Skip to main content

Azure Inventory

Overview

The Lacework Console provides visibility into Microsoft Azure resources that are integrated with Lacework. A resource can be any entity within the cloud deployment, such as Virtual Machines, Storage Accounts, Network Gateways, etc. The Azure Resource Inventory page allows you to view and monitor in-use Azure resources’ risk, compliance, and configuration changes and provides visibility for team members with limited or no access to the Azure portal. Because Lacework takes regular snapshots of your resources, you can track their changes (diffs) through the Lacework Console.

Azure resources are the components that enable services on Microsoft Azure. To access the Resource Inventory page, navigate to Resources > Azure Inventory.

For more information about Microsoft Azure integration with Lacework, see Azure Compliance and Audit Trail Integration - Terraform Using Azure Cloud Shell and Azure Compliance and Audit Trail Integration - Terraform From Any Supported Host.

Lacework takes a snapshot of resources on a periodic time frame. Depending on the time that Lacework takes the snapshot, changes may not be captured until up to 24 hours after the changes are made. See the following examples:

  • A resource change is made on Monday at 1:00 AM and Lacework takes a snapshot on Monday at 2:00 AM, the snapshot includes the change.
  • A resource change is made on Monday at 3:00 AM but Lacework took a snapshot on Monday at 2:00 AM, the snapshot does not include the change. The next snapshot on Tuesday at 2:00 AM will capture the change.

Supported Resource Types

Resource inventory supports the following resource types.

