Fortinet black logo

Administration Guide

Home Lacework FortiCNAPP Administration Guide

Use Lacework FortiCNAPP's Resource Inventory

Use Lacework FortiCNAPP's Resource Inventory

The resource inventory presents an overview of the resources in your integrated cloud environments. The resource inventory features trends across your cloud environment, such as the number of total resources as well as the resources over time. It lists the resources identified by Lacework FortiCNAPP, enabling you to keep track of all of your resources with daily data collection.

To access the resource inventory, log in to the Lacework FortiCNAPP Console and click Resource Inventory.

Search and Filter

The resource inventory includes multiple filters, as well as a search field to further refine your list of resources. You can use the * wildcard character for flexible pattern matching. For example, to search for any resource that includes the name of an S3 bucket, such as my_s3, search for *my_s3*.

Filter Resources by Date and Time Range

At the top of the page, you'll find date/time range and parameter filters. The Date range icon offers preset options for displaying resources based on their last collection date:

  • Latest week
  • Latest month
  • Custom

Click Custom to select the start and end date/time manually.

Note

All collection timestamps are in local time.
Note

The number of alerts shown corresponds to the latest date in the time range that the resource were collected. For example, if you set the date and time range to Monday through Friday, and the resource was found in the first 4 days, we would show the finding for Thursday.

Alerts reset with each daily scan for resources. Therefore, if there were no alerts on Thursday, you would see 0 alerts even if there were alerts on Monday and Tuesday.

Available Filters

Preset filter groups let you quickly refine the list of resources. For example, to explore resources from the us-east-1, you can select the corresponding filter from the Region dropdown.

Available filter groups include:

  • Resource Group
  • Resource Type
  • Internet exposure
  • Region
  • Tags
  • Category
  • Resource identifier
  • Has Public IP
  • IP Address
  • Related resource identifier
  • Alerts
  • Vulnerabilities
  • Compliance Violations
  • Attack Paths
  • Cloud type

Resource List

The resource list shows all resources collected by Lacework FortiCNAPP in the selected time range that meet filter or search criteria you have specified, if any.

For each resource, the list shows the name of the resource, its IP addresses, type, organization, and more.

Every resource collected in Lacework FortiCNAPP also has a unique resource identifier. It may be helpful to understand how Lacework FortiCNAPP derives this identifier for various types of resources, depending on the cloud type:

  • For Azure resources, Lacework FortiCNAPP uses the Azure resource ID as the resource identifier.

  • For Google Cloud, Lacework FortiCNAPP uses the full resource name.

  • For AWS, if the resource has an ARN, Lacework FortiCNAPP uses the ARN value as the resource identifier. If a resource does not have an ARN in AWS, Lacework FortiCNAPP creates an URN to use as the resource identifier for it. Identifiers created by Lacework FortiCNAPP are distinguished by the urn:lacework:aws prefix.

    An example of such a resource identifier is as follows:

    urn:lacework:aws:aws:rds:us-east-2:991966387703:db-parameter/default.aurora-postgresql14:apg_enable_correlated_any_transform

It is important to note that such URNs were generated for an existing cloud resource or artifact by Lacework FortiCNAPP, in the absence of an ARN.

Internet Exposure

  • Yes - Lacework FortiCNAPP detected a path to the resource from the internet.
  • No - Lacework FortiCNAPP did not detect a path to the resource from the internet.
  • Not evaluated - Lacework FortiCNAPP has not evaluated the resource.
  • Not applicable - Resources such as API keys that are not applicable for internet exposure.

Resource Data Drawer

From the Resource list, click a resource to display its details, including:

  • Overview and Summary:
    • Gain insights into the number of vulnerabilities, compliance findings, alerts, and available attack paths related to the selected resource.
  • Properties:
    • Access resource properties, including its last collection time, resource name, resource type, ID, and any changes that occurred in the last 24 hours.
  • Configuration Changes:
    • Examine the most recent configuration changes, providing an opportunity to verify if these changes align with the intended configuration.
    • Retrieve the timestamps indicating the start and end times of the latest ingestion process.
  • Related resources:
    • Capture all outbound and inbound resources that are related to this resource, allowing you to assess the risk associated with these connections and take necessary security measures.
Note

Not all resources have a Related Resources section.
Previous
Next

Use Lacework FortiCNAPP's Resource Inventory

Use Lacework FortiCNAPP's Resource Inventory

The resource inventory presents an overview of the resources in your integrated cloud environments. The resource inventory features trends across your cloud environment, such as the number of total resources as well as the resources over time. It lists the resources identified by Lacework FortiCNAPP, enabling you to keep track of all of your resources with daily data collection.

