Inventory

Sysdig Secure now offers an Inventory, so you can gain visibility into resources across your cloud (GCP, Azure, and AWS) and Kubernetes environments.

Inventory is currently offered in Sysdig Secure SaaS as Technical Preview.

Overview

With this release of Inventory, Sysdig users can achieve goals such as:

  • View all resources across my cloud environment(s)
  • Protect all resources and mitigate blind spots
  • Know all current resources in my infrastructure that share properties
  • Know which resources belong to a business unit
  • Review posture violations for a resource and take action (remediate or handle risk)

Enablement Steps

  • If you are already leveraging the new Compliance module, no further configuration is required
  • If you are new to Sysdig Secure, enable KSPM in the agent or connect a cloud account or both

Usage

  1. Access: Log in to Sysdig Secure and click the Inventory top-level menu item.

    Inventory displays all resources from the cloud accounts and Kubernetes data sources connected to Sysdig, along with their Compliance policy passing score.

    Data shown in the UI is refreshed every 24 hours when a compliance evaluation is run.

  2. Filter: Use the unified filter to find targeted resources. Some common Featured Queries are offered below.

  3. Use Policy Data: Within a resource card, hover over the Posture Policies Passing gauge to open the popover and see the failing/passing policies applied to your resource. You can also link directly to the policy from there.

  4. View a Resource Card: Click a card to review the resource Posture and Configuration details (below).

Use the Resource Posture Tab

We have provided sample queries related specifically to posture. For every resource, we provide visibility into its posture status based on the zones and policies it belongs to.

  1. Click a resource card to open the resource’s 360 drawer and access the Posture tab."

    The number of failed policies is highlighted next to the tab name.

  2. Select a failed policy to see the relevant controls to be remediated.

Use the Resource Configuration Tab

  1. Click a resource card to open the resource’s 360 drawer and access the Configuration tab. It contains additional metadata and configuration details.

    This can be copied or saved as a .txt file.

  2. For Kubernetes hosts and clusters, you can search within the resource configuration by Origin or Attribute.

Below are sample ways to structure queries in the unified filter to solve common use cases.

Find Resources by Name and/or Attributes

  • I want to search for all S3 buckets in the EU regions
    • Resource Type contains S3 AND Region startsWith eu
  • I want to search for all Workloads of type host with names starting with prod
    • Resource Type is host AND Name startsWith prod
  • I want to view the configuration of my GKE Worker nodes
    • Node Type is Worker AND Kubernetes Distribution is gke
  • I want to search for all clusters running on OpenShift V4
    • Resource Type is Cluster AND Kubernetes Distribution is ocp4

Find Resources Owned by Business Unit

  • I want to search for all resources belonging to my PCI zones

    • Zones startsWith PCI
  • I want to search for all resources labeled app:retail

    • Labels in app:retail
  • I want to search for all resources within the finance namespace

    • Namespace is finance
  • I want to search for all resources belonging to my docker clusters

    • Cluster contains docker

Find your Environment Blind Spots

  • I want to view all resources on which there are 0 policies applied
    • Posture Applied Policy not exists
  • I want to view all resources that belong to 0 zones
    • Zones not exists
  • I want to view all resources that are not labeled
    • Labels not exists

Find Resources by Posture Details

  • I want to view all resources on which CIS Kubernetes V1.23 Benchmark policy is applied

    • Posture Applied Policy in CIS Kubernetes V1.23 Benchmark
  • I want to view all resources that fail ISO/IEC 27001 policy

    • Posture Failed Policy in ISO/IEC 2700
  • I want to view all resources that are failing at least one policy

    • Posture Failed Policy exists
  • I want to view all resources that are failing at least one control

    • Posture Failed Control exists
  • I want to view all resources for which a risk has been accepted on a control

    • Posture Accepted Risk exists

View a Resource’s Applied Configuration

  • I want to view the bucket policy for bucket 123
    • Resource Type contains bucket AND Name contains 123 + click on resource card to scroll through configuration details
  • I want to view the default runAsUser applied configuration for workload abc
    • Name is abc + click on resource card to scroll through configuration details

Inventory Data Dictionary

You can construct searches/filters by attribute name in the Inventory unified filter.

Filter Operators
is (=)
is not (!=)
in (in)
not in (!in)
startsWith (^)
contains (%) (wildcards not supported)
exists/not exists
Attribute NameAttribute Definition
AccountThe container for your AWS resources. You create and manage your AWS resources in an AWS account.
Attribute*The attributes defined within the configuration of your Kubernetes host or cluster
* Only filtered from within a Kubernetes host or cluster resource configuration.
ClusterName of your Kubernetes cluster
External DNSThe DNS name of your Kubernetes host’s node that will resolve into an address with external address characteristics
Kubernetes DistributionGKE, EKS, AKS, Rancher, Vanilla, OpenShift v4, IKS, MKE
LabelsLabels are key/value pairs (ex: team:research) that you have applied to your resource from Kubernetes or Managed Cloud platforms (AWS, GCP, Azure). For Kubernetes, the Labels field includes all the labels for the resource (including nested labels). E.g. a search on a label that exists on a container will return the workload that contains the container.
NameName of your resource
NamespaceKubernetes cluster namespace
Node TypeMaster or Worker node of your Kubernetes host
Operating SystemOperating System of your Kubernetes host
OrganizationRoot node of your managed cloud resources hierarchy
Origin*The origin of your Kubernetes host’s or your cluster’s configuration (Docker, Linux, Kubernetes, etc.)
* Only filtered from within a Kubernetes host’s resource configuration..
PlatformAWS, Azure, GCP or Kubernetes
Posture Accepted RiskWhether or not a risk has been accepted for a resource’s control
Posture Applied PolicyName(s) of the police(ies) applied to the resource
Posture Failed Control SeverityHigh, medium, or low
Posture Failed ControlName(s) of the failed control(s) applied to the resource
Posture Failed PolicyName(s) of the failed policy(ies) applied to the resource
Posture Failed RequirementName(s) of the failed requirement(s) applied to the resource
Posture Passed PolicyName(s) of the passed policy(ies) applied to the resource
ProjectThe container for your Google Cloud resources. You create and manage your GCP resources in a GCP project
RegionRegion of the world where your managed cloud resource is deployed (us-east, eu-west, asia-northeast, etc.)
Resource TypeType of your cloud or Kubernetes resource
For Kubernetes, can be a Workload, Service Account, Role, Cluster Role, Host, User, Cluster, or Group.
For managed clouds, it can be a Resource (S3 bucket, Deployment, DaemonSet…) or an Identity (Access Key, User, Policy…)
SubscriptionThe container for your Azure resources. You create and manage your Azure resources in an Azure subscription
VersionThe version of your cluster
ZonesA business group of resources, defined by a collection of scopes of various resource types (ex: “Dev” - all my development resources)

Additional Attributes

Attributes that appear in the interface but cannot be searched/filtered on include:

Attribute NameAttribute Definition
Last SeenLast date when the resource was evaluated
Value*The value of your Kubernetes host’s or your cluster’s attribute.
* Only for Kubernetes hosts and clusters