Multi-cloud honesty

Service coverage

Every individual service across Azure, AWS, GCP, Kubernetes, identity systems, and hybrid connectivity — with a fully / partially / planned / not-supported grade per capability. We do not pretend coverage we haven't built. See the guide.

Executive Engineer Architect

Cloud:all azure aws gcp kubernetes saas onprem

Status:all Production-quality Common case covered Synthesised from adjacent data Planned Not in scope

Enhanced by:all wiz dynatrace datadog crowdstrike veracode

○
Azure Container Instancesazure.compute.aci· computePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Functionsazure.compute.functions· computePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Batchazure.compute.batch· computePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Managed Disksazure.compute.disks· computePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Spring Appsazure.compute.springapps· computePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Service Fabricazure.compute.servicefabric· computePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Public IPazure.network.publicip· networkingPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Front Doorazure.network.frontdoor· networkingPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure CDNazure.network.cdn· networkingPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Private DNS Zoneazure.network.privatedns· networkingPlanned
Supported: discovery · inventory · topology · posture · identity · observability · cost
○
Azure DNSazure.network.publicdns· networkingPlanned
Supported: discovery · inventory · posture · identity · observability · cost
◐
ExpressRouteazure.network.expressroute· hybridCommon case covered
Supported: discovery · inventory · topology · posture · identity · observability · cost · recommendations
Circuit + peering visible. Has a hybridConnectivity playbook for chain validation.
○
VPN Gatewayazure.network.vpngateway· hybridPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Virtual WANazure.network.virtualwan· hybridPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Route Table / UDRazure.network.routetable· networkingPlanned
Supported: discovery · inventory · topology · posture · identity · observability · cost
○
Network Watcherazure.network.networkwatcher· observabilityPlanned
Supported: discovery · inventory · posture · identity · observability · cost
Flow logs + topology snapshots + IP flow verify. Used as evidence source by NSG playbooks.
○
Azure Bastionazure.network.bastion· securityPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
DDoS Protectionazure.network.ddos· securityPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure NetApp Filesazure.storage.netapp· storagePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Data Box Edgeazure.storage.databoxedge· storagePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
SQL Managed Instanceazure.db.sqlmi· databasePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Database for PostgreSQLazure.db.postgres· databasePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Database for MySQLazure.db.mysql· databasePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Database for MariaDBazure.db.mariadb· databasePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Cosmos DBazure.db.cosmos· databasePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Cache for Redisazure.db.redis· databasePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Synapse Analyticsazure.db.synapse· analyticsPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Data Explorerazure.db.kusto· analyticsPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure AI Searchazure.db.search· ai_mlPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Microsoft Entra IDazure.identity.entraid· identityPlanned
Supported: discovery · inventory · posture · identity · observability · cost · recommendations
Users, groups, app regs, service principals, role assignments via Graph + ARM RBAC.
○
User-Assigned Managed Identityazure.identity.uami· identityPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Privileged Identity Managementazure.identity.pim· identityPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure AD B2Cazure.identity.b2c· identityPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Microsoft Defender for Cloudazure.security.defender· securityPlanned
Supported: discovery · inventory · posture · identity · observability · cost · recommendations
Findings + secure score + plans. Defender for Servers/Containers/Storage/SQL all surface via assessments.
○
Microsoft Sentinelazure.security.sentinel· securityPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Policyazure.security.policy· managementPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
App Configurationazure.security.appconfig· managementPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Application Gateway WAF v2azure.security.appgateway_waf· securityPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Front Door WAFazure.security.frontdoor_waf· securityPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Cognitive Servicesazure.ai.cognitiveservices· ai_mlPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Machine Learningazure.ai.ml· ai_mlPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Bot Serviceazure.ai.bot· ai_mlPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Monitorazure.obs.monitor· observabilityPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Log Analyticsazure.obs.loganalytics· observabilityPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Application Insightsazure.obs.appinsights· observabilityPlanned
Supported: discovery · inventory · posture · identity · observability · cost
Trace data only if the app is instrumented. Service map from App Insights is partial; full topology benefits from Dynatrace/Datadog.
