Skip to main content

Azure Inventory

Overview

The Lacework Console provides visibility into Microsoft Azure resources that are integrated with Lacework. A resource can be any entity within the cloud deployment, such as Virtual Machines, Storage Accounts, Network Gateways, etc. The Azure Resource Inventory page allows you to view and monitor in-use Azure resources’ risk, compliance, and configuration changes and provides visibility for team members with limited or no access to the Azure portal. Because Lacework takes regular snapshots of your resources, you can track their changes (diffs) through the Lacework Console.

Azure resources are the components that enable services on Microsoft Azure. To access the Resource Inventory page, navigate to Resources > Azure Inventory.

For more information about Microsoft Azure integration with Lacework, see Azure Compliance and Audit Trail Integration - Terraform Using Azure Cloud Shell and Azure Compliance and Audit Trail Integration - Terraform From Any Supported Host.

Lacework takes a snapshot of resources on a periodic time frame. Depending on the time that Lacework takes the snapshot, changes may not be captured until up to 24 hours after the changes are made. See the following examples:

  • A resource change is made on Monday at 1:00 AM and Lacework takes a snapshot on Monday at 2:00 AM, the snapshot includes the change.
  • A resource change is made on Monday at 3:00 AM but Lacework took a snapshot on Monday at 2:00 AM, the snapshot does not include the change. The next snapshot on Tuesday at 2:00 AM will capture the change.

Supported Resource Types

Resource inventory supports the following resource types.

