Cloud Device Details
Search > Device Details > Cloud provides five tabs of cloud data, samples of which are below.
Inspector Tab
The source of Asset Manager Inspector tab data is Amazon Inspector, which is an automated security assessment service on AWS that helps you test the network accessibility of Amazon EC2 instances and the security state of your applications running on the instances. Amazon AWS Inspector analyzes your network configurations in AWS for reachability, a security service that assesses instances for security exposures and vulnerabilities. In-depth information about AWS Inspector is available at https://aws.amazon.com/inspector/faqs/. The inspector tab presents identifiers associated with one AWS instance.
| Data Type | Description | Example |
|---|---|---|
| Provider | Name of the cloud provider | aws |
| Account ID | Account number the cloud provider assigned to your company's account | 040758885882 |
| Instance ID | Cloud provider's instance identifier | i-010c0019a16e292b8 |
| Public IP Address | IPv4 address of the instance | 172.18.10.124 |
|
Public MAC Address |
MAC address of the instance | 0e:28:30:20:73:c8 |
| Name | Name of the cloud account such as sa-account | sa-account |
| AWS Target | Identifies AWS assessment targets (collection of AWS resources) for which you want to evaluates the security state |
|
| Agent Health | Indicates the health of the AWS security assessment service running on the AWS agent |
|
| Last Scan | Time of the last health check |
|
| High | AWS indicator of a high-severity failure (i.e., one failed CIS benchmark rule) | 0 |
| Medium | AWS indicator of a medium-severity failure | 0 |
| Low | AWS indicator of a medium-severity failure | 4 |
| Info | AWS indicator of a low-severity failure | 26 |
Inventory Tab
One record displays. It represents the one virtual machine instance in AWS cloud.
| Data Type | Description | Example |
|---|---|---|
| Provider | Name of the cloud provider | aws |
| Account ID | Account number the cloud provider assigned to your company's account | 040758885882 |
| Instance ID | Cloud provider's instance identifier | i-010c0019a16e292b8 |
| Public IP Address | IPv4 address of the instance | 172.18.10.124 |
|
Public MAC Address |
MAC address of the instance | 0e:28:30:20:73:c8 |
| Name | Name of the cloud account such as sa-account | sa-account |
| Provider | Name of the cloud provider |
|
| Account ID | Account number cloud provider assigned to your company's account |
|
| Instance ID | Unique identifier of an instance |
|
| Public IP Address | IPv4 address of instance |
|
|
Public MAC Address |
MAC address of instance |
|
| Name | Name of the AWS cloud account such as sa-account |
|
| Region | Geographic area in which the instance is running |
|
| VPC ID | Amazon Virtual Private Cloud identifier |
|
| Risks | List of security risks for instance |
|
| Security Group Risk | Number of Security Group Violations |
|
| Subnet Route Risk | Number of subnet route risks. The cell will be empty when there aren't any subnet route risks |
|
Security Tab
Each record describes one security group violation. The risks column identifies why the security configuration has been flagged by Cloud Scout as a violation.
| Data Type | Description |
|---|---|
| Security Group ID | Unique security group identifier generated by Amazon to identify a security group. |
| Description | User-populated field in AWS |
| Risks | Description of a violation |
| VPC ID |
Unique identifier generated by Amazon to identify an Amazon Virtual Private Cloud |
| IPv4 Range | The range of IPv4 address to which a rule applies |
| IPv6 Range | The range of IPv6 address to which a rule applies |
| Direction |
Indicates whether the violation occurs going outbound or inbound |
| Src Port | Origination port from which traffic to instance is allowed |
| Dest Port | Destination port to which traffic from instance is allowed |
| Protocol | The network protocol over which the traffic is allowed |
Interface Tab
| Data Type | Description |
|---|---|
| Public IP | IPv4 or IPv6 address of interface |
| Index | Ordinal number from AWS that identifies the interface |
| Description | Optional field. Populates with the description user provided in AWS |
|
MAC Address |
MAC address of interface |
| Network Interface ID | Unique identifier generated by AWS |
| Interface Status | Current status of the network interface |
| Subnet ID | Unique identifier of the subnet as identified by AWS |
| VPC ID | Identifies for the Virtual Private Cloud to which the interface belongs. |
| Private IP Address | IP address for the network interface |
| Attach Status | Indicator as to whether the interface is attached or not attached. Interface will only show "attached." (Asset Manager doesn't show "unattached" interfaces. ) |
Audit Logs
Shows the last 30 days or last 100 event notification records, whichever is smaller. To see more records, you can click Export to export the last 90 days or 10,000 records in JSON format. When you export to JSON, addition details are provided.
| Data Type | Description | Example |
|---|---|---|
| Event Time | Time the event was recorded in Coordinated Universal Time (UTC) format | 2019-11-08T09:57:24Z |
| Username | Identifier of the person who performed the activity that triggered an event notification | AttachNetworkInterface
ModifyInstanceAttribute RebootInstances |
| Region | Geographic area in which the instance is running |
us-east-1 |
| Event Name | Event name comes from AWS | DetatchNetworkInterface |
| Event Source | From web interface rather than CLI | ec2.amazonaws.com |
| Source IP Address | From web interface rather than CLI | 152.193.0.98 |