Updated on January 10, 2024

View Security Posture Inventory

View Security Posture Inventory

SaaS Security Posture Management continuously audits cloud service and app resources to identify compliance rule violations. The Inventory page displays a consolidated view of various cloud resources. To view the Inventory page, navigate to API-enabled Protection > Security Posture SaaS > Inventory in the Netskope UI.

Next-Gen-SPM_Inventory_page.png

You can refresh the page and the Result As Of label shows the date and local time.

You can toggle between Resource Types, Instances, and Resources to view the audit results.

Click the Resource Types tab to view the various cloud resources sorted by resource type. Under the Resource Types tab, the table displays the following information:

Note

You can sort the table based on a particular field. The default field is set to Resource Type.

  • Resource Type: The cloud resource type.
  • App: Name of the application of the SaaS app.
  • App Suite: Name of the SaaS app.
  • App Category: The category the cloud application belongs to. This could be collaboration, CRM, email, security, etc.
  • Total Checks: Total number of checked resources.
  • Pass: Total number of passed resources.
  • Fail-Muted: Total number of failed resources that are muted.
  • # Rules Violated: Total number of failed resources.
  • Critical: Total number of resources failed for a rule with critical severity.
  • High: Total number of high severity failed resources.
  • Medium: Total number of medium severity failed resources.
  • Low: Total number of low severity failed resources.
  • Unknown: Total number of unknown resources.
  • # Resources: Total number of cloud resources.

Note

You can click on a number to view relevant and additional information.

Click the Instances tab to view the various cloud resources sorted by the cloud app instance. You can view a list of cloud app instances under Settings > Configure App Access > Classic > SaaS. Under the Instances tab, the table displays the following information:

Note

You can sort the table based on a particular field. The default field is set to Instance Name.

  • Instance Name: Name of the cloud app instance that is used to connect the cloud app with Netskope.
  • App Suite: Name of the SaaS app.
  • Total Checks: Total number of checked resources.
  • Pass: Total number of passed resources.
  • Fail-Muted: Total number of failed resources that are muted.
  • # Rules Violated: Total number of failed resources.
  • Critical: Total number of resources failed for a rule with critical severity.
  • High: Total number of high severity failed resources.
  • Medium: Total number of medium severity failed resources.
  • Low: Total number of low severity failed resources.
  • Unknown: Total number of unknown resources.

Note

You can click on a number to view relevant and additional information.

Click the Resources tab to view the various cloud resources. Under the Resources tab, the table displays the following information:

Note

You can sort the table based on a particular field. The default field is set to Resource Name.

  • Resource Name: The name of the cloud resource. You can click a resource name to get additional information like resource type, cloud provider, instance name, region, compliance data, and metadata.
  • Resource Type: The cloud resource type.
  • App Suite: Name of the SaaS app.
  • App: Name of the application of the SaaS app.
  • Instance Name: Name of the cloud app instance that is used to connect the cloud app with Netskope.
  • App Category: The category the cloud application belongs to. This could be collaboration, CRM, email, security, etc.
  • Region Name: The location name of the cloud resource.
  • Region ID: The location ID of the cloud resource.
  • Netskope Instance Name: Name of the cloud account instance that is used to connect the cloud app with Netskope.
  • Parent Resource Type: This indicates the type of resource under which the specified resource is created. For example, DeviceCompliancePolicy is created under DeviceManagement, hence DeviceManagement is the parent resource-type of DeviceCompliancePolicy.
  • Resource ID: Unique ID associated with the resource.

Click one of the resource names, the Resource Details panel opens, and it displays the following information:

  • Type: The SaaS resource type.
  • Cloud Provider: Name of the SaaS provider.
  • Instance Name: Name of the cloud app instance that is used to connect the cloud app with Netskope.
  • Instance ID: ID of the cloud app instance that is used to connect the cloud app with Netskope.
  • Region: The location name of the cloud resource.
  • RISK AND PERMISSIONS: This shows the Risk Level of only third party connected app resources and list and number of permissions granted by the resource. Learn more about the 3rd-party Connected Apps Risk Levels.
  • FINDINGS: List of rules that failed on the particular resource with the severity.
  • METADATA: This displays the metadata for the resource and related resources that caused the rule violation on the resource.

Filters

By default, the Resource Types, Instances, and Resources tabs display the latest audit results. You can choose to view the results for a specific date.

To filter your view by a specific date, 

  1. Click the Time drop-down to select Latest Result or As of Date to select a specific date.
  2. Specify the date and time in the date picker. Click Apply.

You can filter the result displayed on the page by selecting App Suite, App Name, Instance Name, and Resource Type. To further narrow the result on the page, click Add Filter and select an option from the list.

You can choose to filter based on the following options:

  • App Category: Select the category the cloud application belongs to. This could collaboration, CRM, email, security, etc.
  • The following filter values are redundant for SaaS applications. The values are same as the account ID of the SaaS application.
    • Instance Group
    • Instance Subgroup
    • Instance ID
  • Resource Name: Select Resource Name and enter a resource name in the search field. 
  • Resource ID: Select the resource ID of the cloud app. You can get the resource ID from the Findings > Raw Findings tab, then look for Resource Name & ID field.

You can save the created filter using the save button to the right of the filter attributes, give a filter name and save the filter. You can see the saved filters in the Filters dropdown > Created By Me tab and use these already saved filters later. You can also see the shared filters in the Shared With Me tab which are shared with you.

Go to the Filters dropdown > Manage Filters to rename, delete and share the filters you created  within the tenant.

Filter by Netskope Governance Language

You can filter the result of your inventory by using Netskope Governance Language (NGL). Navigate to API-enabled Protection > Security Posture SaaS > Inventory, click the Resources tab. Beside + ADD FILTER, click the Switch to NGL icon. On the search edit box, enter your NGL query and click Search. For more information on NGL, see Custom Rules Using Netskope Governance Language.

You can save the created NGL filter query using the Save Filter button, give a filter name and save the filter. You can see the saved filters in the Filters dropdown > Created By Me tab and use these already saved filters later. You can also see the shared filters in the Shared With Me tab which are shared with you.

Note

Filters by NGL are available under the Resources tab only.

Share this Doc

View Security Posture Inventory

Or copy link

In this topic ...