What is the best way to get a list of all Cloud Resources in Panther and their associated tags?
There is not currently an API call that will list all Cloud Resources accessible by Panther, but this Data Explorer query should about do the trick!
with deletedResources as (
SELECT
resourceId, tags
FROM
panther_cloudsecurity.public.resource_history
WHERE
integrationLabel = 'your-cloud-account-name' and
integrationLabel = p_source_label and
changeType = 'DELETED'
),
allResources as (
SELECT
resourceId, tags
FROM
panther_cloudsecurity.public.resource_history
WHERE
integrationLabel = 'your-cloud-account-name' and
integrationLabel = p_source_label
)
SELECT
distinct allResources.resourceId, allResources.tags
FROM
allResources LEFT OUTER JOIN deletedResources ON allResources.resourceId = deletedResources.resourceId
WHERE
deletedResources.resourceId IS null
ORDER BY allResources.resourceId DESC
This query pulls all resources that have shown up in the resource_history
table, as well as all resources that have shown up with the change type as deleted. With those two lists, we remove any resources from the complete list that got marked as deleted (and existing in the other list) using the outer join
.