
Select a failed policy to see the relevant controls to be remediated.
Use the Resource Configuration Tab
Click a resource card to open the resource’s 360 drawer and access the Configuration tab. It contains additional metadata and configuration details.
This can be copied or saved as a
For Kubernetes hosts and clusters, you can search within the resource configuration by
Below are sample ways to structure queries in the unified filter to solve common use cases.
Find Resources by Name and/or Attributes
- I want to search for all S3 buckets in the EU regions
- I want to search for all Workloads of type host with names starting with prod
- I want to view the configuration of my GKE Worker nodes
- I want to search for all clusters running on OpenShift V4
Find Resources Owned by Business Unit
I want to search for all resources belonging to my PCI zones
I want to search for all resources labeled
I want to search for all resources within the
I want to search for all resources belonging to my
Find your Environment Blind Spots
- I want to view all resources on which there are 0 policies applied
Posture Applied Policynot exists
- I want to view all resources that belong to 0 zones
- I want to view all resources that are not labeled
Find Resources by Posture Details
I want to view all resources on which
CIS Kubernetes V1.23 Benchmarkpolicy is applied
Posture Applied Policyin CIS Kubernetes V1.23 Benchmark
I want to view all resources that fail ISO/IEC 27001 policy
Posture Failed Policyin
I want to view all resources that are failing at least one policy
Posture Failed Policy
I want to view all resources that are failing at least one control
Posture Failed Control
I want to view all resources for which a risk has been accepted on a control
Posture Accepted Riskexists
View a Resource’s Applied Configuration
- I want to view the bucket policy for
123+ click on resource card to scroll through configuration details
- I want to view the default
runAsUserapplied configuration for workload
abc+ click on resource card to scroll through configuration details
Inventory Data Dictionary
You can construct searches/filters by attribute name in the Inventory unified filter.
is not (!=)
not in (!in)
contains (%) (wildcards not supported)
|Attribute Name||Attribute Definition|
|Account||The container for your AWS resources. You create and manage your AWS resources in an AWS account.|
|Attribute*||The attributes defined within the configuration of your Kubernetes host or cluster|
* Only filtered from within a Kubernetes host or cluster resource configuration.
|Cluster||Name of your Kubernetes cluster|
|External DNS||The DNS name of your Kubernetes host’s node that will resolve into an address with external address characteristics|
|Kubernetes Distribution||GKE, EKS, AKS, Rancher, Vanilla, OpenShift v4, IKS, MKE|
|Labels||Labels are key/value pairs (ex: |
|Name||Name of your resource|
|Namespace||Kubernetes cluster namespace|
|Node Type||Master or Worker node of your Kubernetes host|
|Operating System||Operating System of your Kubernetes host|
|Organization||Root node of your managed cloud resources hierarchy|
|Origin*||The origin of your Kubernetes host’s or your cluster’s configuration (Docker, Linux, Kubernetes, etc.)|
* Only filtered from within a Kubernetes host’s resource configuration..
|Platform||AWS, Azure, GCP or Kubernetes|
|Posture Accepted Risk||Whether or not a risk has been accepted for a resource’s control|
|Posture Applied Policy||Name(s) of the police(ies) applied to the resource|
|Posture Failed Control Severity||High, medium, or low|
|Posture Failed Control||Name(s) of the failed control(s) applied to the resource|
|Posture Failed Policy||Name(s) of the failed policy(ies) applied to the resource|
|Posture Failed Requirement||Name(s) of the failed requirement(s) applied to the resource|
|Posture Passed Policy||Name(s) of the passed policy(ies) applied to the resource|
|Project||The container for your Google Cloud resources. You create and manage your GCP resources in a GCP project|
|Region||Region of the world where your managed cloud resource is deployed (us-east, eu-west, asia-northeast, etc.)|
|Resource Type||Type of your cloud or Kubernetes resource|
For Kubernetes, can be a Workload, Service Account, Role, Cluster Role, Host, User, Cluster, or Group.
For managed clouds, it can be a Resource (S3 bucket, Deployment, DaemonSet…) or an Identity (Access Key, User, Policy…)
|Subscription||The container for your Azure resources. You create and manage your Azure resources in an Azure subscription|
|Version||The version of your cluster|
|Zones||A business group of resources, defined by a collection of scopes of various resource types (ex: “Dev” - all my development resources)|
Attributes that appear in the interface but cannot be searched/filtered on include:
|Attribute Name||Attribute Definition|
|Last Seen||Last date when the resource was evaluated|
|Value*||The value of your Kubernetes host’s or your cluster’s attribute.|
* Only for Kubernetes hosts and clusters
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.