To access the resource inventory, log in to the Lacework FortiCNAPP Console and click Resource Inventory.

Search and Filter

The resource inventory includes multiple filters, as well as a search field to further refine your list of resources. You can use the * wildcard character for flexible pattern matching. For example, to search for any resource that includes the name of an S3 bucket, such as my_s3, search for *my_s3*.

Filter Resources by Date and Time Range

At the top of the page, you'll find date/time range and parameter filters. The Date range icon offers preset options for displaying resources based on their last collection date:

  • Latest week
  • Latest month
  • Custom

Click Custom to select the start and end date/time manually.

Note

All collection timestamps are in local time.
Note

The number of alerts shown corresponds to the latest date in the time range that the resource were collected. For example, if you set the date and time range to Monday through Friday, and the resource was found in the first 4 days, we would show the finding for Thursday.

Alerts reset with each daily scan for resources. Therefore, if there were no alerts on Thursday, you would see 0 alerts even if there were alerts on Monday and Tuesday.

Available Filters

Preset filter groups let you quickly refine the list of resources. For example, to explore resources from the us-east-1, you can select the corresponding filter from the Region dropdown.

Available filter groups include:

  • Resource Group
  • Resource Type
  • Internet exposure
  • Region
  • Tags
  • Category
  • Resource identifier
  • Has Public IP
  • IP Address
  • Related resource identifier
  • Alerts
  • Vulnerabilities
  • Compliance Violations
  • Attack Paths
  • Cloud type

Resource List

The resource list shows all resources collected by Lacework FortiCNAPP in the selected time range that meet filter or search criteria you have specified, if any.

For each resource, the list shows the name of the resource, its IP addresses, type, organization, and more.

Every resource collected in Lacework FortiCNAPP also has a unique resource identifier. It may be helpful to understand how Lacework FortiCNAPP derives this identifier for various types of resources, depending on the cloud type:

  • For Azure resources, Lacework FortiCNAPP uses the Azure resource ID as the resource identifier.

  • For Google Cloud, Lacework FortiCNAPP uses the full resource name.

  • For AWS, if the resource has an ARN, Lacework FortiCNAPP uses the ARN value as the resource identifier. If a resource does not have an ARN in AWS, Lacework FortiCNAPP creates an URN to use as the resource identifier for it. Identifiers created by Lacework FortiCNAPP are distinguished by the urn:lacework:aws prefix.

    An example of such a resource identifier is as follows:

    urn:lacework:aws:aws:rds:us-east-2:991966387703:db-parameter/default.aurora-postgresql14:apg_enable_correlated_any_transform

It is important to note that such URNs were generated for an existing cloud resource or artifact by Lacework FortiCNAPP, in the absence of an ARN.

Internet Exposure

  • Yes - Lacework FortiCNAPP detected a path to the resource from the internet.
  • No - Lacework FortiCNAPP did not detect a path to the resource from the internet.
  • Not evaluated - Lacework FortiCNAPP has not evaluated the resource.
  • Not applicable - Resources such as API keys that are not applicable for internet exposure.

Resource Data Drawer

From the Resource list, click a resource to display its details, including:

  • Overview and Summary:
    • Gain insights into the number of vulnerabilities, compliance findings, alerts, and available attack paths related to the selected resource.
  • Properties:
    • Access resource properties, including its last collection time, resource name, resource type, ID, and any changes that occurred in the last 24 hours.
  • Configuration Changes:
    • Examine the most recent configuration changes, providing an opportunity to verify if these changes align with the intended configuration.
    • Retrieve the timestamps indicating the start and end times of the latest ingestion process.
  • Related resources:
    • Capture all outbound and inbound resources that are related to this resource, allowing you to assess the risk associated with these connections and take necessary security measures.
Note

Not all resources have a Related Resources section.
Previous
Next