Azure Resource Graph TableAzure Resource Type
Microsoft.AzureActiveDirectoryMicrosoft.AzureActiveDirectory/guestUsages (Guest Usages)
Microsoft.AzureActiveDirectory/b2cDirectories (B2C Tenants)
Microsoft.CacheMicrosoft.Cache/Redis (Azure Cache for Redis)
Microsoft.Cache/RedisEnterprise (Redis Enterprise)
Microsoft.ComputeMicrosoft.Compute/ProximityPlacementGroups (Proximity Placement Groups)
Microsoft.Compute/sharedVmImages/versions
Microsoft.Compute/capacityReservationGroups (Capacity Reservation Groups)
Microsoft.Compute/diskEncryptionSets (Disk Encryption Sets)
Microsoft.Compute/galleries/applications/versions (VM Application Versions)
Microsoft.Compute/virtualMachineScaleSets (Virtual Machine Scale Sets)
Microsoft.Compute/capacityReservationGroups/capacityReservations
Microsoft.Compute/cloudServices (Cloud Services (extended support))
Microsoft.Compute/sharedVmExtensions
Microsoft.Compute/sshPublicKeys (SSH keys)
Microsoft.Compute/sharedVmImages
Microsoft.Compute/virtualMachines/runCommands
Microsoft.Compute/VirtualMachines (Virtual Machines)
Microsoft.Compute/images (Images)
Microsoft.Compute/galleries/applications (VM Application Definitions)
Microsoft.Compute/disks (Disks)
Microsoft.Compute/swiftlets
Microsoft.Compute/snapshots (Snapshots)
Microsoft.Compute/virtualMachines/extensions
Microsoft.Compute/diskAccesses (Disk Accesses)
Microsoft.Compute/galleries/images/versions (VM Image Versions)
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/publicIPAddresses
Microsoft.Compute/restorePointCollections (Restore Point Collections)
Microsoft.Compute/hostGroups/hosts (Hosts)
Microsoft.Compute/sharedVmExtensions/versions
Microsoft.Compute/capacityReservations
Microsoft.Compute/availabilitySets (Availability Sets)
Microsoft.Compute/hostGroups (Host Groups)
Microsoft.Compute/galleries/images (VM Image Definitions)
Microsoft.Compute/galleries (Azure Compute Galleries)
Microsoft.ContainerInstanceMicrosoft.ContainerInstance/containerGroups (Container Instances)
Microsoft.ContainerRegistryMicrosoft.ContainerRegistry/registries/tasks
Microsoft.ContainerRegistry/registries (Container Registries)
Microsoft.ContainerRegistry/registries/buildTasks
Microsoft.ContainerRegistry/registries/replications (Container Registry Replications)
Microsoft.ContainerRegistry/registries/webhooks (Container Registry Webhooks)
Microsoft.ContainerRegistry/registries/taskRuns
Microsoft.ContainerRegistry/registries/agentPools
Microsoft.ContainerServiceMicrosoft.ContainerService/openShiftManagedCluster
Microsoft.ContainerService/containerServices
Microsoft.ContainerService/snapshots
Microsoft.ContainerService/managedClusters (Kubernetes Services)
Microsoft.DBforMariaDBMicrosoft.DBforMariaDB/servers (Azure Database for MariaDB Servers)
Microsoft.DBforMySQLMicrosoft.DBforMySQL/flexibleServers (Azure Database for MySQL Flexible Servers)
Microsoft.DBforMySQL/servers (Azure Database for MySQL Servers)
Microsoft.DBforPostgreSQLMicrosoft.DBforPostgreSQL/serverGroups (Azure Database for PostgreSQL Server Groups)
Microsoft.DBforPostgreSQL/serverGroupsv2 (Azure Database for PostgreSQL Server Groups)
Microsoft.DBforPostgreSQL/servers (Azure Database for PostgreSQL Servers)
Microsoft.DBforPostgreSQL/singleServers
Microsoft.DBforPostgreSQL/serversv2 (Azure Database for PostgreSQL Servers v2)
Microsoft.DBforPostgreSQL/flexibleServers (Azure Database for PostgreSQL Flexible Servers)
Microsoft.InsightsMicrosoft.Insights/activityLogAlerts
Microsoft.Insights/workbooks (Azure Workbooks)
Microsoft.Insights/dataCollectionEndpoints (Data Collection Endpoints)
Microsoft.Insights/scheduledQueryRules
Microsoft.Insights/workbooktemplates (Azure Workbook Templates)
Microsoft.Insights/actionGroups
Microsoft.Insights/notificationGroups
Microsoft.Insights/alertRules
Microsoft.Insights/components (Application Insights)
Microsoft.Insights/metricAlerts
Microsoft.Insights/dataCollectionRules (Data Collection Rules)
Microsoft.Insights/notificationRules
Microsoft.Insights/autoscaleSettings
Microsoft.Insights/privateLinkScopes (Azure Monitor Private Link Scopes)
Microsoft.Insights/guestDiagnosticSettings
Microsoft.Insights/queryPacks
Microsoft.Insights/webtests (Availability Tests)
Microsoft.KeyVaultMicrosoft.KeyVault/HSMpools
Microsoft.KeyVault/managedHSMs
Microsoft.KeyVault/vaults (Key Vaults)
Microsoft.Network privateDnsZones/virtualNetworkLinks
Microsoft.Network/NetworkSecurityGroups (Network Security Groups)
Microsoft.Network/virtualWans (Virtual WANs)
Microsoft.Network/applicationSecurityGroups (Application Security Groups)
Microsoft.Network/bastionHosts (Bastions)
Microsoft.Network/trafficManagerProfiles
Microsoft.Network/virtualRouters
Microsoft.Network/customIpPrefixes (Custom IP Prefixes)
Microsoft.Network/virtualHubs
Microsoft.Network/routeFilters (Route Filters)
Microsoft.Network/loadBalancers (Load Balancers)
Microsoft.Network/vpnServerConfigurations
Microsoft.Network/publicIpPrefixes (Public IP Prefixes)
Microsoft.Network/dnsForwardingRulesets (Dns Forwarding Rulesets)
Microsoft.Network/networkSecurityPerimeters
Microsoft.Network/applicationGateways (Application Gateways)
Microsoft.Network/networkProfiles
Microsoft.Network/routeTables (Route Tables)
Microsoft.Network/vpnGateways
Microsoft.Network/securityPartnerProviders
Microsoft.Network/dnsResolvers (DNS Private Resolvers)