○
Activity Logazure.obs.activitylog· observabilityPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Service Healthazure.obs.servicehealth· observabilityPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure DevOpsazure.devops.devops· devopsPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Container Registryazure.devops.acr· devopsPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Service Busazure.integration.servicebus· integrationPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Event Hubsazure.integration.eventhub· integrationPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Event Gridazure.integration.eventgrid· integrationPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Logic Appsazure.integration.logicapps· integrationPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
API Managementazure.integration.apim· integrationPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Notification Hubsazure.integration.notificationhubs· integrationPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Relayazure.integration.relay· integrationPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Resource Managerazure.mgmt.arm· managementPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Policyazure.mgmt.policy· managementPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Blueprints (legacy)azure.mgmt.blueprints· managementPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Cost Managementazure.mgmt.cost· managementPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Automation Accountazure.mgmt.automation· managementPlanned
Supported: discovery · inventory · posture · identity · observability · cost · recommendations
Has a deep playbook (automationHybridWorker) for hybrid worker + module CVE analysis.
○
Azure Arcazure.mgmt.arc· hybridPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Lighthouseazure.mgmt.lighthouse· managementPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Advisorazure.mgmt.advisor· managementPlanned
Supported: discovery · inventory · posture · identity · observability · cost · recommendations
○
Resource Graphazure.mgmt.resourcegraph· managementPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
IoT Hubazure.iot.hub· iot_edgePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
IoT Centralazure.iot.central· iot_edgePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Digital Twinsazure.iot.digitaltwins· iot_edgePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Device Provisioning Serviceazure.iot.dps· iot_edgePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Sphereazure.iot.sphere· iot_edgePlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Communication Servicesazure.media.acs· mediaPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Mapsazure.media.maps· mediaPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Recovery Services Vaultazure.migration.recoveryvault· migrationPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Azure Migrateazure.migration.databoxedge· migrationPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
Database Migration Serviceazure.migration.dms· migrationPlanned
Supported: discovery · inventory · posture · identity · observability · cost
○
EC2aws.compute.ec2· computePlanned
Supported: discovery · inventory · cost
○
Auto Scaling Groupsaws.compute.asg· computePlanned
Supported: discovery · inventory · cost
○
ECSaws.compute.ecs· computePlanned
Supported: discovery · inventory · cost
○
EKSaws.compute.eks· computePlanned
Supported: discovery · inventory · cost
○
Fargateaws.compute.fargate· computePlanned
Supported: discovery · inventory · cost
○
Lambdaaws.compute.lambda· computePlanned
Supported: discovery · inventory · cost · recommendations
awsLambdaVpc playbook exists for VPC + IAM posture.
○
Batchaws.compute.batch· computePlanned
Supported: discovery · inventory · cost
○
App Runneraws.compute.apprunner· computePlanned
Supported: discovery · inventory · cost
○
VPCaws.network.vpc· networkingPlanned
Supported: discovery · inventory · cost
○
Subnetaws.network.subnet· networkingPlanned
Supported: discovery · inventory · cost
○
Security Groupaws.network.sg· networkingPlanned
Supported: discovery · inventory · cost · recommendations
awsSgBroadSource playbook computes SG tier + flags 0.0.0.0/0 ingress.
