How do I list all my connected cloud resources in Panther?

Last updated
Save as PDF

QUESTION

What is the best way to get a list of all Cloud Resources in Panther and their associated tags?

ANSWER

There is not currently an API call that will list all Cloud Resources accessible by Panther, but this Data Explorer query should about do the trick!

with deletedResources as (
  SELECT
    resourceId, tags
  FROM
    panther_cloudsecurity.public.resource_history
  WHERE
    integrationLabel = 'your-cloud-account-name' and
    integrationLabel = p_source_label and
    changeType = 'DELETED'
  ),
allResources as (
  SELECT
    resourceId, tags
  FROM
    panther_cloudsecurity.public.resource_history
  WHERE
    integrationLabel = 'your-cloud-account-name' and
    integrationLabel = p_source_label
  )
SELECT
  distinct allResources.resourceId, allResources.tags
FROM
  allResources LEFT OUTER JOIN deletedResources ON allResources.resourceId = deletedResources.resourceId
WHERE
  deletedResources.resourceId IS null
ORDER BY allResources.resourceId DESC

This query pulls all resources that have shown up in the resource_history table, as well as all resources that have shown up with the change type as deleted. With those two lists, we remove any resources from the complete list that got marked as deleted (and existing in the other list) using the outer join.