Viewing Cloud Entity Details

  • Updated
Table of Contents:

Use these steps to view detailed information for a specific cloud entity:

  1. Navigate to Resolutions → Overview → Entities.
    The Entities page will appear.
  2. Select the cloud category or the source (e.g., AWS, Azure, GCP) to view entities belonging to that category.
  3. Click a category under the selected class to see the entities grouped there.
    The Entity Inventory page appears.
  4. Click an entity name to view detailed information related to that cloud entity.
  5. Review the information presented on the Summary tab.

Summary Tab Details

Cloud Details

  • Cloud Name: The name of the cloud source.
  • Ingested Sources: The sources from which data has been ingested into the cloud source.
  • Region: The geographic region hosting the cloud entity.
  • Availability Zone: The specific availability zone within the region.
  • Organizational Unit: The organizational group under which the cloud entity is categorized.
  • POD: The Point of Delivery where the cloud entity is hosted, representing the specific infrastructure location.
  • Environment: The operational environment of the cloud entity, such as development, testing, or production.
  • Project: The container or workspace used to manage the cloud entity.

Device Details

  • Name: The cloud entity’s assigned name.
  • CPU: Type and specifications of the device’s processor.
  • Type: The device’s category or classification (e.g., virtual machine, container).
  • Status: Current operational state (e.g., running, stopped).
  • Location: Physical or geographic location where the device is hosted.

Network Details

  • IP Address: The device’s assigned IP address.
  • MAC Name: The MAC address or identifier for the device’s network interface.
  • VPC: The Virtual Private Cloud in which the device operates.

Platform Classification Details

  • Source: The system or platform from which the cloud entity was synced.
  • Type: The classification or category of the cloud entity.
  • Created Time: Timestamp when the entity was first synced.
  • Updated Time: Timestamp when the entity’s metadata was last updated.

Widgets Overview

  • Risk Level: Shows the current risk classification (Low, Medium, High) of the host entity.
  • Entity Groups: Lists groups under which the entity is categorized.
  • Behaviors: Displays detected behavioral patterns categorized by MITRE tactics, linked to relevant signal data.

Widgets for Cloud Entities

Security Activities

  • Total Signals: Number of signals triggered from the entity. Click Signals to navigate to the Signals list page.
  • Signals to Situations: Number of signals converted into Situations. Click Situations to navigate to the Situations list page to view the details of each Situation.
  • Situations to ActOns: Number of Situations converted into ActOns. Click ActOns to navigate to the ActOns page to view its details.

Situation vs. ActOn Graph

This interactive graph shows trends over time for Situations and ActOns related to the entity. Each data point represents counts for a specific date. Clicking a point opens a side sheet with detailed signal data.

Side Sheet Details

The side sheet displays two tabs - Signals and Impacted Entities. 

Signals Tab

  • Signal ID: Unique identifier for each signal.
  • Signal Time: When the signal was generated.
  • Subject: Context of the signal.
  • Entities: Associated entities.
  • Function: Assigned team or function.
  • Priority: Severity level (High, Medium, Low).
  • Status: Current state (Open, In Progress, Resolved).
  • External Signal ID: Originating platform’s identifier.
  • Situation: Associated Situation ID.
  • Detection Rule: Rule that triggered the signal.

Options:

  • Export CSV to download signals data.
  • Search bar to filter signals quickly.

Impacted Entities Tab

  • Name: Name of impacted entity.
  • Class: User or Host classification.
  • Type: Entity type (e.g., Endpoint, Cloud Resource).
  • IP Address: IP of the entity.
  • Source: System that synced the entity.
  • Critical: Flag for criticality.
  • Updated Time: Last metadata update timestamp.

Additional Options

  • Critical / Non-Critical: Mark the criticality of the entity based on its importance to business operations.
  • Assign Functions - Select Assign Functions to assign functions to an entity. Refer to Assigning Functions to entities
  • Assign SKUs: Associate one or more SKUs with the entity. This option is visible only at the tenant level. 
  • Add Tags: Open the side sheet to assign metadata tags in key-value format. Tags synced from external applications appear by default and are labeled as external tags. Internal tags can be manually added or removed as needed. Internal and external tags are visually distinguished using different colors, making them easy to identify. To add tags, please refer to Adding tags to a group of entities.

Manual Sync and Raw Data

  • Sync Now: Manually trigger metadata sync for entities from platforms like AWS, Azure, OpsRamp, GCP, or GitHub.
    Note: Sync Now is available only at the tenant level.
  • View Raw Data: View entity data in both table and JSON formats.
  • View in Chronicle: Available for Google Chronicle entities, redirects to the Chronicle page for detailed entity and alert information.

Related articles

Comments

0 comments

Please sign in to leave a comment.