Asset Details

This page contains all the details of a specific asset in your onboarded environment. Use tabs on the left to navigate between different types of information about the asset. The number and type of the asset tabs can differ based on the asset type.

Symbols

Based on the asset type, permissions, and connected services, asset details can have these symbols:

Icon	Meaning	Explanation
	Risk score	Read more in Risk Calculation
	IAM Identity and Access Management (IAM) - A web service that customers can use to manage users and user permissions within their organizations. sensitivity	Read more in IAM Exposure
	Business priority	Read more in Business Priority
	External exposure	Read more in Network Exposure and IAM Exposure

Overview

The overview page displays important high-level information on the asset.

Risk Management

For assets supported in Risk Management, the Risk Management section shows the data considered for the calculation of the asset risk score, as well as the Context Graph and top remediation actions to mitigate the asset's risk.

Context Graph

The Context Graph is a graphical representation of the asset exposure to the Internet and to other assets in the network. It is applicable to AWS Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. EC2 Amazon EC2 - A web service for launching and managing Linux/UNIX and Windows Server instances in Amazon data centers. instances, Lambda functions, RDS Relational Database Service (RDS) - A web service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks., ECS Amazon Elastic Container Service (ECS) - a fully managed container orchestration service that helps you deploy, manage, and scale Docker containers running applications, services, and batch processes. service, and Azure Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. Virtual Machines.

The Context Graph presents the configuration blocks that determine if the asset is exposed to the Internet or not (see Network Exposure).

When you put the cursor on a graph node, its tooltip shows important high-level information about the asset.

The Context Graph presents the potential impact that the asset exploit can have on the cloud environment, from a network and IAM perspective. The IAM impact is determined by CIEM, which analyzes the permissions granted to the asset. The network impact is based on an analysis of security groups.

The node color on the graph aligns with the risk level. Assets in blue are not supported in Risk Management and therefore do not have a risk score.

The assets with the highest business priority (Business Priority), Crown Jewels, have a little crown symbol.

Open Ports

For AWS EC2 instances, the Context Graph shows the open ports of the security group connected to the instance and their categories, such as Web Server, Database, or Checkpoint Service.

For the port details, put the cursor on the port number to see its tooltip.

Top 5 Remediations

This section shows the top 5 actions that you need to do to reduce the risk score of the asset. Click one of them to open a relevant tab with more details.

Events

This widget shows the number of critical and high-severity security events and posture findings the asset has.

Images

Policy status - Shows if the image meets your organization standards (compliant / non-compliant)
Risk score - Calculated risk score of the image
Vulnerability by severity - Statistics for severity level of Image Assurance findings
Vulnerability by category - Statistics for categories of Image Assurance findings
Workloads - The list of workloads that use this image
- Kubernetes Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts. image shows workloads in the environment that uses it
- Container Registry A collection of repositories used to store and access container images. image shows workloads from all Kubernetes environments
Scan status - Shows the results of scanning the image by CloudGuard agents. For more information, see Image Scan Status.

SBOM

Software Bill of Materials (SBOM) is a list of all licenses that govern the components, the versions of the components used in the code, and their patch status. This list helps you quickly identify any security or license risk.

Supported Assets

CloudGuard shows SBOM for:

Virtual Machines
EC2 instances
Container A lightweight and portable executable image that contains software and all of its dependencies. Containers decouple applications from underlying host infrastructure to make deployment easier in different cloud or OS environments, and for easier scaling. images
Function apps

Note - SBOM is available only for assets scanned with Agentless Workload Posture and Scan Engine V2.

SBOM Export

On the asset page, go to the SBOM tab to see information about all the packages in the applicable asset.

To see the information in a file, click the SBOM Export button and select the export format. It can take some time for CloudGuard to generate the requested file.