○
Network ACLaws.network.nacl· networkingPlanned
Supported: discovery · inventory · cost
○
Route Tableaws.network.routetable· networkingPlanned
Supported: discovery · inventory · cost
○
Internet Gatewayaws.network.igw· networkingPlanned
Supported: discovery · inventory · cost
○
NAT Gatewayaws.network.natgw· networkingPlanned
Supported: discovery · inventory · cost
○
Transit Gatewayaws.network.tgw· hybridPlanned
Supported: discovery · inventory · cost
○
VPN Gatewayaws.network.vpngw· hybridPlanned
Supported: discovery · inventory · cost
○
Direct Connectaws.network.directconnect· hybridPlanned
Supported: discovery · inventory · cost
○
ELB (classic)aws.network.elb· networkingPlanned
Supported: discovery · inventory · cost
○
Application Load Balanceraws.network.alb· networkingPlanned
Supported: discovery · inventory · cost
○
Network Load Balanceraws.network.nlb· networkingPlanned
Supported: discovery · inventory · cost
○
CloudFrontaws.network.cloudfront· networkingPlanned
Supported: discovery · inventory · cost
○
Route 53aws.network.route53· networkingPlanned
Supported: discovery · inventory · cost
○
PrivateLinkaws.network.privatelink· networkingPlanned
Supported: discovery · inventory · cost
○
S3aws.storage.s3· storagePlanned
Supported: discovery · inventory · cost · recommendations
awsS3CrossAccount playbook computes cross-account access + Block Public Access posture.
○
EBSaws.storage.ebs· storagePlanned
Supported: discovery · inventory · cost
○
EFSaws.storage.efs· storagePlanned
Supported: discovery · inventory · cost
○
FSxaws.storage.fsx· storagePlanned
Supported: discovery · inventory · cost
○
S3 Glacieraws.storage.glacier· storagePlanned
Supported: discovery · inventory · cost
○
RDSaws.db.rds· databasePlanned
Supported: discovery · inventory · cost · recommendations
awsRdsPublic playbook detects publicly-accessible instances.
○
Auroraaws.db.aurora· databasePlanned
Supported: discovery · inventory · cost
○
DynamoDBaws.db.dynamodb· databasePlanned
Supported: discovery · inventory · cost
○
ElastiCacheaws.db.elasticache· databasePlanned
Supported: discovery · inventory · cost
○
DocumentDBaws.db.documentdb· databasePlanned
Supported: discovery · inventory · cost
○
Neptuneaws.db.neptune· databasePlanned
Supported: discovery · inventory · cost
○
Redshiftaws.db.redshift· analyticsPlanned
Supported: discovery · inventory · cost
○
OpenSearchaws.db.opensearch· ai_mlPlanned
Supported: discovery · inventory · cost
○
IAMaws.identity.iam· identityPlanned
Supported: discovery · inventory · identity · cost · recommendations
Role/Policy/User enumeration native via IAM API; least-privilege analyzer roadmap.
○
Cognitoaws.identity.cognito· identityPlanned
Supported: discovery · inventory · cost
○
AWS SSO / IAM Identity Centeraws.identity.sso· identityPlanned
Supported: discovery · inventory · cost
○
Secrets Manageraws.identity.secretsmanager· securityPlanned
Supported: discovery · inventory · cost
○
KMSaws.identity.kms· securityPlanned
Supported: discovery · inventory · cost
○
Security Hubaws.security.securityhub· securityPlanned
Supported: discovery · inventory · posture · cost
Finding ingestion stub exists; full enrichment roadmap.
○
GuardDutyaws.security.guardduty· securityPlanned
Supported: discovery · inventory · cost
○
Inspectoraws.security.inspector· securityPlanned
Supported: discovery · inventory · cost
○
Macieaws.security.macie· securityPlanned
Supported: discovery · inventory · cost
○
Detectiveaws.security.detective· securityPlanned
Supported: discovery · inventory · cost
○
AWS Configaws.security.config· managementPlanned
Supported: discovery · inventory · posture · cost
○
CloudTrailaws.security.cloudtrail· observabilityPlanned
Supported: discovery · inventory · cost
○
WAFaws.security.waf· securityPlanned
Supported: discovery · inventory · cost
○
Shieldaws.security.shield· securityPlanned
Supported: discovery · inventory · cost
○
Firewall Manageraws.security.firewallmgr· securityPlanned
Supported: discovery · inventory · cost
