Prisma Cloud: Mismatch in total count of assets in Asset Inventory and Compliance Overview
1986
Created On 07/28/23 15:21 PM - Last Modified 01/29/25 09:14 AM
Symptom
Mismatch in the total count of assets between Asset Inventory and Compliance Overview.
The number of assets displayed in the Compliance Overview section is significantly lower than the number of assets in the Asset Inventory section.
GUI Path: Inventory > Assets > Asset Inventory > Overview GUI Path: Compliance > Overview
Environment
- Prisma Cloud
- Asset Inventory
- Compliance Overview
Cause
This is completely expected. Let's explain how each section work:
Asset Inventory:
Under the Inventory > Asset section, this section shows every single asset of the Cloud Providers according to the filters. In the screenshot above we can observe the following filters:- Date: Most Recent
- Cloud Type: GCP
We will see very similar results as if you perform the following RQL in the Investigate section:
config from cloud.resource where cloud.type = 'gcp'If we observe any small discrepancies it is usually due to RQL performing the query live and the information shown in the Asset Inventory is refreshed every few hours.
In this scenario, every single asset in your GCP accounts are shown.
Compliance Overview:
Under the Compliance Overview section, with the same filters:- Date: Most Recent
- Cloud Type: GCP
We will see all the assets that are included in all the Compliance Standards of the section.
These compliance Standards are linked to a certain number of Policies, and each Policy is linked to a specific RQL.
In total, many specific RQLs are considered, but not as wide as the mentioned RQL before.
We can check those RQLs from every Policy navigating through the different Compliance Standards, their Policies and through the different RQLs from their Policies.
Those multiple RQLs are focused in specific resource types and specific scenarios, so it is expected that we don't see every single asset, as not every single type of resource and scenarios are considered in Compliance Standards.
Resolution
The Compliance section won’t show every single resource. The resources shown are limited to the RQLs of all the Policies linked to Compliance Standards. Despite being dozens of Policies, they don’t approach every single resource of the Cloud Providers.