Inventory

Overview

QueryPie displays a list of targets for access control, categorized by type.

In the detailed view, you can check the paths and tags where sensitive information is located, and you can assign custom tags.

Key Features of Inventory

Once the administrator confirms the sensitive information discovered, the tags are finalized and reflected in the data path of the Inventory. The data path refers to the locations where sensitive information is found, based on connections registered in QueryPie DB access control, system access control, and Kubernetes access control.

(Note: In version 10.0.0, only RDBMS systems are supported for sensitive information discovery, so Inventory can only manage RDBMS connections in DB access control.)

Types of Tags Used in QueryPie

1. QueryPie Tag (System Tag): An automatically assigned tag by the system that users cannot modify or add to.

2. Provider Tag (Cloud sync tag): A tag synchronized from the cloud. Each cloud may have its own set of managed tags. These tags cannot be modified, added, or deleted in QueryPie as they are retrieved from the cloud.

3. Custom Tag: A tag that users can freely assign within QueryPie.

4. Resource Tag: Each connection may have two types of tags: the Provider tag fetched from the cloud and the Custom tag assigned by the user. Together, they are referred to as the Resource Tag.

Inventory List

• Category: Displays the classification by QueryPie service. It includes Database, System, and Kubernetes corresponding to each access control system.

• Name: The name of the connection used by each access control system. If there are no connections yet (e.g., right after the first installation of QueryPie), no data will be shown in the list. Connections must first be created in the access control system.

• Data Source Type: A classification of the type of data source (e.g., MySQL, Oracle, etc.).

• Resource Tags: The tags assigned to the connection. These include Provider Tags synchronized from the cloud and Custom Tags created by the user.

• Cloud Provider: The name of the cloud provider where the target resource resides (e.g., AWS, Azure, GCP, etc.).

• Related Compliance: If the connection contains paths where sensitive information is found, the related compliance for the discovered sensitive information is displayed.

• Sensitive Items: Displays the tags of the discovered sensitive information.

• Created At: The timestamp when the connection was created.

• Last Updated At: The timestamp of the last modification to the connection information.

By clicking on each row in the list, you can view the connection details and the associated paths.

Connection Information and Resource Tag Management

In the detailed view, you can check and manage the basic information of the connection and the assigned tags.

In Resource Tags, the tags assigned to the connection (both Provider tags and Custom Tags) are displayed. You can manage the tags by clicking + Add Tags.

Data Paths under Connection

Once a scan is successfully completed at least once, the connection will display the path to the columns of the target database.
The path is structured as follows

If a column in the path contains sensitive information confirmed through the scan review, you will be able to view the sensitive information tags, the type of the sensitive data, and the related compliance information associated with that column.

Tagging Undetected Sensitive Information

If there are columns containing sensitive information that were not automatically detected, the administrator can manually assign sensitive information tags to these columns. This situation is generally referred to as a False Negative.

To manually handle this:

1. Navigate to the Inventory detail page and select the data path where sensitive information was not automatically detected.

2. Click the Add New Item button under the Sensitive Items section to manually add the sensitive information tag.

   

   1. Select the appropriate tag for the sensitive information and click the OK button.

      

   2. Check the results of the False Negative

      

Removing Sensitive Information Tags

Both sensitive information tags assigned from scan results and those manually assigned can be removed from the Inventory.

1. Select the sensitive information tag to remove.

2. Click the Remove button.

3. In the confirmation dialog, click the Remove button again to confirm.

   

Assigning Tags to Columns

You can assign custom tags to specific columns using the Add Custom Tags button available for each data path.

1. Click the Add Custom Tag button under the Custom Tags section.

2. Enter a value for the Key, then press Enter to add a colon (:).

3. Enter a value for the Value, then press Enter to add the tag. After adding one or more tags, click the OK button to confirm.

4. Check the entered tags to ensure they have been added correctly.

   

   Click the X next to a tag to remove the assigned custom tag.

Limitations

• Supported Databases for Sensitive Data Discovery: MySQL, MariaDB, Oracle, PostgreSQL, MS SQL Server, Azure SQL.
  Data paths for unsupported databases will not be displayed.

• To view data paths in the inventory, at least one successful scan must be performed for the connection specified when creating the discovery job. Otherwise, only the connection itself will be visible.

• Only custom tags can be applied in the inventory. Sensitive data tags, which are system tags used by QueryPie, should be managed through the Scan Results page.