○
CloudWatch Metricsaws.obs.cloudwatch· observabilityPlanned
Supported: discovery · inventory · observability · cost
○
CloudWatch Logsaws.obs.cwlogs· observabilityPlanned
Supported: discovery · inventory · observability · cost
○
X-Rayaws.obs.xray· observabilityPlanned
Supported: discovery · inventory · cost
○
EventBridgeaws.obs.eventbridge· integrationPlanned
Supported: discovery · inventory · cost
○
SQSaws.integration.sqs· integrationPlanned
Supported: discovery · inventory · cost
○
SNSaws.integration.sns· integrationPlanned
Supported: discovery · inventory · cost
○
Step Functionsaws.integration.stepfn· integrationPlanned
Supported: discovery · inventory · cost
○
API Gatewayaws.integration.apigw· integrationPlanned
Supported: discovery · inventory · cost
○
AppSyncaws.integration.appsync· integrationPlanned
Supported: discovery · inventory · cost
○
Organizationsaws.mgmt.organizations· managementPlanned
Supported: discovery · inventory · cost
○
Control Toweraws.mgmt.controltower· managementPlanned
Supported: discovery · inventory · cost
○
Service Catalogaws.mgmt.servicecatalog· managementPlanned
Supported: discovery · inventory · cost
○
CloudFormationaws.mgmt.cfn· devopsPlanned
Supported: discovery · inventory · cost
○
Systems Manageraws.mgmt.ssm· managementPlanned
Supported: discovery · inventory · cost
○
ECRaws.devops.ecr· devopsPlanned
Supported: discovery · inventory · cost
○
CodeBuildaws.devops.codebuild· devopsPlanned
Supported: discovery · inventory · cost
○
CodePipelineaws.devops.codepipeline· devopsPlanned
Supported: discovery · inventory · cost
○
CodeArtifactaws.devops.codeartifact· devopsPlanned
Supported: discovery · inventory · cost
○
Compute Enginegcp.compute.gce· computePlanned
Supported: discovery · inventory · cost
○
GKEgcp.compute.gke· computePlanned
Supported: discovery · inventory · cost · recommendations
gcpGkeNetworking playbook for control-plane + nodepool posture.
○
Cloud Rungcp.compute.cloudrun· computePlanned
Supported: discovery · inventory · cost
○
Cloud Functionsgcp.compute.functions· computePlanned
Supported: discovery · inventory · cost · recommendations
gcpCloudFunctionIngress playbook checks ingress posture.
○
App Enginegcp.compute.appengine· computePlanned
Supported: discovery · inventory · cost
○
GCP Batchgcp.compute.batch· computePlanned
Supported: discovery · inventory · cost
○
VPCgcp.network.vpc· networkingPlanned
Supported: discovery · inventory · cost
○
Subnetworkgcp.network.subnet· networkingPlanned
Supported: discovery · inventory · cost
○
Firewall Rulegcp.network.firewall· networkingPlanned
Supported: discovery · inventory · cost
○
Routesgcp.network.routes· networkingPlanned
Supported: discovery · inventory · cost
○
Cloud NATgcp.network.cloudnat· networkingPlanned
Supported: discovery · inventory · cost
○
Cloud Load Balancinggcp.network.lb· networkingPlanned
Supported: discovery · inventory · cost
○
Cloud CDNgcp.network.cdn· networkingPlanned
Supported: discovery · inventory · cost
○
Private Service Connectgcp.network.psc· networkingPlanned
Supported: discovery · inventory · cost
○
Cloud DNSgcp.network.dns· networkingPlanned
Supported: discovery · inventory · cost
○
Cloud Armorgcp.network.cloudarmor· securityPlanned
Supported: discovery · inventory · cost
○
Interconnectgcp.network.interconnect· hybridPlanned
Supported: discovery · inventory · cost
○
Cloud VPNgcp.network.vpn· hybridPlanned
Supported: discovery · inventory · cost
○
Cloud Storagegcp.storage.gcs· storagePlanned
Supported: discovery · inventory · cost · recommendations
gcpCloudStoragePublicAccess playbook detects publicly-accessible buckets.
○
Persistent Diskgcp.storage.disk· storagePlanned
Supported: discovery · inventory · cost
○
Filestoregcp.storage.filestore· storagePlanned
Supported: discovery · inventory · cost
○
Cloud SQLgcp.db.cloudsql· databasePlanned
Supported: discovery · inventory · cost · recommendations
gcpCloudSqlPublic playbook detects publicly-accessible instances.