Azure Resource Graph TableAzure Resource Type
Microsoft.AzureActiveDirectory
Expand to view the list of resource types
  • Microsoft.AzureActiveDirectory/guestUsages (Guest Usages)
  • Microsoft.AzureActiveDirectory/b2cDirectories (B2C Tenants)
Microsoft.Cache
Expand to view the list of resource types
  • Microsoft.Cache/Redis (Azure Cache for Redis)
  • Microsoft.Cache/RedisEnterprise (Redis Enterprise)
Microsoft.Cache
Expand to view the list of resource types
  • Microsoft.Compute/ProximityPlacementGroups (Proximity Placement Groups)
  • Microsoft.Compute/sharedVmImages/versions
  • Microsoft.Compute/capacityReservationGroups (Capacity Reservation Groups)
  • Microsoft.Compute/diskEncryptionSets (Disk Encryption Sets)
  • Microsoft.Compute/galleries/applications/versions (VM Application Versions)
  • Microsoft.Compute/virtualMachineScaleSets (Virtual Machine Scale Sets)
  • Microsoft.Compute/capacityReservationGroups/capacityReservations
  • Microsoft.Compute/cloudServices (Cloud Services (extended support))
  • Microsoft.Compute/sharedVmExtensions
  • Microsoft.Compute/sshPublicKeys (SSH keys)
  • Microsoft.Compute/sharedVmImages
  • Microsoft.Compute/virtualMachines/runCommands
  • Microsoft.Compute/VirtualMachines (Virtual Machines)
  • Microsoft.Compute/images (Images)
  • Microsoft.Compute/galleries/applications (VM Application Definitions)
  • Microsoft.Compute/disks (Disks)
  • Microsoft.Compute/swiftlets
  • Microsoft.Compute/snapshots (Snapshots)
  • Microsoft.Compute/virtualMachines/extensions
  • Microsoft.Compute/diskAccesses (Disk Accesses)
  • Microsoft.Compute/galleries/images/versions (VM Image Versions)
  • Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/publicIPAddresses
  • Microsoft.Compute/restorePointCollections (Restore Point Collections)
  • Microsoft.Compute/hostGroups/hosts (Hosts)
  • Microsoft.Compute/sharedVmExtensions/versions
  • Microsoft.Compute/capacityReservations
  • Microsoft.Compute/availabilitySets (Availability Sets)
  • Microsoft.Compute/hostGroups (Host Groups)
  • Microsoft.Compute/galleries/images (VM Image Definitions)
  • Microsoft.Compute/galleries (Azure Compute Galleries)
Microsoft.ContainerInstanceMicrosoft.ContainerInstance/containerGroups (Container Instances)
Microsoft.ContainerRegistry
Expand to view the list of resource types
  • Microsoft.ContainerRegistry/registries/tasks
  • Microsoft.ContainerRegistry/registries (Container Registries)
  • Microsoft.ContainerRegistry/registries/buildTasks
  • Microsoft.ContainerRegistry/registries/replications (Container Registry Replications)
  • Microsoft.ContainerRegistry/registries/webhooks (Container Registry Webhooks)
  • Microsoft.ContainerRegistry/registries/taskRuns
  • Microsoft.ContainerRegistry/registries/agentPools
Microsoft.ContainerService
Expand to view the list of resource types
  • Microsoft.ContainerService/openShiftManagedCluster
  • Microsoft.ContainerService/containerServices
  • Microsoft.ContainerService/snapshots
  • Microsoft.ContainerService/managedClusters (Kubernetes Services)
Microsoft.DBforMariaDBMicrosoft.DBforMariaDB/servers (Azure Database for MariaDB Servers)
Microsoft.DBforMySQL
Expand to view the list of resource types
  • Microsoft.DBforMySQL/flexibleServers (Azure Database for MySQL Flexible Servers)
  • Microsoft.DBforMySQL/servers (Azure Database for MySQL Servers)
Microsoft.DBforPostgreSQL
Expand to view the list of resource types
  • Microsoft.DBforPostgreSQL/serverGroups (Azure Database for PostgreSQL Server Groups)
  • Microsoft.DBforPostgreSQL/serverGroupsv2 (Azure Database for PostgreSQL Server Groups)
  • Microsoft.DBforPostgreSQL/servers (Azure Database for PostgreSQL Servers)
  • Microsoft.DBforPostgreSQL/singleServers
  • Microsoft.DBforPostgreSQL/serversv2 (Azure Database for PostgreSQL Servers v2)
  • Microsoft.DBforPostgreSQL/flexibleServers (Azure Database for PostgreSQL Flexible Servers)
Microsoft.Insights
Expand to view the list of resource types
  • Microsoft.Insights/activityLogAlerts
  • Microsoft.Insights/workbooks (Azure Workbooks)
