elastic · kubasobon · Sep 1, 2025 · Aug 25, 2025 · Sep 1, 2025 · Sep 1, 2025
@@ -80,7 +80,7 @@ func (f *accountFetcher) fetch(ctx context.Context, resourceName string, functio
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   item.TenantId,
-				ServiceName: "Azure",
+				ServiceName: "Azure Entra",
 			}),
 			inventory.WithLabelsFromAny(item.Tags),
 			inventory.WithOrganization(inventory.Organization{

@@ -46,7 +46,7 @@ func TestAccountFetcher_Fetch_Tenants(t *testing.T) {
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   "<tenant UUID>",
-				ServiceName: "Azure",
+				ServiceName: "Azure Entra",
 			}),
 			inventory.WithOrganization(inventory.Organization{
 				ID: "<tenant UUID>",
@@ -82,7 +82,7 @@ func TestAccountFetcher_Fetch_Subscriptions(t *testing.T) {
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   "<sub UUID>",
-				ServiceName: "Azure",
+				ServiceName: "Azure Entra",
 			}),
 			inventory.WithOrganization(inventory.Organization{
 				ID: "<sub UUID>",

@@ -81,7 +81,7 @@ func (f *activedirectoryFetcher) fetchServicePrincipals(ctx context.Context, ass
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   tenantId,
-				ServiceName: "Azure",
+				ServiceName: "Azure Entra",
 			}),
 			inventory.WithTags(item.GetTags()),
 		)
@@ -108,7 +108,7 @@ func (f *activedirectoryFetcher) fetchDirectoryRoles(ctx context.Context, assetC
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   f.tenantID,
-				ServiceName: "Azure",
+				ServiceName: "Azure Entra",
 			}),
 			inventory.WithUser(inventory.User{
 				ID:   pointers.Deref(item.GetId()),
@@ -128,11 +128,6 @@ func (f *activedirectoryFetcher) fetchGroups(ctx context.Context, assetChan chan
 	}
 
 	for _, item := range items {
-		// TODO(kuba): How to test this without being able to test Groups?
-		// var labels map[string]string
-		// for _, l := range item.GetAssignedLabels() {
-		// 	fmt.Println(l)
-		// }
 		assetChan <- inventory.NewAssetEvent(
 			inventory.AssetClassificationAzureEntraGroup,
 			pointers.Deref(item.GetId()),
@@ -143,13 +138,12 @@ func (f *activedirectoryFetcher) fetchGroups(ctx context.Context, assetChan chan
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   f.tenantID,
-				ServiceName: "Azure",
+				ServiceName: "Azure Entra",
 			}),
 			inventory.WithGroup(inventory.Group{
 				ID:   pointers.Deref(item.GetId()),
 				Name: pointers.Deref(item.GetDisplayName()),
 			}),
-			// inventory.WithLabels(labels),
 		)
 	}
 }
@@ -174,7 +168,7 @@ func (f *activedirectoryFetcher) fetchUsers(ctx context.Context, assetChan chan<
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   f.tenantID,
-				ServiceName: "Azure",
+				ServiceName: "Azure Entra",
 			}),
 			inventory.WithUser(inventory.User{
 				ID:   pointers.Deref(item.GetId()),

@@ -86,7 +86,7 @@ func TestActiveDirectoryFetcher_Fetch(t *testing.T) {
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   appOwnerOrganizationId.String(),
-				ServiceName: "Azure",
+				ServiceName: "Azure Entra",
 			}),
 		),
 		inventory.NewAssetEvent(
@@ -97,7 +97,7 @@ func TestActiveDirectoryFetcher_Fetch(t *testing.T) {
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   "id",
-				ServiceName: "Azure",
+				ServiceName: "Azure Entra",
 			}),
 			inventory.WithUser(inventory.User{
 				ID:   "id",
@@ -112,7 +112,7 @@ func TestActiveDirectoryFetcher_Fetch(t *testing.T) {
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   "id",
-				ServiceName: "Azure",
+				ServiceName: "Azure Entra",
 			}),
 			inventory.WithGroup(inventory.Group{
 				ID:   "id",
@@ -127,7 +127,7 @@ func TestActiveDirectoryFetcher_Fetch(t *testing.T) {
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   "id",
-				ServiceName: "Azure",
+				ServiceName: "Azure Entra",
 			}),
 			inventory.WithUser(inventory.User{
 				ID:   "id",

