How can I query all my distinct EC2 instances or EKS clusters in Panther?
With Panther Cloud Security Scanning enabled,
panther_cloudsecurity.public.resource_history would be the best table to query. For example,
SELECT distinct arn FROM panther_cloudsecurity.public.resource_history WHERE resourceType = 'AWS.EC2.Instance' AND p_occurs_since('2 days')
This query would return all your distinct AWS EC2 Instances. For EKS Clusters, change the resourceType to
Note: The time limit will not exclude any older resources because all the records are synced every 24 hours.