Microsoft.Network/networkWatchers/pingMeshes
Microsoft.Network/privateDnsZones (Private DNS zones)
Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies (Application Gateway WAF Policies)
Microsoft.Network/networkManagers (Network Managers)
Microsoft.Network/vpnSites
Microsoft.Network/IpAllocations
Microsoft.Network/azureFirewalls (Firewalls)
Microsoft.Network/networkWatchers/lenses
Microsoft.Network/NetworkExperimentProfiles (Internet Analyzer Profiles)
Microsoft.Network/expressRoutePorts (ExpressRoute Direct)
Microsoft.Network/firewallPolicies (Firewall Policies)
Microsoft.Network/networkWatchers/connectionMonitors
Microsoft.Network/firewallPolicies/ruleGroups
Microsoft.Network/p2sVpnGateways
Microsoft.Network/dnsZones (DNS zones)
Microsoft.NetworkFunction/azureTrafficCollectors
Microsoft.Network/networkWatchers/flowLogs (NSG Flow Logs)
Microsoft.Network/serviceEndpointPolicies (Service Endpoint Policies)
Microsoft.Network/masterCustomIpPrefixes
Microsoft.Network/dscpConfigurations
Microsoft.Network/frontDoors (Front Doors)
Microsoft.Network/FrontDoorWebApplicationFirewallPolicies (Web Application Firewall Policies (WAF))
Microsoft.Network/networkIntentPolicies
Microsoft.Network/virtualNetworkTaps
Microsoft.Network/virtualHubs/bgpConnections
Microsoft.Network/expressRouteGateways
Microsoft.Network/ddosProtectionPlans (DDoS Protection Plans)
Microsoft.Network/virtualNetworks (Virtual Networks)
Microsoft.Network/connections (Connections)
Microsoft.Network/privateEndpointRedirectMaps
Microsoft.Network/networkVirtualAppliances
Microsoft.Network/privateEndpoints (Private Endpoints)
Microsoft.Network/virtualNetworkGateways (Virtual Network Gateways)
Microsoft.Network/ipGroups (IP Groups)
Microsoft.Network/dnsResolvers/outboundEndpoints
Microsoft.Network/networkInterfaces (Network Interfaces)
Microsoft.Network/ddosCustomPolicies
Microsoft.Network/networkWatchers (Network Watchers)
Microsoft.Network/expressRouteCircuits (ExpressRoute Circuits)
Microsoft.Network/virtualHubs/ipConfigurations
Microsoft.Network/natGateways (NAT Gateways)
Microsoft.Network/privateLinkServices (Private Link Services)
Microsoft.Network/dnsResolvers/inboundEndpoints
Microsoft.Network/localNetworkGateways (Local Network Gateways)
Microsoft.Network/PublicIpAddresses (Public IP Addresses)
Microsoft.Network/expressRouteCrossConnections
Microsoft.Network/sampleResources
Microsoft.KubernetesMicrosoft.Kubernetes/connectedClusters (Kubernetes - Azure Arc)
Microsoft.RecoveryServicesMicrosoft.RecoveryServices/vaults/backupStorageConfig
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers
Microsoft.RecoveryServices/vaults/replicationFabrics
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders
Microsoft.RecoveryServices/vaults (Recovery Services Vaults)
Microsoft.SecurityMicrosoft.Security/assignments
Microsoft.Security/iotSecuritySolutions
Microsoft.Security/customEntityStoreAssignments
Microsoft.SecurityDetonation/chambers (Security Detonation Chambers)
Microsoft.Security/securityConnectors
Microsoft.SecurityDevops/githubConnectors
Microsoft.Security/automations
Microsoft.Security/dataScanners
Microsoft.Security/standards
Microsoft.SqlMicrosoft.Sql/servers (SQL Servers)
Microsoft.SqlVirtualMachine/SqlVirtualMachines (SQL Virtual Machines)
Microsoft.Sql/servers/databases (SQL Databases)
Microsoft.Sql/servers/elasticPools (SQL Elastic Pools)
Microsoft.Sql/managedInstances/databases (Managed Databases)
Microsoft.SqlVirtualMachine/sqlVirtualMachineGroups
Microsoft.Sql/managedInstances (SQL Managed Instances)
Microsoft.Sql/instancePools (Instance Pools)
Microsoft.Sql/servers/jobAccounts
Microsoft.Sql/virtualClusters (Virtual Clusters)
Microsoft.Sql/servers/jobAgents (Elastic Job Agents)
Microsoft.SqlVMMicrosoft.Sqlvm/dwvm
Microsoft.StorageMicrosoft.StorageCache/amlFilesystems (Lustre File Systems)
Microsoft.StorageCache/caches (HPC Caches)
Microsoft.StorageSync/storageSyncServices (Storage Sync Services)
Microsoft.Storage/dataMovers
Microsoft.Storage/StorageAccounts (Storage Accounts)
Microsoft.StorageSyncDev/storageSyncServices (Storage Sync Services)
Microsoft.StoragePool/diskPools (Disk Pools)
Microsoft.StorageSyncInt/storageSyncServices (Storage Sync Services)
Microsoft.SynapseMicrosoft.Synapse/workspaces/kustoPools (Data Explorer Pools (preview))
Microsoft.Synapse/workspaces/eventStreams
Microsoft.Synapse/workspaces/bigDataPools (Apache Spark Pools)
Microsoft.Synapse/privateLinkHubs (Azure Synapse Analytics (private link hubs))
Microsoft.Synapse/workspaces/sqlDatabases
Microsoft.Synapse/workspaces (Azure Synapse Analytics)
Microsoft.Synapse/workspaces/sqlPools (Dedicated SQL Pools)
Microsoft.WebMicrosoft.Web/apiManagementAccounts
Microsoft.Web/containerApps (Container Apps)
Microsoft.Web/sites/premierAddons
Microsoft.Web/sites (App Services)
Microsoft.Web/apiManagementAccounts/apis
Microsoft.Web/connections (API Connections)
Microsoft.Web/sites/slots (App Service (Slots))
Microsoft.Web/connectionGateways (On-premises Data Gateways)
Microsoft.Web/StaticSites (Static Web Apps)
Microsoft.Web/KubeEnvironments (App Service Kubernetes Environments)
Microsoft.Web/customApis (Logic Apps Custom Connector)
Microsoft.Web/HostingEnvironments (App Service Environments)
Microsoft.Web/serverFarms (App Service Plans)
Microsoft.Web/workerApps
Microsoft.Web/certificates

