Ability™ Developer Portal
Try Sandbox for free
Get a month of free access to ABB Ability™ Platform to learn and experiment!
API Playground
Play with ABB Ability™ Platform APIs (no time limits)

# Ability Azure Inventory (AAI)

# Overview

Ability Azure Inventory (AAI) is a custom solution created for the Ability Platform organization for asset management. The main features of this tool are:

  • asset discovery (including Ability Platform deployments)
  • reporting
  • integration with other IS Services
  • asset lifecycle management
  • asset security controls for:
    • ownership
    • Virtual Machines public exposure protection
    • Virtual Machines Cylance, QualysGuard agents installation
    • tracking access to non-ABB accounts

The appropriate security controls and lifecycle management have been implemented in AAI by Inventory Workflows.

# Scope

The scope of the Inventory tool crawler in Azure hosted in the Ability Platform. The main classification of the assets is:

  • internal: assets used internally by members of the Ability Platform
  • external: assets used by and provided to other Businesses

The following table shows the implemented features for a given class of assets.

Feature Global Azure - Internal Global Azure - External China Azure - Internal China Azure - External
Asset discovery X X X X
Reporting X X X X
IS Services integration X X X X
Lifecycle management X - (On demand) X - (On demand)
Policy verification X - (On demand) X - (On demand)

# System metadata

The Inventory tool contains a list of information about data. It stores the following:

  • Subscription owner
  • Tags (only redefined: Owner, Environment, Version, IGar, BN, BL, Purpose, Team, AbilityPlatformVersion, LastRelease, UpdatedAt)
  • Access control list
  • User membership
  • Asset activity
  • Asset costs
  • Asset metadata (Id, Type, Name, Location, Resource Group, Subscription)
  • Asset deployments
  • Asset Azure security alerts and recommendations
  • Virtual machine metadata (Host name, Operating system, Interfaces, Power status)
  • Virtual machine additional information (Open ports, QualysGuard/Cylance agents installation)

# IS Services integration

The following diagram shows how the Inventory tool integrates with other IS services (arrowheads show how the connection is initiated). The main purpose of service integration is to:

  • provide asset visibility to ABB.
  • retrieve information about Cylance and QualysGuard installation.
  • provide ownership information to Incident Response and Vulnerabilities Management teams.

Inventory Integration

# Inventory Workflows

The workflows below are used to ensure that the requirements defined for target resources are implemented.

Refer to Inventory Tool Implementation for more workflow implementation details.

# Compliance violation

The Compliance violation workflow is used when any compliance violation has been detected in the target resource.

Workflow

# Review (Lifecycle)

Workflow

The Review workflow is used for lifecycle of resources.

More details about the Azure resource lifecycle can be found in Lifecycle of Azure Resources.

# Manual removal

The Manual removal workflow is used to remove resources which have been classified to be deleted manually.

Workflow

# Inventory Tool Implementation

# Design

Inventory

# Workflow

Inventory workflow

Last updated: 9/6/2021, 1:25:50 PM

ADP Search Overview

Feedback