Azure Inventory
Overview
The Lacework Console provides visibility into Microsoft Azure resources that are integrated with Lacework. A resource can be any entity within the cloud deployment, such as Virtual Machines, Storage Accounts, Network Gateways, etc. The Azure Resource Inventory page allows you to view and monitor in-use Azure resources’ risk, compliance, and configuration changes and provides visibility for team members with limited or no access to the Azure portal. Because Lacework takes regular snapshots of your resources, you can track their changes (diffs) through the Lacework Console.
Azure resources are the components that enable services on Microsoft Azure. To access the Resource Inventory page, navigate to Resources > Azure Inventory.
For more information about Microsoft Azure integration with Lacework, see Azure Compliance and Audit Trail Integration - Terraform Using Azure Cloud Shell and Azure Compliance and Audit Trail Integration - Terraform From Any Supported Host.
Lacework takes a snapshot of resources on a periodic time frame. Depending on the time that Lacework takes the snapshot, changes may not be captured until up to 24 hours after the changes are made. See the following examples:
- A resource change is made on Monday at 1:00 AM and Lacework takes a snapshot on Monday at 2:00 AM, the snapshot includes the change.
- A resource change is made on Monday at 3:00 AM but Lacework took a snapshot on Monday at 2:00 AM, the snapshot does not include the change. The next snapshot on Tuesday at 2:00 AM will capture the change.
Supported Resource Types
Resource inventory supports the following resource types.
Azure Resource Graph Table | Azure Resource Type |
---|---|
Microsoft.AzureActiveDirectory | Microsoft.AzureActiveDirectory/guestUsages (Guest Usages) Microsoft.AzureActiveDirectory/b2cDirectories (B2C Tenants) |
Microsoft.Cache | Microsoft.Cache/Redis (Azure Cache for Redis) Microsoft.Cache/RedisEnterprise (Redis Enterprise) |
Microsoft.Compute | Microsoft.Compute/ProximityPlacementGroups (Proximity Placement Groups) Microsoft.Compute/sharedVmImages/versions Microsoft.Compute/capacityReservationGroups (Capacity Reservation Groups) Microsoft.Compute/diskEncryptionSets (Disk Encryption Sets) Microsoft.Compute/galleries/applications/versions (VM Application Versions) Microsoft.Compute/virtualMachineScaleSets (Virtual Machine Scale Sets) Microsoft.Compute/capacityReservationGroups/capacityReservations Microsoft.Compute/cloudServices (Cloud Services (extended support)) Microsoft.Compute/sharedVmExtensions Microsoft.Compute/sshPublicKeys (SSH keys) Microsoft.Compute/sharedVmImages Microsoft.Compute/virtualMachines/runCommands Microsoft.Compute/VirtualMachines (Virtual Machines) Microsoft.Compute/images (Images) Microsoft.Compute/galleries/applications (VM Application Definitions) Microsoft.Compute/disks (Disks) Microsoft.Compute/swiftlets Microsoft.Compute/snapshots (Snapshots) Microsoft.Compute/virtualMachines/extensions Microsoft.Compute/diskAccesses (Disk Accesses) Microsoft.Compute/galleries/images/versions (VM Image Versions) Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/publicIPAddresses Microsoft.Compute/restorePointCollections (Restore Point Collections) Microsoft.Compute/hostGroups/hosts (Hosts) Microsoft.Compute/sharedVmExtensions/versions Microsoft.Compute/capacityReservations Microsoft.Compute/availabilitySets (Availability Sets) Microsoft.Compute/hostGroups (Host Groups) Microsoft.Compute/galleries/images (VM Image Definitions) Microsoft.Compute/galleries (Azure Compute Galleries) |
Microsoft.ContainerInstance | Microsoft.ContainerInstance/containerGroups (Container Instances) |
Microsoft.ContainerRegistry | Microsoft.ContainerRegistry/registries/tasks Microsoft.ContainerRegistry/registries (Container Registries) Microsoft.ContainerRegistry/registries/buildTasks Microsoft.ContainerRegistry/registries/replications (Container Registry Replications) Microsoft.ContainerRegistry/registries/webhooks (Container Registry Webhooks) Microsoft.ContainerRegistry/registries/taskRuns Microsoft.ContainerRegistry/registries/agentPools |