  • Microsoft.Insights/dataCollectionEndpoints (Data Collection Endpoints)
  • Microsoft.Insights/scheduledQueryRules
  • Microsoft.Insights/workbooktemplates (Azure Workbook Templates)
  • Microsoft.Insights/actionGroups
  • Microsoft.Insights/notificationGroups
  • Microsoft.Insights/alertRules
  • Microsoft.Insights/components (Application Insights)
  • Microsoft.Insights/metricAlerts
  • Microsoft.Insights/dataCollectionRules (Data Collection Rules)
  • Microsoft.Insights/notificationRules
  • Microsoft.Insights/autoscaleSettings
  • Microsoft.Insights/privateLinkScopes (Azure Monitor Private Link Scopes)
  • Microsoft.Insights/guestDiagnosticSettings
  • Microsoft.Insights/queryPacks
  • Microsoft.Insights/webtests (Availability Tests)
Microsoft.KeyVault
Expand to view the list of resource types
  • Microsoft.KeyVault/HSMpools
  • Microsoft.KeyVault/managedHSMs
  • Microsoft.KeyVault/vaults (Key Vaults)
Microsoft.KubernetesMicrosoft.Kubernetes/connectedClusters (Kubernetes - Azure Arc)
Microsoft.Network
Expand to view the list of resource types
  • Microsoft.Network privateDnsZones/virtualNetworkLinks
  • Microsoft.Network/NetworkSecurityGroups (Network Security Groups)
  • Microsoft.Network/virtualWans (Virtual WANs)
  • Microsoft.Network/applicationSecurityGroups (Application Security Groups)
  • Microsoft.Network/bastionHosts (Bastions)
  • Microsoft.Network/trafficManagerProfiles
  • Microsoft.Network/virtualRouters
  • Microsoft.Network/customIpPrefixes (Custom IP Prefixes)
  • Microsoft.Network/virtualHubs
  • Microsoft.Network/routeFilters (Route Filters)
  • Microsoft.Network/loadBalancers (Load Balancers)
  • Microsoft.Network/vpnServerConfigurations
  • Microsoft.Network/publicIpPrefixes (Public IP Prefixes)
  • Microsoft.Network/dnsForwardingRulesets (Dns Forwarding Rulesets)
  • Microsoft.Network/networkSecurityPerimeters
  • Microsoft.Network/applicationGateways (Application Gateways)
  • Microsoft.Network/networkProfiles
  • Microsoft.Network/routeTables (Route Tables)
  • Microsoft.Network/vpnGateways
  • Microsoft.Network/securityPartnerProviders
  • Microsoft.Network/dnsResolvers (DNS Private Resolvers)
  • Microsoft.Network/networkWatchers/pingMeshes
  • Microsoft.Network/privateDnsZones (Private DNS zones)
  • Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies (Application Gateway WAF Policies)
  • Microsoft.Network/networkManagers (Network Managers)
  • Microsoft.Network/vpnSites
  • Microsoft.Network/IpAllocations
  • Microsoft.Network/azureFirewalls (Firewalls)
  • Microsoft.Network/networkWatchers/lenses
  • Microsoft.Network/NetworkExperimentProfiles (Internet Analyzer Profiles)
  • Microsoft.Network/expressRoutePorts (ExpressRoute Direct)
  • Microsoft.Network/firewallPolicies (Firewall Policies)
  • Microsoft.Network/networkWatchers/connectionMonitors
  • Microsoft.Network/firewallPolicies/ruleGroups
  • Microsoft.Network/p2sVpnGateways
  • Microsoft.Network/dnsZones (DNS zones)
  • Microsoft.NetworkFunction/azureTrafficCollectors
  • Microsoft.Network/networkWatchers/flowLogs (NSG Flow Logs)
  • Microsoft.Network/serviceEndpointPolicies (Service Endpoint Policies)
  • Microsoft.Network/masterCustomIpPrefixes
  • Microsoft.Network/dscpConfigurations
  • Microsoft.Network/frontDoors (Front Doors)
  • Microsoft.Network/FrontDoorWebApplicationFirewallPolicies (Web Application Firewall Policies (WAF))
  • Microsoft.Network/networkIntentPolicies
  • Microsoft.Network/virtualNetworkTaps
  • Microsoft.Network/virtualHubs/bgpConnections
  • Microsoft.Network/expressRouteGateways
  • Microsoft.Network/ddosProtectionPlans (DDoS Protection Plans)
  • Microsoft.Network/virtualNetworks (Virtual Networks)
  • Microsoft.Network/connections (Connections)
  • Microsoft.Network/privateEndpointRedirectMaps
  • Microsoft.Network/networkVirtualAppliances
  • Microsoft.Network/privateEndpoints (Private Endpoints)
  • Microsoft.Network/virtualNetworkGateways (Virtual Network Gateways)
  • Microsoft.Network/ipGroups (IP Groups)
  • Microsoft.Network/dnsResolvers/outboundEndpoints
  • Microsoft.Network/networkInterfaces (Network Interfaces)
