How do I list all my connected cloud resources in Panther?

Last updated
Save as PDF

QUESTION

What is the best way to get a list of all Cloud Resources in Panther and their associated tags?

ANSWER

There is not currently an API call that will list all Cloud Resources accessible by Panther, but this Data Explorer query should about do the trick!

with deletedResources as (SELECT resourceId, tags FROM panther_cloudsecurity.public.resource_history WHERE integrationLabel = 'your-cloud-account-name' and changeType = 'DELETED'),
allResources as (SELECT resourceId, tags FROM panther_cloudsecurity.public.resource_history WHERE integrationLabel = 'your-cloud-account-name')
SELECT distinct allResources.resourceId, allResources.tags
FROM allResources LEFT OUTER JOIN deletedResources ON allResources.resourceId = deletedResources.resourceId
WHERE deletedResources.resourceId IS null
ORDER BY allResources.resourceId desc

This query pulls all resources that have shown up in the resource_history table, as well as all resources that have shown up with the change type as deleted. With those two lists, we remove any resources from the complete list that got marked as deleted (and existing in the other list) using the outer join.