Cloud Scan is the operation that is responsible for discovering the data stores, assets, resources, and their associated configurations in each onboarded account.
You can think of Cloud Scan as the task that collects all the inventory details from each account.
Cloud Scan is triggered after onboarding a cloud account. For already onboarded accounts, this scan is run on an incremental basis every 15 mins (if enabled during account onboarding) or can be run manually. Manually triggering the scan always initiates a Full Scan.
Cloud Scan collects the details of all the assets that are currently available on the account, including data stores (structured and unstructured), KeyPairs, KMS, EC2 instances, VPC, Subnets, etc.
Along with collecting the details for each of these assets, the appropriate object-tags are assigned to each of asset: S3Bucket, EC2KeyPairs, RDSInstance, AWSSubnet, etc.
Once the tagging is completed, the entire inventory list is then displayed in DSPM.
Cloud Scans are done in one of two modes:
- Full Cloud Scan: The scan considers all the resources and assets on the cloud account and captures the details, regardless of whether there are any changes on the entities. This scan mode is enabled for account onboarding, since DSPM does not yet have any information about the assets in the account.
- Incremental Cloud Scan: Once the account is onboarded, if the configuration to run incremental scan mode is enabled, then the scan operation will consider only those resources which are:
- newly added to the account
- deleted
- have changes to the configuration
Information regarding the additions, deletions, or updates are captured from the CloudTrail logs.