Asset Graph

Overview

The Asset Graph gives you a graphical representation of an asset's connectivity, showing its associated entities and the connections between them. The arrows indicate that traffic is permitted, as defined by the security and network definitions such as VPC security objects and routing tables. To make viewing easier, icons can be moved around using the mouse.

Icons are displayed in red when there is a violation. A public cloud violation in SecureCloud is a case where access is allowed while going against best practices or policy. Examples include assets without tags, risky ports, and access allowed by both security controls and network connectivity without an appropriate SecureCloud policy rule.

See also Asset Details.

What Can I See Here?

This map shows the asset and its connectivity.

Entity on the Graph

Description

The Internet.

One or more external IPs that can be accessed through a VPN or direct connection

A group in the asset hierarchy (for example Account, Subnet, Virtual Network) that can be expanded further into other groups or assets

VM (virtual machine)

Storage

Load balancer. In SecureCloud this represents one or more assets to which it routes traffic.

Cluster

Database

The connection. Single or dual directional (see View Entity Details - Connections). The arrow color indicates whether this connection is permitted (black) or whether it violates the cloud policy (red).

The icon colors reflect its condition:

  • Black: No violations found

  • Red: Violations found

  • Blue: Filtering applied

Examples:

  • : No violations found and no filtering applied

  • : Violations found and no filtering applied

  • : No violations found and filtering applied

  • : Violations found and filtering applied

Mini Map

A small map of the entire graph appears in the lower right corner of the screen, with the contents of the main screen appearing in a frame. When the main screen is not showing all the items in the graph, you can drag the frame within the mini map to shift the point of focus in the main screen.

What Can I Do Here?

  • Filter graph entities

  • Highlight connections

  • View entity details

  • Change the asset hierarchy

  • Show a higher level in the asset hierarchy - click

  • Reposition icons: Drag any icon on the screen.

  • Zoom using the mouse wheel or Ctrl/Command with the keyboard +/- keys - reset zoom by clicking .

  • Traverse the graph: When the main screen isn't showing all the items in the Cloud Graph, grab the frame with the mouse and drag it to shift the point of focus.

Filter Graph Entities

You can add filters, to help you focus on certain asset properties and remove unconnected items from the graph. The filtered graph includes the filtered assets, their hierarchies, and all their connections.

Highlight Connections

Hover over an entity. All non-connected entities and connections appear grayed-out.

  • Click the entity to keep the highlighting when the mouse pointer is moved away.

  • Select multiple entities by holding down the Shift or Ctrl key on the keyboard when selecting the entity.

View Entity Details

Click an entity to highlight it and display the info panel. All non-connected entities and connections will be grayed-out until a new selection is made or the graph is redisplayed. The information will vary depending on the entity selected.

Select multiple entities by holding down the Shift or Ctrl key on the keyboard when selecting the entity. The information panel displays information relating to one entity only.

Click to filter on the current selected entities on the graph.

Groups

For groups, the panel includes information such as violations, cloud accounts, internet access, group members, and a list of all the tags defined for its associated assets.

Click to display all assets contained in the group, in a separate panel.

Assets

For assets, the panel includes information such as violations, policies, cloud accounts, subnet, vendor, and asset tags.

Click to open the asset overview in a separate tab.

Note that the overview icon appears for accounts, regardless where the account appears in the hierarchy. When you click this icon for an account, a new browser tab opens showing all of its assets.

Connections

Connections can be one-way or bi-directional. Click any connection to see the info panel.

This panel includes the following information:

  • Violation details for the destinations

  • Connection details:

    • Source, Destination, and Service
    • Last Usage: Last time that traffic passed through the connection.

    • Traffic Service: If traffic was detected, lists the services for the traffic.

    • Policy Coverage: Indicates if the connection between two entities is covered by a policy. Values include Covered, Not Covered, and N/A (for outbound connections to the Internet or External IPs). If the connection is to a group, the connection will only be considered Covered if all connections to the group are covered as well.

Connections to external IPs show the source and destination for the relevant IPs.

Click to show the covering policies and rules in a separate tab.

Change Asset Hierarchy

Assets appear in the cloud graph and asset graph as a hierarchy of groups. The default hierarchy is account > virtual network > subnet > assets. You can change this hierarchy at any time in asset grouping, cloud graph, or asset graph and immediately see the change reflected everywhere. This is a global setting that affects all users.

Options for hierarchy levels include:

  • Account
  • Vendor
  • Virtual Network (includes Azure, GCP, and AWS)
  • Subnet
  • Region
  • Tags: Select one or more tag keys from the list. SecureCloud applies a logical AND between the tags.

Each group can be used no more than once in the hierarchy, except for tags.

  1. In the Group by definition, click .

  2. Modify as required:

    • To change the group at any level, click the desired level and select an option from the list.

    • To remove a level, click the X on the appropriate level.

    • To add a new lowest level, click Add a level and select the appropriate group.

  3. Click Save.

    SecureCloud displays the graph from the first level. The Group by field reflects the changes.

How Do I Get Here?

  • Select an asset from anywhere in SecureCloud, then click on Asset Graph from the asset menu