In addition to the above resource types, Lacework resource inventory also ingests the following Active Directory resource types.

Lacework Resource TypeLacework Resource TypeOData Type of ResponseURL Used to Fetch the ResourceResource Object Properties
organizationorganizationmicrosoft.graph.organizationGET https://graph.microsoft.com/v1.0/organizationOrganization Resource Type
userusermicrosoft.graph.userGET https://graph.microsoft.com/v1.0/users?$select=id,displayName,givenName,userPrincipalName,userType,passwordPolicies,onPremisesExtensionAttributesUser Resource Type
groupgroupmicrosoft.graph.groupGET https://graph.microsoft.com/v1.0/groupsGroup Resource Type
group_memberN/A
This is a dependant field of group.
microsoft.graph.userGET https://graph.microsoft.com/v1.0/groups/{id}/membersDirectory Object Resource Type
group_ownerN/A
This is a dependant field of group.
microsoft.graph.userGET https://graph.microsoft.com/v1.0/groups/{id}/ownersUser Resource Type
servicePrincipalservicePrincipalmicrosoft.graph.servicePrincipalGET https://graph.microsoft.com/v1.0/servicePrincipals/(ID)/appRoleAssignmentsService Principal Resource Type
appRoleAssignmentappRoleAssignmentmicrosoft.graph.appRoleAssignmentsGET https://graph.microsoft.com/v1.0/servicePrincipals/(ID)/appRoleAssignmentsApp Role Assignment Resource Type
directoryRoledirectoryRolemicrosoft.graph.directoryRoleGET https://graph.microsoft.com/v1.0/directoryRolesDirectory Role Resource Type
domaindomainmicrosoft.graph.domainGET https://graph.microsoft.com/v1.0/domainsDomain Resource Type
administrativeUnitadministrativeUnitmicrosoft.graph.administrativeUnitGET https://graph.microsoft.com/v1.0/directory/administrativeUnitsAdministrative Unit Resource Type
note

