Azure Inventory
Overview
The Lacework Console provides visibility into Microsoft Azure resources that are integrated with Lacework. A resource can be any entity within the cloud deployment, such as Virtual Machines, Storage Accounts, Network Gateways, etc. The Azure Resource Inventory page allows you to view and monitor in-use Azure resources’ risk, compliance, and configuration changes and provides visibility for team members with limited or no access to the Azure portal. Because Lacework takes regular snapshots of your resources, you can track their changes (diffs) through the Lacework Console.
Azure resources are the components that enable services on Microsoft Azure. To access the Resource Inventory page, navigate to Resources > Azure Inventory.
For more information about Microsoft Azure integration with Lacework, see Azure Compliance and Audit Trail Integration - Terraform Using Azure Cloud Shell and Azure Compliance and Audit Trail Integration - Terraform From Any Supported Host.
Lacework takes a snapshot of resources on a periodic time frame. Depending on the time that Lacework takes the snapshot, changes may not be captured until up to 24 hours after the changes are made. See the following examples:
- A resource change is made on Monday at 1:00 AM and Lacework takes a snapshot on Monday at 2:00 AM, the snapshot includes the change.
- A resource change is made on Monday at 3:00 AM but Lacework took a snapshot on Monday at 2:00 AM, the snapshot does not include the change. The next snapshot on Tuesday at 2:00 AM will capture the change.
Supported Resource Types
Resource inventory supports the following resource types.
Azure Resource Graph Table | Azure Resource Type |
---|---|
Microsoft.AzureActiveDirectory | Expand to view the list of resource types
|
Microsoft.Cache | Expand to view the list of resource types
|
Microsoft.Cache | Expand to view the list of resource types
|
Microsoft.ContainerInstance | Microsoft.ContainerInstance/containerGroups (Container Instances) |
Microsoft.ContainerRegistry | Expand to view the list of resource types
|
Microsoft.ContainerService | Expand to view the list of resource types
|
Microsoft.DBforMariaDB | Microsoft.DBforMariaDB/servers (Azure Database for MariaDB Servers) |
Microsoft.DBforMySQL | Expand to view the list of resource types
|
Microsoft.DBforPostgreSQL | Expand to view the list of resource types
|
Microsoft.Insights | Expand to view the list of resource types
|
Microsoft.KeyVault | Expand to view the list of resource types
|
Microsoft.Kubernetes | Microsoft.Kubernetes/connectedClusters (Kubernetes - Azure Arc) |
Microsoft.Network | Expand to view the list of resource types
|
Microsoft.RecoveryServices | Expand to view the list of resource types
|
Microsoft.Security | Expand to view the list of resource types
|
Microsoft.Sql | Expand to view the list of resource types
|
Microsoft.SqlVM | Microsoft.SqlVM |
Microsoft.Storage | Expand to view the list of resource types
|
Microsoft.Synapse | Expand to view the list of resource types
|
Microsoft.Web | Expand to view the list of resource types
|
In addition to the above resource types, Lacework resource inventory also ingests the following Active Directory resource types.
Lacework Resource Type: organization
Microsoft Graph Type: organization
OData Type of Response | URL Used to Fetch the Resource | Resource Object Properties |
---|---|---|
microsoft.graph.organization | GET https://graph.microsoft.com/v1.0/organization | Organization Resource Type |
Lacework Resource Type: user
Microsoft Graph Type: user
OData Type of Response | URL Used to Fetch the Resource | Resource Object Properties |
---|---|---|
microsoft.graph.user | GET https://graph.microsoft.com/v1.0/users?$select=id,displayName,givenName,userPrincipalName,userType,passwordPolicies,onPremisesExtensionAttributes | User Resource Type |
Lacework Resource Type: group
Microsoft Graph Type: group
OData Type of Response | URL Used to Fetch the Resource | Resource Object Properties |
---|---|---|
microsoft.graph.group | GET https://graph.microsoft.com/v1.0/groups | Group Resource Type |
Lacework Resource Type: group_member
Microsoft Graph Type: (Not applicable as this is a dependant field of group)
OData Type of Response | URL Used to Fetch the Resource | Resource Object Properties |
---|---|---|
microsoft.graph.user | GET https://graph.microsoft.com/v1.0/groups/[id]/members | Directory Object Resource Type |
Lacework Resource Type: group_owner
Microsoft Graph Type: (Not applicable as this is a dependant field of group)
OData Type of Response | URL Used to Fetch the Resource | Resource Object Properties |
---|---|---|
microsoft.graph.user | GET https://graph.microsoft.com/v1.0/groups/[id]/owners | User Resource Type |
Lacework Resource Type: servicePrincipal
Microsoft Graph Type: servicePrincipal
OData Type of Response | URL Used to Fetch the Resource | Resource Object Properties |
---|---|---|
microsoft.graph.servicePrincipal | GET https://graph.microsoft.com/v1.0/servicePrincipals | Service Principal Resource Type |
