An inventory of your assets is typically in scope for a SOC 2 audit. To aid in your audit preparation, Drata helps build this inventory for you.

Virtual asset tracking from AWS comes in five new classes, supplementing the original classes populated in Drata. These new classes are storage, container, compute, database, and networking. You will see within the Drata 'Asset Inventory' the ability to filter by these classes.

Today, Drata supports pulling the following Amazon services into the Drata Asset table for customers who have an AWS connection:

You will also see the option to filter by 'Types', 'Providers', and 'Owners.'

For items pulled in directly from AWS, the Type will always be 'Virtual', and the Provider/Source will always be 'AWS'.

To automatically populate the Owner field, Drata will assign these assets to whomever is listed as the Engineering Lead in the Key Personnel section of Drata, found here: https://app.drata.com/account-settings/personnel
If there is no Engineering Lead, then this will fall back to the listed CEO.

If there are no Key Personnel set, assets will be assigned to the first admin.
​
Many of the resource groups we pull from are related to specific regions such as ’us-west-2’ or ‘sa-east-1’. If a customer has the same named asset in multiple regions, this will produce a new line item for assets of the same name, distinguished by displaying the region directly after, delimited by a '|' character.

If Drata is pulling in assets from your AWS instances that are not in scope for your audit, be sure to add a AWS tag called 'DrataExclude' to them within your AWS console. More information on how to do that can be found here: https://help.drata.com/en/articles/5260549-exclusion-tags-within-aws

As with previous assets, you will also see a 'notes' section for each asset on the far right of the asset row. This will allow you to add any notes or even an asset tag.