Microsoft.ContainerService | Microsoft.ContainerService/openShiftManagedCluster Microsoft.ContainerService/containerServices Microsoft.ContainerService/snapshots Microsoft.ContainerService/managedClusters (Kubernetes Services) |
Microsoft.DBforMariaDB | Microsoft.DBforMariaDB/servers (Azure Database for MariaDB Servers) |
Microsoft.DBforMySQL | Microsoft.DBforMySQL/flexibleServers (Azure Database for MySQL Flexible Servers) Microsoft.DBforMySQL/servers (Azure Database for MySQL Servers) |
Microsoft.DBforPostgreSQL | Microsoft.DBforPostgreSQL/serverGroups (Azure Database for PostgreSQL Server Groups) Microsoft.DBforPostgreSQL/serverGroupsv2 (Azure Database for PostgreSQL Server Groups) Microsoft.DBforPostgreSQL/servers (Azure Database for PostgreSQL Servers) Microsoft.DBforPostgreSQL/singleServers Microsoft.DBforPostgreSQL/serversv2 (Azure Database for PostgreSQL Servers v2) Microsoft.DBforPostgreSQL/flexibleServers (Azure Database for PostgreSQL Flexible Servers) |
Microsoft.Insights | Microsoft.Insights/activityLogAlerts Microsoft.Insights/workbooks (Azure Workbooks) Microsoft.Insights/dataCollectionEndpoints (Data Collection Endpoints) Microsoft.Insights/scheduledQueryRules Microsoft.Insights/workbooktemplates (Azure Workbook Templates) Microsoft.Insights/actionGroups Microsoft.Insights/notificationGroups Microsoft.Insights/alertRules Microsoft.Insights/components (Application Insights) Microsoft.Insights/metricAlerts Microsoft.Insights/dataCollectionRules (Data Collection Rules) Microsoft.Insights/notificationRules Microsoft.Insights/autoscaleSettings Microsoft.Insights/privateLinkScopes (Azure Monitor Private Link Scopes) Microsoft.Insights/guestDiagnosticSettings Microsoft.Insights/queryPacks Microsoft.Insights/webtests (Availability Tests) |
Microsoft.KeyVault | Microsoft.KeyVault/HSMpools Microsoft.KeyVault/managedHSMs Microsoft.KeyVault/vaults (Key Vaults) Microsoft.Network privateDnsZones/virtualNetworkLinks Microsoft.Network/NetworkSecurityGroups (Network Security Groups) Microsoft.Network/virtualWans (Virtual WANs) Microsoft.Network/applicationSecurityGroups (Application Security Groups) Microsoft.Network/bastionHosts (Bastions) Microsoft.Network/trafficManagerProfiles Microsoft.Network/virtualRouters Microsoft.Network/customIpPrefixes (Custom IP Prefixes) Microsoft.Network/virtualHubs Microsoft.Network/routeFilters (Route Filters) Microsoft.Network/loadBalancers (Load Balancers) Microsoft.Network/vpnServerConfigurations Microsoft.Network/publicIpPrefixes (Public IP Prefixes) Microsoft.Network/dnsForwardingRulesets (Dns Forwarding Rulesets) Microsoft.Network/networkSecurityPerimeters Microsoft.Network/applicationGateways (Application Gateways) Microsoft.Network/networkProfiles Microsoft.Network/routeTables (Route Tables) Microsoft.Network/vpnGateways Microsoft.Network/securityPartnerProviders Microsoft.Network/dnsResolvers (DNS Private Resolvers) Microsoft.Network/networkWatchers/pingMeshes Microsoft.Network/privateDnsZones (Private DNS zones) Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies (Application Gateway WAF Policies) Microsoft.Network/networkManagers (Network Managers) Microsoft.Network/vpnSites Microsoft.Network/IpAllocations Microsoft.Network/azureFirewalls (Firewalls) Microsoft.Network/networkWatchers/lenses Microsoft.Network/NetworkExperimentProfiles (Internet Analyzer Profiles) Microsoft.Network/expressRoutePorts (ExpressRoute Direct) Microsoft.Network/firewallPolicies (Firewall Policies) Microsoft.Network/networkWatchers/connectionMonitors Microsoft.Network/firewallPolicies/ruleGroups Microsoft.Network/p2sVpnGateways Microsoft.Network/dnsZones (DNS zones) Microsoft.NetworkFunction/azureTrafficCollectors Microsoft.Network/networkWatchers/flowLogs (NSG Flow Logs) Microsoft.Network/serviceEndpointPolicies (Service Endpoint Policies) Microsoft.Network/masterCustomIpPrefixes Microsoft.Network/dscpConfigurations Microsoft.Network/frontDoors (Front Doors) Microsoft.Network/FrontDoorWebApplicationFirewallPolicies (Web Application Firewall Policies (WAF)) Microsoft.Network/networkIntentPolicies Microsoft.Network/virtualNetworkTaps Microsoft.Network/virtualHubs/bgpConnections Microsoft.Network/expressRouteGateways