Inventory

Through permissions granted to the IAM role (AWS and OCI), AD app registration (Azure) or the service account (GCP), Multicloud Defense continuously maintains an "evergreen" inventory model of the cloud resources as well as real-time discovery that exists in your cloud service provider accounts, subscriptions and projects that are relevant to apply advanced network security. Once discovered, the resources are available in workflows that enable administrators to quickly deploy security rules to mitigate risks of exposed applications. Any activity is immediately reported through the Multicloud Defense Controller.

When inventory is enabled, Multicloud Defense Controller will perform a full inventory discovery periodically. The default is 60 minutes, but is tunable). Real-time inventory discovery is enabled on regions where the CloudFormation template was deployed.

Part of the discovery process highlights the logs of each cloud service provide. Note the following types of logs per service provider:

• AWS - VPC flow logs, Mount53 flow logs, and DNS logs.

• Azure - NSG flow logs.

• GCP - VPC flow logs.

Note that Multicloud Defense does note provide the same level of support for all cloud service providers.