Inventory
Inventory is currently offered in Sysdig Secure SaaS as Technical Preview.
Overview
With this release of Inventory, Sysdig users can achieve goals such as:
- View all resources across my cloud environment(s)
- Protect all resources and mitigate blind spots
- Know all current resources in my infrastructure that share properties
- Know which resources belong to a business unit
- Review posture violations for a resource and take action (remediate or handle risk)
Enablement Steps
- If you are already leveraging the new Compliance module, no further configuration is required
- If you are new to Sysdig Secure, enable KSPM in the agent or connect a cloud account or both
Usage
Navigate the Inventory Landing Page
Access: Log in to Sysdig Secure and click the
Inventory
top-level menu item.Inventory displays all resources from the cloud accounts and Kubernetes data sources connected to Sysdig, along with their Compliance policy passing score.
Data shown in the UI is refreshed every 24 hours when a compliance evaluation is run.
Filter: Use the unified filter to find targeted resources. Some common Featured Queries are offered below.
Use Policy Data: Within a resource card,
hover
over the Posture Policies Passing gauge to open the popover and see the failing/passing policies applied to your resource. You can also link directly to the policy from there.View a Resource Card: Click a card to review the resource Posture and Configuration details (below).
Use the Resource Posture Tab
We have provided sample queries related specifically to posture. For every resource, we provide visibility into its posture status based on the zones and policies it belongs to.
Click a resource card to open the resource’s 360 drawer and access the Posture tab."
The number of failed policies is highlighted next to the tab name.
Select a failed policy to see the relevant controls to be remediated.
Use the Resource Configuration Tab
Click a resource card to open the resource’s 360 drawer and access the Configuration tab. It contains additional metadata and configuration details.
This can be copied or saved as a
.txt
file.For Kubernetes hosts and clusters, you can search within the resource configuration by
Origin
orAttribute
.
Featured Queries
Below are sample ways to structure queries in the unified filter to solve common use cases.
Find Resources by Name and/or Attributes
- I want to search for all S3 buckets in the EU regions
Resource Type
containsS3
ANDRegion
startsWitheu
- I want to search for all Workloads of type host with names starting with prod
Resource Type
ishost
ANDName
startsWithprod
- I want to view the configuration of my GKE Worker nodes
Node Type
isWorker
ANDKubernetes Distribution
isgke
- I want to search for all clusters running on OpenShift V4
Resource Type
isCluster
ANDKubernetes Distribution
isocp4
Find Resources Owned by Business Unit
I want to search for all resources belonging to my PCI zones
Zones
startsWithPCI
I want to search for all resources labeled
app:retail
Labels
inapp:retail
I want to search for all resources within the
finance
namespaceNamespace
isfinance
I want to search for all resources belonging to my
docker
clustersCluster
containsdocker
Find your Environment Blind Spots
- I want to view all resources on which there are 0 policies applied
Posture Applied Policy
not exists
- I want to view all resources that belong to 0 zones
Zones
not exists
- I want to view all resources that are not labeled
Labels
not exists
Find Resources by Posture Details
I want to view all resources on which
CIS Kubernetes V1.23 Benchmark
policy is appliedPosture Applied Policy
in CIS Kubernetes V1.23 Benchmark
I want to view all resources that fail ISO/IEC 27001 policy
Posture Failed Policy
inISO/IEC 2700
I want to view all resources that are failing at least one policy
Posture Failed Policy
exists
I want to view all resources that are failing at least one control
Posture Failed Contro
lexists
I want to view all resources for which a risk has been accepted on a control
Posture Accepted Risk
exists
View a Resource’s Applied Configuration
- I want to view the bucket policy for
bucket
123
Resource Type
containsbucket
ANDName
contains123
+ click on resource card to scroll through configuration details
- I want to view the default
runAsUser
applied configuration for workloadabc
Name
isabc
+ click on resource card to scroll through configuration details
Inventory Data Dictionary
You can construct searches/filters by attribute name in the Inventory unified filter.
Filter Operators |
---|
is (=) is not (!=) in (in) not in (!in) startsWith (^) contains (%) (wildcards not supported) exists/not exists |
Attribute Name | Attribute Definition |
---|---|
Account | The container for your AWS resources. You create and manage your AWS resources in an AWS account. |
Attribute* | The attributes defined within the configuration of your Kubernetes host or cluster * Only filtered from within a Kubernetes host or cluster resource configuration. |
Cluster | Name of your Kubernetes cluster |
External DNS | The DNS name of your Kubernetes host’s node that will resolve into an address with external address characteristics |
Kubernetes Distribution | GKE, EKS, AKS, Rancher, Vanilla, OpenShift v4, IKS, MKE |
Labels | Labels are key/value pairs (ex: team:research ) that you have applied to your resource from Kubernetes or Managed Cloud platforms (AWS, GCP, Azure). For Kubernetes, the Labels field includes all the labels for the resource (including nested labels). E.g. a search on a label that exists on a container will return the workload that contains the container. |
Name | Name of your resource |
Namespace | Kubernetes cluster namespace |
Node Type | Master or Worker node of your Kubernetes host |
Operating System | Operating System of your Kubernetes host |
Organization | Root node of your managed cloud resources hierarchy |
Origin* | The origin of your Kubernetes host’s or your cluster’s configuration (Docker, Linux, Kubernetes, etc.) * Only filtered from within a Kubernetes host’s resource configuration.. |
Platform | AWS, Azure, GCP or Kubernetes |
Posture Accepted Risk | Whether or not a risk has been accepted for a resource’s control |
Posture Applied Policy | Name(s) of the police(ies) applied to the resource |
Posture Failed Control Severity | High, medium, or low |
Posture Failed Control | Name(s) of the failed control(s) applied to the resource |
Posture Failed Policy | Name(s) of the failed policy(ies) applied to the resource |
Posture Failed Requirement | Name(s) of the failed requirement(s) applied to the resource |
Posture Passed Policy | Name(s) of the passed policy(ies) applied to the resource |
Project | The container for your Google Cloud resources. You create and manage your GCP resources in a GCP project |
Region | Region of the world where your managed cloud resource is deployed (us-east, eu-west, asia-northeast, etc.) |
Resource Type | Type of your cloud or Kubernetes resource For Kubernetes, can be a Workload, Service Account, Role, Cluster Role, Host, User, Cluster, or Group. For managed clouds, it can be a Resource (S3 bucket, Deployment, DaemonSet…) or an Identity (Access Key, User, Policy…) |
Subscription | The container for your Azure resources. You create and manage your Azure resources in an Azure subscription |
Version | The version of your cluster |
Zones | A business group of resources, defined by a collection of scopes of various resource types (ex: “Dev” - all my development resources) |
Additional Attributes
Attributes that appear in the interface but cannot be searched/filtered on include:
Attribute Name | Attribute Definition |
---|---|
Last Seen | Last date when the resource was evaluated |
Value* | The value of your Kubernetes host’s or your cluster’s attribute. * Only for Kubernetes hosts and clusters |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.