○
Spannergcp.db.spanner· databasePlanned
Supported: discovery · inventory · cost
○
Firestoregcp.db.firestore· databasePlanned
Supported: discovery · inventory · cost
○
Bigtablegcp.db.bigtable· databasePlanned
Supported: discovery · inventory · cost
○
AlloyDBgcp.db.alloydb· databasePlanned
Supported: discovery · inventory · cost
○
Memorystoregcp.db.memorystore· databasePlanned
Supported: discovery · inventory · cost
○
Cloud IAMgcp.identity.iam· identityPlanned
Supported: discovery · inventory · identity · cost
○
Identity-Aware Proxygcp.identity.iap· identityPlanned
Supported: discovery · inventory · cost
○
Secret Managergcp.identity.secretmanager· securityPlanned
Supported: discovery · inventory · cost
○
Cloud KMSgcp.identity.kms· securityPlanned
Supported: discovery · inventory · cost
○
Cloud Identitygcp.identity.cloudidentity· identityPlanned
Supported: discovery · inventory · cost
○
Security Command Centergcp.security.scc· securityPlanned
Supported: discovery · inventory · posture · cost
○
Binary Authorizationgcp.security.binaryauth· securityPlanned
Supported: discovery · inventory · cost
○
Access Context Managergcp.security.accesscontext· securityPlanned
Supported: discovery · inventory · cost
○
VPC Service Controlsgcp.security.vpcsc· securityPlanned
Supported: discovery · inventory · cost
○
Chroniclegcp.security.chronicle· securityPlanned
Supported: discovery · inventory · cost
○
Cloud Logginggcp.obs.logging· observabilityPlanned
Supported: discovery · inventory · observability · cost
○
Cloud Monitoringgcp.obs.monitoring· observabilityPlanned
Supported: discovery · inventory · observability · cost
○
Cloud Tracegcp.obs.trace· observabilityPlanned
Supported: discovery · inventory · cost
○
Error Reportinggcp.obs.errorrep· observabilityPlanned
Supported: discovery · inventory · cost
○
BigQuerygcp.analytics.bigquery· analyticsPlanned
Supported: discovery · inventory · cost
○
Dataflowgcp.analytics.dataflow· analyticsPlanned
Supported: discovery · inventory · cost
○
Dataprocgcp.analytics.dataproc· analyticsPlanned
Supported: discovery · inventory · cost
○
Pub/Subgcp.integration.pubsub· integrationPlanned
Supported: discovery · inventory · cost
○
Cloud Tasksgcp.integration.cloudtasks· integrationPlanned
Supported: discovery · inventory · cost
○
Workflowsgcp.integration.workflows· integrationPlanned
Supported: discovery · inventory · cost
○
Eventarcgcp.integration.eventarc· integrationPlanned
Supported: discovery · inventory · cost
○
Cloud Endpointsgcp.integration.endpoints· integrationPlanned
Supported: discovery · inventory · cost
○
Organizationgcp.mgmt.org· managementPlanned
Supported: discovery · inventory · cost
gcpOrgHierarchy playbook walks org→folder→project tree.