  • Microsoft.Network/ddosCustomPolicies
  • Microsoft.Network/networkWatchers (Network Watchers)
  • Microsoft.Network/expressRouteCircuits (ExpressRoute Circuits)
  • Microsoft.Network/virtualHubs/ipConfigurations
  • Microsoft.Network/natGateways (NAT Gateways)
  • Microsoft.Network/privateLinkServices (Private Link Services)
  • Microsoft.Network/dnsResolvers/inboundEndpoints
  • Microsoft.Network/localNetworkGateways (Local Network Gateways)
  • Microsoft.Network/PublicIpAddresses (Public IP Addresses)
  • Microsoft.Network/expressRouteCrossConnections
  • Microsoft.Network/sampleResources
Microsoft.RecoveryServices
Expand to view the list of resource types
  • Microsoft.RecoveryServices/vaults/backupStorageConfig
  • Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems
  • Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers
  • Microsoft.RecoveryServices/vaults/replicationFabrics
  • Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings
  • Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders
  • Microsoft.RecoveryServices/vaults (Recovery Services Vaults)
Microsoft.Security
Expand to view the list of resource types
  • Microsoft.Security/assignments
  • Microsoft.Security/iotSecuritySolutions
  • Microsoft.Security/customEntityStoreAssignments
  • Microsoft.SecurityDetonation/chambers (Security Detonation Chambers)
  • Microsoft.Security/securityConnectors
  • Microsoft.SecurityDevops/githubConnectors
  • Microsoft.Security/automations
  • Microsoft.Security/dataScanners
  • Microsoft.Security/standards
Microsoft.Sql
Expand to view the list of resource types
  • Microsoft.Sql/servers (SQL Servers)
  • Microsoft.SqlVirtualMachine/SqlVirtualMachines (SQL Virtual Machines)
  • Microsoft.Sql/servers/databases (SQL Databases)
  • Microsoft.Sql/servers/elasticPools (SQL Elastic Pools)
  • Microsoft.Sql/managedInstances/databases (Managed Databases)
  • Microsoft.SqlVirtualMachine/sqlVirtualMachineGroups
  • Microsoft.Sql/managedInstances (SQL Managed Instances)
  • Microsoft.Sql/instancePools (Instance Pools)
  • Microsoft.Sql/servers/jobAccounts
  • Microsoft.Sql/virtualClusters (Virtual Clusters)
  • Microsoft.Sql/servers/jobAgents (Elastic Job Agents)
  • Microsoft.Sql/servers/administrators
Microsoft.SqlVMMicrosoft.SqlVM
Microsoft.Storage
Expand to view the list of resource types
  • Microsoft.StorageCache/amlFilesystems (Lustre File Systems)
  • Microsoft.StorageCache/caches (HPC Caches)
  • Microsoft.StorageSync/storageSyncServices (Storage Sync Services)
  • Microsoft.Storage/dataMovers
  • Microsoft.Storage/StorageAccounts (Storage Accounts)
  • Microsoft.StorageSyncDev/storageSyncServices (Storage Sync Services)
  • Microsoft.StoragePool/diskPools (Disk Pools)
  • Microsoft.StorageSyncInt/storageSyncServices (Storage Sync Services)
Microsoft.Synapse
Expand to view the list of resource types
  • Microsoft.Synapse/workspaces/kustoPools (Data Explorer Pools (preview))
  • Microsoft.Synapse/workspaces/eventStreams
  • Microsoft.Synapse/workspaces/bigDataPools (Apache Spark Pools)
  • Microsoft.Synapse/privateLinkHubs (Azure Synapse Analytics (private link hubs))
  • Microsoft.Synapse/workspaces/sqlDatabases
  • Microsoft.Synapse/workspaces (Azure Synapse Analytics)
  • Microsoft.Synapse/workspaces/sqlPools (Dedicated SQL Pools)
Microsoft.Web
Expand to view the list of resource types
  • Microsoft.Web/apiManagementAccounts
  • Microsoft.Web/containerApps (Container Apps)
  • Microsoft.Web/sites/premierAddons
  • Microsoft.Web/sites (App Services)
  • Microsoft.Web/apiManagementAccounts/apis
  • Microsoft.Web/connections (API Connections)
  • Microsoft.Web/sites/slots (App Service (Slots))
  • Microsoft.Web/connectionGateways (On-premises Data Gateways)
  • Microsoft.Web/StaticSites (Static Web Apps)
  • Microsoft.Web/KubeEnvironments (App Service Kubernetes Environments)
  • Microsoft.Web/customApis (Logic Apps Custom Connector)
  • Microsoft.Web/HostingEnvironments (App Service Environments)
  • Microsoft.Web/serverFarms (App Service Plans)
  • Microsoft.Web/workerApps
  • Microsoft.Web/certificates