@@ -50,29 +50,30 @@ func newResourceGraphFetcher(logger *clog.Logger, tenantID string, provider reso
 func (f *resourceGraphFetcher) Fetch(ctx context.Context, assetChan chan<- inventory.AssetEvent) {
 	resourcesToFetch := []struct {
 		name           string
+		serviceName    string
 		azureGroup     string
 		azureType      string
 		classification inventory.AssetClassification
 	}{
-		{"App Services", azurelib.AssetGroupResources, azurelib.WebsitesAssetType, inventory.AssetClassificationAzureAppService},
-		{"Container Registries", azurelib.AssetGroupResources, azurelib.ContainerRegistryAssetType, inventory.AssetClassificationAzureContainerRegistry},
-		{"Cosmos DB Accounts", azurelib.AssetGroupResources, azurelib.DocumentDBDatabaseAccountAssetType, inventory.AssetClassificationAzureCosmosDBAccount},
-		{"Cosmos DB SQL Databases", azurelib.AssetGroupResources, azurelib.CosmosDBForSQLDatabaseAssetType, inventory.AssetClassificationAzureCosmosDBSQLDatabase},
-		{"Disks", azurelib.AssetGroupResources, azurelib.DiskAssetType, inventory.AssetClassificationAzureDisk},
-		{"Elastic Pools", azurelib.AssetGroupResources, azurelib.ElasticPoolAssetType, inventory.AssetClassificationAzureElasticPool},
-		{"MySQL Flexible Servers", azurelib.AssetGroupResources, azurelib.FlexibleMySQLDBAssetType, inventory.AssetClassificationAzureSQLServer},
-		{"Resource Groups", azurelib.AssetGroupResourceContainers, azurelib.ResouceGroupAssetType, inventory.AssetClassificationAzureResourceGroup},
-		{"SQL Databases", azurelib.AssetGroupResources, azurelib.MySQLDatabaseAssetType, inventory.AssetClassificationAzureSQLDatabase},
-		{"Snapshots", azurelib.AssetGroupResources, azurelib.SnapshotAssetType, inventory.AssetClassificationAzureSnapshot},
-		{"Storage Accounts", azurelib.AssetGroupResources, azurelib.StorageAccountAssetType, inventory.AssetClassificationAzureStorageAccount},
-		{"Virtual Machines", azurelib.AssetGroupResources, azurelib.VirtualMachineAssetType, inventory.AssetClassificationAzureVirtualMachine},
+		{"App Services", "Azure App Services", azurelib.AssetGroupResources, azurelib.WebsitesAssetType, inventory.AssetClassificationAzureAppService},
+		{"Container Registries", "Azure Container Registries", azurelib.AssetGroupResources, azurelib.ContainerRegistryAssetType, inventory.AssetClassificationAzureContainerRegistry},
+		{"Cosmos DB Accounts", "Azure Cosmos DB", azurelib.AssetGroupResources, azurelib.DocumentDBDatabaseAccountAssetType, inventory.AssetClassificationAzureCosmosDBAccount},
+		{"Cosmos DB SQL Databases", "Azure Cosmos DB", azurelib.AssetGroupResources, azurelib.CosmosDBForSQLDatabaseAssetType, inventory.AssetClassificationAzureCosmosDBSQLDatabase},
+		{"Disks", "Azure Storage", azurelib.AssetGroupResources, azurelib.DiskAssetType, inventory.AssetClassificationAzureDisk},
+		{"Elastic Pools", "Azure SQL Elastic Pools", azurelib.AssetGroupResources, azurelib.ElasticPoolAssetType, inventory.AssetClassificationAzureElasticPool},
+		{"MySQL Flexible Servers", "Azure SQL Servers", azurelib.AssetGroupResources, azurelib.FlexibleMySQLDBServerAssetType, inventory.AssetClassificationAzureSQLServer},
+		{"Resource Groups", "Azure Management", azurelib.AssetGroupResourceContainers, azurelib.ResouceGroupAssetType, inventory.AssetClassificationAzureResourceGroup},
+		{"SQL Databases", "Azure SQL Databases", azurelib.AssetGroupResources, azurelib.MySQLDatabaseAssetType, inventory.AssetClassificationAzureSQLDatabase},
+		{"Snapshots", "Azure Storage", azurelib.AssetGroupResources, azurelib.SnapshotAssetType, inventory.AssetClassificationAzureSnapshot},
+		{"Storage Accounts", "Azure Storage", azurelib.AssetGroupResources, azurelib.StorageAccountAssetType, inventory.AssetClassificationAzureStorageAccount},
+		{"Virtual Machines", "Azure Virtual Machines", azurelib.AssetGroupResources, azurelib.VirtualMachineAssetType, inventory.AssetClassificationAzureVirtualMachine},
 	}
 	for _, r := range resourcesToFetch {
-		f.fetch(ctx, r.name, r.azureGroup, r.azureType, r.classification, assetChan)
+		f.fetch(ctx, r.name, r.serviceName, r.azureGroup, r.azureType, r.classification, assetChan)
 	}
 }
 