Lacework Resource Type: appRoleAssignment
Microsoft Graph Type: appRoleAssignment
OData Type of Response | URL Used to Fetch the Resource | Resource Object Properties |
---|---|---|
microsoft.graph.appRoleAssignments | GET https://graph.microsoft.com/v1.0/servicePrincipals/(ID)/appRoleAssignments | App Role Assignment Resource Type |
Lacework Resource Type: directoryRole
Microsoft Graph Type: directoryRole
OData Type of Response | URL Used to Fetch the Resource | Resource Object Properties |
---|---|---|
microsoft.graph.directoryRole | GET https://graph.microsoft.com/v1.0/directoryRoles | Directory Role Resource Type |
Lacework Resource Type: domain
Microsoft Graph Type: domain
OData Type of Response | URL Used to Fetch the Resource | Resource Object Properties |
---|---|---|
microsoft.graph.domain | GET https://graph.microsoft.com/v1.0/domains | Domain Resource Type |
Lacework Resource Type: administrativeUnit
Microsoft Graph Type: administrativeUnit
OData Type of Response | URL Used to Fetch the Resource | Resource Object Properties |
---|---|---|
microsoft.graph.administrativeUnit | GET https://graph.microsoft.com/v1.0/directory/administrativeUnits | Administrative Unit Resource Type |
For the full list of possible resources, see Azure Resource Graph table and resource type reference and Azure Resource Containers.
To view the list of resources from the Azure portal, select Menu > All Resources.
Configure Permissions to Enable Access to Azure Resources
In order to access and manage Azure resources, you must enable certain permissions through the use of Azure built-in roles, see Azure Compliance Integration - Manually Using the Azure Portal
Resource Summary
Lacework populates this page after at least one Azure integration is configured. The date/time range filter and any optional filters at top of the page apply to all data displayed on the page. If nothing is displayed, consider increasing the date range.
To access the Resource Summary information on the Azure Resource Inventory page, navigate to Resources > Azure Inventory.
Above the right side of the table, the following icons are available.
Icon | Label | Description |
---|---|---|
Download in CSV format | Click the Download in CSV format icon to get a comma-separated file of the table contents. | |
Select display columns | Click the Select display columns icon to hide or show the set of columns that are displayed in the table. | |
Refresh data | Click the Refresh data icon to refresh the table data. | |
Full screen | Click the Full screen icon to show the table on the entire screen. |
We describe the columns in the Resources Summary table in the following sections. Each row in the table represents a resource.
Column | Description |
---|---|
Resource Name | Displays the name of the Azure resource type. Click the name to open the resource’s configuration. |
Recently Updated (24hrs) | Displays whether there was an update in the last 24 hours. |
Organization | Displays the specific organization that the resource type belongs to. Organizations contain folders, which in turn contain projects of resource types. |
Folder ID | Displays the specific folder identifier that the resource type belongs to. A resource can belong to a folder. That folder can belong to another folder, which in turn can belong to yet another folder. To view the hierarchy of this multiple folder structure, click the specific Folder ID to view the folder hierarchy. |
Project ID | Displays the specific project that the resource type belongs to. Projects allow you to organize and group together resource types into specific projects. |
Service | Displays the Azure service that the resource corresponds to. |
Type | Displays the type of resource. |
Region | Displays the region where the resource is located. |
Status | Displays the status of data collection from the resource. |
Tags | Click {...} to open the resource’s tags. |
Last Discovered Time | Displays the last time the Lacework agent discovered the resource. |
Configuration Diffs
To view a configuration diff, click a resource name under the Resource Name column. This opens a pane with configuration details. When a diff is present, it is always compared to the current configuration. If more than two configuration histories exist, click View more to display the Configuration History page.
To view a resource’s tag information, click {...} in the Tags column.
If you change an API (primary API) configuration, then it appears as a diff in the Lacework Console.
Configuration History
This page provides configuration histories for a resource. To open the Configuration History page, click View more. The link is available only if the resource has more than two configuration histories.
To compare two configurations, select their checkboxes and click the diff configurations icon.
We describe the columns in the Configuration History table in the following sections.
Column | Description |
---|---|
Configuration | Click to view the configuration. |
Start Time | Displays when data collection started. |
End Time | Displays when data collection ended. |