Microsoft.Network/ddosProtectionPlans (DDoS Protection Plans) Microsoft.Network/virtualNetworks (Virtual Networks) Microsoft.Network/connections (Connections) Microsoft.Network/privateEndpointRedirectMaps Microsoft.Network/networkVirtualAppliances Microsoft.Network/privateEndpoints (Private Endpoints) Microsoft.Network/virtualNetworkGateways (Virtual Network Gateways) Microsoft.Network/ipGroups (IP Groups) Microsoft.Network/dnsResolvers/outboundEndpoints Microsoft.Network/networkInterfaces (Network Interfaces) Microsoft.Network/ddosCustomPolicies Microsoft.Network/networkWatchers (Network Watchers) Microsoft.Network/expressRouteCircuits (ExpressRoute Circuits) Microsoft.Network/virtualHubs/ipConfigurations Microsoft.Network/natGateways (NAT Gateways) Microsoft.Network/privateLinkServices (Private Link Services) Microsoft.Network/dnsResolvers/inboundEndpoints Microsoft.Network/localNetworkGateways (Local Network Gateways) Microsoft.Network/PublicIpAddresses (Public IP Addresses) Microsoft.Network/expressRouteCrossConnections Microsoft.Network/sampleResources |
Microsoft.Kubernetes | Microsoft.Kubernetes/connectedClusters (Kubernetes - Azure Arc) |
Microsoft.RecoveryServices | Microsoft.RecoveryServices/vaults/backupStorageConfig Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers Microsoft.RecoveryServices/vaults/replicationFabrics Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders Microsoft.RecoveryServices/vaults (Recovery Services Vaults) |
Microsoft.Security | Microsoft.Security/assignments Microsoft.Security/iotSecuritySolutions Microsoft.Security/customEntityStoreAssignments Microsoft.SecurityDetonation/chambers (Security Detonation Chambers) Microsoft.Security/securityConnectors Microsoft.SecurityDevops/githubConnectors Microsoft.Security/automations Microsoft.Security/dataScanners Microsoft.Security/standards |
Microsoft.Sql | Microsoft.Sql/servers (SQL Servers) Microsoft.SqlVirtualMachine/SqlVirtualMachines (SQL Virtual Machines) Microsoft.Sql/servers/databases (SQL Databases) Microsoft.Sql/servers/elasticPools (SQL Elastic Pools) Microsoft.Sql/managedInstances/databases (Managed Databases) Microsoft.SqlVirtualMachine/sqlVirtualMachineGroups Microsoft.Sql/managedInstances (SQL Managed Instances) Microsoft.Sql/instancePools (Instance Pools) Microsoft.Sql/servers/jobAccounts Microsoft.Sql/virtualClusters (Virtual Clusters) Microsoft.Sql/servers/jobAgents (Elastic Job Agents) |
Microsoft.SqlVM | Microsoft.Sqlvm/dwvm |
Microsoft.Storage | Microsoft.StorageCache/amlFilesystems (Lustre File Systems) Microsoft.StorageCache/caches (HPC Caches) Microsoft.StorageSync/storageSyncServices (Storage Sync Services) Microsoft.Storage/dataMovers Microsoft.Storage/StorageAccounts (Storage Accounts) Microsoft.StorageSyncDev/storageSyncServices (Storage Sync Services) Microsoft.StoragePool/diskPools (Disk Pools) Microsoft.StorageSyncInt/storageSyncServices (Storage Sync Services) |
Microsoft.Synapse | Microsoft.Synapse/workspaces/kustoPools (Data Explorer Pools (preview)) Microsoft.Synapse/workspaces/eventStreams Microsoft.Synapse/workspaces/bigDataPools (Apache Spark Pools) Microsoft.Synapse/privateLinkHubs (Azure Synapse Analytics (private link hubs)) Microsoft.Synapse/workspaces/sqlDatabases Microsoft.Synapse/workspaces (Azure Synapse Analytics) Microsoft.Synapse/workspaces/sqlPools (Dedicated SQL Pools) |
Microsoft.Web | Microsoft.Web/apiManagementAccounts Microsoft.Web/containerApps (Container Apps) Microsoft.Web/sites/premierAddons Microsoft.Web/sites (App Services) Microsoft.Web/apiManagementAccounts/apis Microsoft.Web/connections (API Connections) Microsoft.Web/sites/slots (App Service (Slots)) Microsoft.Web/connectionGateways (On-premises Data Gateways) Microsoft.Web/StaticSites (Static Web Apps) Microsoft.Web/KubeEnvironments (App Service Kubernetes Environments) Microsoft.Web/customApis (Logic Apps Custom Connector) Microsoft.Web/HostingEnvironments (App Service Environments) Microsoft.Web/serverFarms (App Service Plans) Microsoft.Web/workerApps Microsoft.Web/certificates |
In addition to the above resource types, Lacework resource inventory also ingests the following Active Directory resource types.