-func (f *resourceGraphFetcher) fetch(ctx context.Context, resourceName, resourceGroup, resourceType string, classification inventory.AssetClassification, assetChan chan<- inventory.AssetEvent) {
+func (f *resourceGraphFetcher) fetch(ctx context.Context, resourceName, serviceName, resourceGroup, resourceType string, classification inventory.AssetClassification, assetChan chan<- inventory.AssetEvent) {
 	f.logger.Infof("Fetching %s", resourceName)
 	defer f.logger.Infof("Fetching %s - Finished", resourceName)
 
@@ -91,7 +92,8 @@ func (f *resourceGraphFetcher) fetch(ctx context.Context, resourceName, resource
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   item.TenantId,
-				ServiceName: "Azure",
+				ProjectID:   item.SubscriptionId,
+				ServiceName: serviceName,
 			}),
 			inventory.WithLabelsFromAny(item.Tags),
 		)

@@ -69,7 +69,7 @@ func TestResourceGraphFetcher_Fetch(t *testing.T) {
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   "<tenant id>",
-				ServiceName: "Azure",
+				ServiceName: "Azure App Services",
 			}),
 		),
 		inventory.NewAssetEvent(
@@ -80,7 +80,7 @@ func TestResourceGraphFetcher_Fetch(t *testing.T) {
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   "<tenant id>",
-				ServiceName: "Azure",
+				ServiceName: "Azure Storage",
 			}),
 		),
 		inventory.NewAssetEvent(
@@ -91,7 +91,7 @@ func TestResourceGraphFetcher_Fetch(t *testing.T) {
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
 				AccountID:   "<tenant id>",
-				ServiceName: "Azure",
+				ServiceName: "Azure Virtual Machines",
 			}),
 			inventory.WithHost(inventory.Host{
 				ID:   vm.Id,

@@ -28,7 +28,7 @@ import (
 
 type storageFetcher struct {
 	logger   *clog.Logger
-	tenantID string //nolint:unused
+	tenantID string
 	provider storageProvider
 }
 
@@ -120,8 +120,9 @@ func (f *storageFetcher) fetch(ctx context.Context, storageAccounts []azurelib.A
 			inventory.WithRawAsset(item),
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
-				AccountID:   item.TenantId,
-				ServiceName: "Azure",
+				AccountID:   pickName(item.TenantId, f.tenantID),
+				ServiceName: "Azure Storage",
+				ProjectID:   item.SubscriptionId,
 			}),
 			inventory.WithLabelsFromAny(item.Tags),
 		)

@@ -85,7 +85,8 @@ func TestStorageFetcher_Fetch(t *testing.T) {
 			inventory.WithRawAsset(azureBlobContainer),
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
-				ServiceName: "Azure",
+				AccountID:   "<tenant id>",
+				ServiceName: "Azure Storage",
 			}),
 		),
 		inventory.NewAssetEvent(
@@ -95,7 +96,8 @@ func TestStorageFetcher_Fetch(t *testing.T) {
 			inventory.WithRawAsset(azureBlobService),
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
-				ServiceName: "Azure",
+				AccountID:   "<tenant id>",
+				ServiceName: "Azure Storage",
 			}),
 		),
 		inventory.NewAssetEvent(
@@ -105,7 +107,8 @@ func TestStorageFetcher_Fetch(t *testing.T) {
 			inventory.WithRawAsset(azureFileService),
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
-				ServiceName: "Azure",
+				AccountID:   "<tenant id>",
+				ServiceName: "Azure Storage",
 			}),
 		),
 		inventory.NewAssetEvent(
@@ -115,7 +118,8 @@ func TestStorageFetcher_Fetch(t *testing.T) {
 			inventory.WithRawAsset(azureFileShare),
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
-				ServiceName: "Azure",
+				AccountID:   "<tenant id>",
+				ServiceName: "Azure Storage",
 			}),
 		),
 		inventory.NewAssetEvent(
@@ -125,7 +129,8 @@ func TestStorageFetcher_Fetch(t *testing.T) {
 			inventory.WithRawAsset(azureQueueService),
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
-				ServiceName: "Azure",
+				AccountID:   "<tenant id>",
+				ServiceName: "Azure Storage",
 			}),
 		),
 		inventory.NewAssetEvent(
@@ -135,7 +140,8 @@ func TestStorageFetcher_Fetch(t *testing.T) {
 			inventory.WithRawAsset(azureQueue),
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
-				ServiceName: "Azure",
+				AccountID:   "<tenant id>",
+				ServiceName: "Azure Storage",
 			}),
 		),
 		inventory.NewAssetEvent(
@@ -145,7 +151,8 @@ func TestStorageFetcher_Fetch(t *testing.T) {
 			inventory.WithRawAsset(azureTable),
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
-				ServiceName: "Azure",
+				AccountID:   "<tenant id>",
+				ServiceName: "Azure Storage",
 			}),
 		),
 		inventory.NewAssetEvent(
@@ -155,7 +162,8 @@ func TestStorageFetcher_Fetch(t *testing.T) {
 			inventory.WithRawAsset(azureTableService),
 			inventory.WithCloud(inventory.Cloud{
 				Provider:    inventory.AzureCloudProvider,
-				ServiceName: "Azure",
+				AccountID:   "<tenant id>",
+				ServiceName: "Azure Storage",
 			}),
 		),
 	}