○
Foldergcp.mgmt.folder· managementPlanned
Supported: discovery · inventory · cost
○
Projectgcp.mgmt.project· managementPlanned
Supported: discovery · inventory · cost
○
Marketplacegcp.mgmt.marketplace· managementPlanned
Supported: discovery · inventory · cost
○
Podk8s.workload.pod· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
Deploymentk8s.workload.deployment· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
StatefulSetk8s.workload.statefulset· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
DaemonSetk8s.workload.daemonset· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
Jobk8s.workload.job· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
CronJobk8s.workload.cronjob· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
ReplicaSetk8s.workload.rs· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
ConfigMapk8s.config.configmap· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
Secretk8s.config.secret· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
Servicek8s.net.service· networkingPlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
Ingressk8s.net.ingress· networkingPlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
NetworkPolicyk8s.net.netpol· networkingPlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
Endpointsk8s.net.endpoint· networkingPlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
EndpointSlicek8s.net.endpointslice· networkingPlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
Rolek8s.rbac.role· identityPlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
ClusterRolek8s.rbac.clusterrole· identityPlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
RoleBindingk8s.rbac.rb· identityPlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
ClusterRoleBindingk8s.rbac.crb· identityPlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
ServiceAccountk8s.rbac.sa· identityPlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
PodSecurityAdmissionk8s.policy.psp· securityPlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
Namespacek8s.namespace· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
Nodek8s.node· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
PersistentVolumek8s.storage.pv· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
PersistentVolumeClaimk8s.storage.pvc· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
StorageClassk8s.storage.sc· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
HorizontalPodAutoscalerk8s.autoscaling.hpa· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
VerticalPodAutoscalerk8s.autoscaling.vpa· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
CustomResourceDefinitionk8s.crd· computePlanned
Supported: discovery · inventory · topology · posture · network · identity · observability
○
Microsoft Entra IDidentity.entra· identityPlanned
Supported: observability
Discovery: MS Graph + ARM. Auth: OAuth client credentials + User-Assigned Managed Identity. Reads: Users, groups, app regs, service principals, role assignments, group memberships, sign-in logs.
○
Microsoft Entra B2Cidentity.entra_b2c· identityPlanned
Supported: observability
Discovery: Graph. Auth: OAuth. Reads: Custom policies, user flows, tenant config.
○
Entra Domain Servicesidentity.entra_ds· identityPlanned
Supported: observability
Discovery: ARM. Auth: OAuth (UAMI). Reads: Domain config, replication state.
○
Active Directory Federation Services (ADFS)identity.adfs· identityPlanned
Supported: observability
Discovery: Read Entra federation settings (we infer ADFS presence from external federation config). Auth: n/a — read Entra side only. Reads: Federation trust metadata, claim mappings.
○
Active Directory (on-prem)identity.active_directory· identityPlanned
Supported: observability
Discovery: Azure AD Connect sync state via Entra; on-prem LDAP optional via agent. Auth: Read sync state from Entra; on-prem agent for direct read. Reads: Hybrid join state, sync errors, stale objects (via Entra sync metrics).
○
LDAP / OpenLDAPidentity.ldap· identityPlanned
Supported: observability
Discovery: LDAP bind (on-prem connector or jump host). Auth: Bind DN + service-account password. Reads: OU tree, user/group attributes.
○
Oktaidentity.okta· identityPlanned
Supported: observability
Discovery: Okta Management API. Auth: API token (read scopes: users:read, groups:read, apps:read, logs:read). Reads: Users, groups, apps, role assignments, MFA enrollments, system log, policies.
○
Ping Identityidentity.ping· identityPlanned
Supported: observability
Discovery: PingOne API. Auth: OAuth client credentials. Reads: Users, populations, applications, role assignments, MFA.
○
OneLoginidentity.onelogin· identityPlanned
Supported: observability
Discovery: OneLogin API. Auth: API credentials. Reads: Users, apps, roles, sign-in events.
○
ForgeRock Identity Cloudidentity.forgerock· identityPlanned
Supported: observability
Discovery: AM/IDM REST. Auth: Service account / OAuth client credentials. Reads: Users, identities, journeys, federation config.
○
Auth0 (Okta)identity.auth0· identityPlanned
Supported: observability
Discovery: Management API. Auth: M2M token (audience: management API). Reads: Users, applications, connections, rules/actions, logs.
○
JumpCloudidentity.jumpcloud· identityPlanned
Supported: observability
Discovery: JumpCloud API. Auth: API key (read scopes). Reads: Users, systems, system bindings, SSO apps, MFA enrollment.
○
Google Cloud Identityidentity.gcp_identity· identityPlanned
Supported: observability
Discovery: Google Admin SDK Directory API. Auth: OAuth (workforce identity federation preferred). Reads: Users, groups, OUs, role assignments, sign-in events.