For the full list of possible resources, see Azure Resource Graph table and resource type reference and Azure Resource Containers.
To view the list of resources from the Azure portal, select Menu > All Resources.

Configure Permissions to Enable Access to Azure Resources

In order to access and manage Azure resources, you must enable certain permissions through the use of Azure built-in roles, see Azure Compliance Integration - Manually Using the Azure Portal

Resource Summary

Lacework populates this page after at least one Azure integration is configured. The date/time range filter and any optional filters at top of the page apply to all data displayed on the page. If nothing is displayed, consider increasing the date range.

To access the Resource Summary information on the Azure Resource Inventory page, navigate to Resources > Azure Inventory.

Above the right side of the table, the following icons are available.

IconLabelDescription
download_csv.pngDownload in CSV formatClick the Download in CSV format icon to get a comma-separated file of the table contents.
select_columns.pngSelect display columnsClick the Select display columns icon to hide or show the set of columns that are displayed in the table.
Refresh.pngRefresh dataClick the Refresh data icon to refresh the table data.
full_screen.pngFull screenClick the Full screen icon to show the table on the entire screen.

We describe the columns in the Resources Summary table in the following sections. Each row in the table represents a resource.

ColumnDescription
Resource NameDisplays the name of the Azure resource type. Click the name to open the resource’s configuration.
Recently Updated (24hrs)Displays whether there was an update in the last 24 hours.
OrganizationDisplays the specific organization that the resource type belongs to. Organizations contain folders, which in turn contain projects of resource types.
Folder IDDisplays the specific folder identifier that the resource type belongs to. A resource can belong to a folder. That folder can belong to another folder, which in turn can belong to yet another folder. To view the hierarchy of this multiple folder structure, click the specific Folder ID to view the folder hierarchy.
Project IDDisplays the specific project that the resource type belongs to. Projects allow you to organize and group together resource types into specific projects.
ServiceDisplays the Azure service that the resource corresponds to.
TypeDisplays the type of resource.
RegionDisplays the region where the resource is located.
StatusDisplays the status of data collection from the resource.
TagsClick {...} to open the resource’s tags.
Last Discovered TimeDisplays the last time the Lacework agent discovered the resource.

Configuration Diffs

To view a configuration diff, click a resource name under the Resource Name column. This opens a pane with configuration details. When a diff is present, it is always compared to the current configuration. If more than two configuration histories exist, click View more to display the Configuration History page.

To view a resource’s tag information, click {...} in the Tags column.

If you change an API (primary API) configuration, then it appears as a diff in the Lacework Console.

Configuration History

This page provides configuration histories for a resource. To open the Configuration History page, click View more. The link is available only if the resource has more than two configuration histories.

To compare two configurations, select their checkboxes and click the diff configurations icon.

We describe the columns in the Configuration History table in the following sections.

ColumnDescription
ConfigurationClick to view the configuration.
Start TimeDisplays when data collection started.
End TimeDisplays when data collection ended.