@@ -33,7 +33,7 @@ type mysqlAssetEnricher struct {
 func (e mysqlAssetEnricher) Enrich(ctx context.Context, _ cycle.Metadata, assets []inventory.AzureAsset) error {
 	var errAgg error
 	for i, a := range assets {
-		if a.Type != inventory.FlexibleMySQLDBAssetType {
+		if a.Type != inventory.FlexibleMySQLDBServerAssetType {
 			continue
 		}
 

@@ -116,7 +116,7 @@ func mockFlexMysqlTLSVersionConfig(id, tlsVersion string) inventory.AzureAsset {
 		SubscriptionId: "subId",
 		ResourceGroup:  "group",
 		Name:           "tls_version",
-		Type:           inventory.FlexibleMySQLDBAssetType + "/configuration",
+		Type:           inventory.FlexibleMySQLDBServerAssetType + "/configuration",
 		Properties: map[string]any{
 			"name":         "tls_version",
 			"source":       "system-default",
@@ -132,6 +132,6 @@ func mockFlexibleMysqlAsset(id string, name string) inventory.AzureAsset {
 		SubscriptionId: "subId",
 		ResourceGroup:  "group",
 		Name:           name,
-		Type:           inventory.FlexibleMySQLDBAssetType,
+		Type:           inventory.FlexibleMySQLDBServerAssetType,
 	}
 }
@@ -55,8 +55,8 @@ var AzureAssetTypeToTypePair = map[string]typePair{
 	inventory.ClassicStorageAccountAssetType:     {fetching.AzureClassicStorageAccountType, fetching.CloudStorage},
 	inventory.DiskAssetType:                      {fetching.AzureDiskType, fetching.CloudCompute},
 	inventory.DocumentDBDatabaseAccountAssetType: {fetching.AzureDocumentDBDatabaseAccountType, fetching.CloudDatabase},
-	inventory.MySQLDBAssetType:                   {fetching.AzureMySQLDBType, fetching.CloudDatabase},
-	inventory.FlexibleMySQLDBAssetType:           {fetching.AzureFlexibleMySQLDBType, fetching.CloudDatabase},
+	inventory.MySQLDBServerAssetType:             {fetching.AzureMySQLDBType, fetching.CloudDatabase},
+	inventory.FlexibleMySQLDBServerAssetType:     {fetching.AzureFlexibleMySQLDBType, fetching.CloudDatabase},
 	inventory.NetworkWatchersFlowLogAssetType:    {fetching.AzureNetworkWatchersFlowLogType, fetching.MonitoringIdentity},
 	inventory.FlexiblePostgreSQLDBAssetType:      {fetching.AzureFlexiblePostgreSQLDBType, fetching.CloudDatabase},
 	inventory.PostgreSQLDBAssetType:              {fetching.AzurePostgreSQLDBType, fetching.CloudDatabase},

@@ -35,9 +35,9 @@ const (
 	DiskAssetType                        = "microsoft.compute/disks"
 	DocumentDBDatabaseAccountAssetType   = "microsoft.documentdb/databaseaccounts"
 	ElasticPoolAssetType                 = "microsoft.sql/servers/elasticpools"
-	FlexibleMySQLDBAssetType             = "microsoft.dbformysql/flexibleservers"
+	FlexibleMySQLDBServerAssetType       = "microsoft.dbformysql/flexibleservers"
 	FlexiblePostgreSQLDBAssetType        = "microsoft.dbforpostgresql/flexibleservers"
-	MySQLDBAssetType                     = "microsoft.dbformysql/servers"
+	MySQLDBServerAssetType               = "microsoft.dbformysql/servers"
 	MySQLDatabaseAssetType               = "microsoft.sql/servers/databases"
 	NetworkSecurityGroupAssetType        = "microsoft.network/networksecuritygroups"
 	NetworkWatchersAssetType             = "microsoft.network/networkwatchers"