○
Amazon Cognitoidentity.cognito· identityPlanned
Supported: observability
Discovery: AWS SDK (Cognito IDP). Auth: Cross-account IAM role (read-only). Reads: User pools, app clients, identity providers, federation config.
○
SailPoint IdentityNowidentity.sailpoint· identityPlanned
Supported: observability
Discovery: IdentityNow API. Auth: OAuth client credentials (read scopes). Reads: Identities, entitlements, access reviews, certifications, sources.
○
Saviynt Identity Cloudidentity.saviynt· identityPlanned
Supported: observability
Discovery: Saviynt REST. Auth: Service account. Reads: Users, accounts, entitlements, requests, certifications.
○
CyberArkidentity.cyberark· identityPlanned
Supported: observability
Discovery: Conjur API + EPM API + Privilege Cloud API. Auth: API authentication. Reads: Safes, accounts, applications, privileged session audit.
○
Delinea (Thycotic + Centrify)identity.delinea· identityPlanned
Supported: observability
Discovery: Secret Server REST + Privilege Manager API. Auth: API key + service account. Reads: Secret templates, folders, permissions, audit logs.
○
Duo Security (Cisco)identity.duo· identityPlanned
Supported: observability
Discovery: Duo Admin API. Auth: hostkey + skey + IKey (read). Reads: Users, integrations, authentication logs, enrollment status, policies.
○
RSA SecurIDidentity.rsa_securid· identityPlanned
Supported: observability
Discovery: SecurID Cloud Authentication API. Auth: service account. Reads: Users, tokens, authentication policies, sign-in events.
○
Keycloakidentity.keycloak· identityPlanned
Supported: observability
Discovery: Keycloak Admin REST API. Auth: OIDC client_credentials. Reads: Realms, users, groups, clients, role mappings, identity providers.
✕
ExpressRoute (Azure)hybrid.azure.expressroute· hybridNot in scope
Supported: discovery · inventory · topology · network
Azure side discovered via Resource Graph; hybridConnectivity playbook validates the chain. On-prem peer + carrier device not visible.
✕
VPN Gateway (Azure)hybrid.azure.vpngateway· hybridNot in scope
Supported: discovery · inventory · topology · network
Azure side discovered. On-prem peer requires CMDB or agent.
✕
Direct Connect (AWS)hybrid.aws.directconnect· hybridNot in scope
Supported: discovery · inventory · topology · network
AWS side enumerable via aiobotocore. On-prem peer not visible.
✕
Site-to-Site VPN (AWS)hybrid.aws.sitevpn· hybridNot in scope
Supported: discovery · inventory · topology · network
Tunnel state visible AWS-side.
✕
Cloud Interconnect (GCP)hybrid.gcp.interconnect· hybridNot in scope
Supported: discovery · inventory · topology · network
GCP side enumerable via google-cloud-resource-manager.
✕
Cloud VPN (GCP)hybrid.gcp.cloudvpn· hybridNot in scope
Supported: discovery · inventory · topology · network
GCP side enumerable.
✕
Hybrid DNS resolutionhybrid.dns.resolver· hybridNot in scope
Supported: discovery · inventory · topology · network
Private DNS Zones (Azure/AWS/GCP) plus conditional forwarders. Resolution chain validated end-to-end by privateEndpointImpact playbook for Azure only.
✕
Identity federationhybrid.identity.federation· hybridNot in scope
Supported: discovery · inventory · topology · network
Entra ↔ ADFS / Entra ↔ Okta / Entra ↔ Ping. Discovery requires reading Entra federation settings + the peer IdP via its API.
✕
ServiceNow CMDBhybrid.cmdb.servicenow· hybridNot in scope
Supported: discovery · inventory · topology · network
Business services from cmdb_ci_service ingested. Reconciliation against live cloud inventory is roadmap.
✕
Webhook integration bridgehybrid.webhook.bridge· hybridNot in scope
Supported: discovery · inventory · topology · network
Outbound webhooks fire on recommendation status changes. Inbound webhooks (receiving from external systems) are roadmap.

Read-only and advisory by design — we never modify cloud resources. The grades describe what we can observe, not what we can change.