Lacework Resource Type | Lacework Resource Type | OData Type of Response | URL Used to Fetch the Resource | Resource Object Properties |
---|---|---|---|---|
organization | organization | microsoft.graph.organization | GET https://graph.microsoft.com/v1.0/organization | Organization Resource Type |
user | user | microsoft.graph.user | GET https://graph.microsoft.com/v1.0/users?$select=id,displayName,givenName,userPrincipalName,userType,passwordPolicies,onPremisesExtensionAttributes | User Resource Type |
group | group | microsoft.graph.group | GET https://graph.microsoft.com/v1.0/groups | Group Resource Type |
group_member | N/A This is a dependant field of group. | microsoft.graph.user | GET https://graph.microsoft.com/v1.0/groups/{id}/members | Directory Object Resource Type |
group_owner | N/A This is a dependant field of group. | microsoft.graph.user | GET https://graph.microsoft.com/v1.0/groups/{id}/owners | User Resource Type |
servicePrincipal | servicePrincipal | microsoft.graph.servicePrincipal | GET https://graph.microsoft.com/v1.0/servicePrincipals/(ID)/appRoleAssignments | Service Principal Resource Type |
appRoleAssignment | appRoleAssignment | microsoft.graph.appRoleAssignments | GET https://graph.microsoft.com/v1.0/servicePrincipals/(ID)/appRoleAssignments | App Role Assignment Resource Type |
directoryRole | directoryRole | microsoft.graph.directoryRole | GET https://graph.microsoft.com/v1.0/directoryRoles | Directory Role Resource Type |
domain | domain | microsoft.graph.domain | GET https://graph.microsoft.com/v1.0/domains | Domain Resource Type |
administrativeUnit | administrativeUnit | microsoft.graph.administrativeUnit | GET https://graph.microsoft.com/v1.0/directory/administrativeUnits | Administrative Unit Resource Type |
note
For the full list of possible resources, see Azure Resource Graph table and resource type reference and Azure Resource Containers.
To view the list of resources from the Azure portal, select Menu > All Resources.
Configure Permissions to Enable Access to Azure Resources
In order to access and manage Azure resources, you must enable certain permissions through the use of Azure built-in roles, see Azure Compliance Integration - Manually Using the Azure Portal
Resource Summary
Lacework populates this page after at least one Azure integration is configured. The date/time range filter and any optional filters at top of the page apply to all data displayed on the page. If nothing is displayed, consider increasing the date range.
To access the Resource Summary information on the Azure Resource Inventory page, navigate to Resources > Azure Inventory.
Above the right side of the table, the following icons are available.
Icon | Label | Description |
---|---|---|
Download in CSV format | Click the Download in CSV format icon to get a comma-separated file of the table contents. | |
Select display columns | Click the Select display columns icon to hide or show the set of columns that are displayed in the table. | |
Refresh data | Click the Refresh data icon to refresh the table data. | |
Full screen | Click the Full screen icon to show the table on the entire screen. |
We describe the columns in the Resources Summary table in the following sections. Each row in the table represents a resource.
Column | Description |
---|---|
Resource Name | Displays the name of the Azure resource type. Click the name to open the resource’s configuration. |
Recently Updated (24hrs) | Displays whether there was an update in the last 24 hours. |
Organization | Displays the specific organization that the resource type belongs to. Organizations contain folders, which in turn contain projects of resource types. |
Folder ID | Displays the specific folder identifier that the resource type belongs to. A resource can belong to a folder. That folder can belong to another folder, which in turn can belong to yet another folder. To view the hierarchy of this multiple folder structure, click the specific Folder ID to view the folder hierarchy. |
Project ID | Displays the specific project that the resource type belongs to. Projects allow you to organize and group together resource types into specific projects. |
Service | Displays the Azure service that the resource corresponds to. |
Type | Displays the type of resource. |
Region | Displays the region where the resource is located. |
Status | Displays the status of data collection from the resource. |
Tags | Click {...} to open the resource’s tags. |
Last Discovered Time | Displays the last time the Lacework agent discovered the resource. |
Configuration Diffs
To view a configuration diff, click a resource name under the Resource Name column. This opens a pane with configuration details. When a diff is present, it is always compared to the current configuration. If more than two configuration histories exist, click View more to display the Configuration History page.
To view a resource’s tag information, click {...} in the Tags column.
If you change an API (primary API) configuration, then it appears as a diff in the Lacework Console.
Configuration History
This page provides configuration histories for a resource. To open the Configuration History page, click View more. The link is available only if the resource has more than two configuration histories.
To compare two configurations, select their checkboxes and click the diff configurations icon.
We describe the columns in the Configuration History table in the following sections.
Column | Description |
---|---|
Configuration | Click to view the configuration. |
Start Time | Displays when data collection started. |
End Time | Displays when data collection ended. |