In addition to the above resource types, Lacework resource inventory also ingests the following Active Directory resource types.

Lacework Resource Type: organization
Microsoft Graph Type: organization
Lacework Resource Type: user
Microsoft Graph Type: user
Lacework Resource Type: group
Microsoft Graph Type: group
Lacework Resource Type: group_member
Microsoft Graph Type: (Not applicable as this is a dependant field of group)
Lacework Resource Type: group_owner
Microsoft Graph Type: (Not applicable as this is a dependant field of group)
Lacework Resource Type: servicePrincipal
Microsoft Graph Type: servicePrincipal
Lacework Resource Type: appRoleAssignment
Microsoft Graph Type: appRoleAssignment
Lacework Resource Type: directoryRole
Microsoft Graph Type: directoryRole
Lacework Resource Type: domain
Microsoft Graph Type: domain
Lacework Resource Type: administrativeUnit
Microsoft Graph Type: administrativeUnit
note

For the full list of possible resources, see Azure Resource Graph table and resource type reference and Azure Resource Containers.
To view the list of resources from the Azure portal, select Menu > All Resources.

Configure Permissions to Enable Access to Azure Resources

In order to access and manage Azure resources, you must enable certain permissions through the use of Azure built-in roles, see Azure Compliance Integration - Manually Using the Azure Portal

Resource Summary

Lacework populates this page after at least one Azure integration is configured. The date/time range filter and any optional filters at top of the page apply to all data displayed on the page. If nothing is displayed, consider increasing the date range.

To access the Resource Summary information on the Azure Resource Inventory page, navigate to Resources > Azure Inventory.

Above the right side of the table, the following icons are available.

IconLabelDescription
download_csv.pngDownload in CSV formatClick the Download in CSV format icon to get a comma-separated file of the table contents.
select_columns.pngSelect display columnsClick the Select display columns icon to hide or show the set of columns that are displayed in the table.
Refresh.pngRefresh dataClick the Refresh data icon to refresh the table data.
full_screen.pngFull screenClick the Full screen icon to show the table on the entire screen.

We describe the columns in the Resources Summary table in the following sections. Each row in the table represents a resource.

ColumnDescription
Resource NameDisplays the name of the Azure resource type. Click the name to open the resource’s configuration.
Recently Updated (24hrs)Displays whether there was an update in the last 24 hours.
OrganizationDisplays the specific organization that the resource type belongs to. Organizations contain folders, which in turn contain projects of resource types.
Folder IDDisplays the specific folder identifier that the resource type belongs to. A resource can belong to a folder. That folder can belong to another folder, which in turn can belong to yet another folder. To view the hierarchy of this multiple folder structure, click the specific Folder ID to view the folder hierarchy.
Project IDDisplays the specific project that the resource type belongs to. Projects allow you to organize and group together resource types into specific projects.
ServiceDisplays the Azure service that the resource corresponds to.
TypeDisplays the type of resource.
RegionDisplays the region where the resource is located.
StatusDisplays the status of data collection from the resource.
TagsClick {...} to open the resource’s tags.
Last Discovered TimeDisplays the last time the Lacework agent discovered the resource.

Configuration Diffs

To view a configuration diff, click a resource name under the Resource Name column. This opens a pane with configuration details. When a diff is present, it is always compared to the current configuration. If more than two configuration histories exist, click View more to display the Configuration History page.

To view a resource’s tag information, click {...} in the Tags column.

If you change an API (primary API) configuration, then it appears as a diff in the Lacework Console.

Configuration History

This page provides configuration histories for a resource. To open the Configuration History page, click View more. The link is available only if the resource has more than two configuration histories.

To compare two configurations, select their checkboxes and click the diff configurations icon.

We describe the columns in the Configuration History table in the following sections.

ColumnDescription
ConfigurationClick to view the configuration.
Start TimeDisplays when data collection started.
End TimeDisplays when data collection ended.