Automatic security coverage expansion of cloud security posture management (CSPM) assets

The invention claimed is: 1 . A method comprising: crawling application programming interface specifications of one or more cloud service platforms to extract attributes and attribute descriptions and maintaining an association between the extracted attributes and indications of corresponding first cloud resources; for each extracted attribute of the first cloud resources, prompting a language model to classify whether the attribute is relevant to cybersecurity based on the attribute and the corresponding attribute description; filtering out those of the attributes classified as relevant to cybersecurity that have been previously observed for an organization which yields discovered security attributes of the first cloud resources; determining second cloud resources of the organization that lack cloud security coverage based on data of the organization corresponding to usage; determining prioritization for cloud security coverage update among the second cloud resources determined as lacking cloud security coverage and those of the first cloud resources corresponding to the discovered security attributes, wherein the prioritization is based, at least partly, on the usage and vulnerability; and ingesting into a cloud security posture management (CSPM) database metadata of the first and second cloud resources to update the cloud security coverage based on the determined prioritization. 2 . The method of claim 1 , further comprising determining a priority value for each distinct cloud resource of the first and second cloud resources based on weights assigned to factors corresponding to discovery and the organization's data, wherein determining prioritization is based on the priority values. 3 . The method of claim 1 , wherein the organization's data comprise at least one of audit logs, cloud resource usage within the organization, pending ingestion requests, policy author data, and security sensitivity of the discovered attributes. 4 . The method of claim 3 further comprising classifying with a second language model the security sensitivity of each of the discovered attributes. 5 . The method of claim 1 further comprising generating an ingestion template for each of the cloud resources according to the prioritization, wherein generating the ingestion template comprises populating metadata request parameters with first values that identify a source for metadata of the cloud resource, the cloud service platform, and a permission for the request and populating transform parameters with second values that indicate a transform operation to apply to obtained metadata and a command to update the cloud security posture management database with the transformed metadata, wherein ingesting the cloud security posture management database metadata is based on the ingestion templates. 6 . The method of claim 5 further comprising running the ingestion templates on a schedule based, at least in part, on the prioritization. 7 . The method of claim 1 , wherein filtering out those of the attributes classified as relevant to cybersecurity that have been previously observed comprises filtering out those of the cybersecurity relevant attributes that occur in a set of one or more templates for metadata ingestion into the cloud security posture management database, wherein the ingesting the metadata into the cloud security posture management database comprises running the set of templates. 8 . A non-transitory machine-readable medium having program code stored therein, the program code comprising instructions to: extract attributes and attribute descriptions from crawling application programming interface (API) specifications of one or more cloud service platforms and track correspondence between first cloud resources and the extracted attributes; for each extracted attribute of the first cloud resources, prompt a language model to classify whether the attribute is relevant to cybersecurity based on the attribute and the corresponding attribute description; filter out each of the attributes classified as not relevant to cybersecurity and each of the attributes classified as relevant to cybersecurity that has been previously observed for an organization, which yields discovered security attributes of the first cloud resources; determine second cloud resources of the organization that lack cloud security coverage based on data of the organization corresponding to usage; determine prioritization for cloud security coverage update among the second cloud resources and those of the first cloud resources corresponding to the discovered security attributes, wherein the prioritization is based, at least partly, on the usage and vulnerability; and ingest into a cloud security posture management database (CSPM) metadata of the first and second cloud resources to update the cloud security coverage based on the determined prioritization. 9 . The non-transitory machine-readable medium of claim 8 , wherein the program code further comprises instructions to determine a priority value for each distinct cloud resource of the first and second cloud resources based on weights assigned to factors corresponding to discovery and the organization's data, wherein determination of prioritization is based on the priority values. 10 . The non-transitory machine-readable medium of claim 8 , wherein the organization's data comprise at least one of audit logs, cloud resource usage within the organization, pending ingestion requests, policy author data, and security sensitivity of the discovered attributes. 11 . The non-transitory machine-readable medium of claim 10 , wherein the program code further comprises prompting a second language model to classify the security sensitivity of each of the discovered attributes. 12 . The non-transitory machine-readable medium of claim 8 , wherein the program code further comprises instructions to generate an ingestion template for each of the cloud resources according to the prioritization, wherein the instructions to generate the ingestion template comprise instructions to populate metadata request parameters with first values that identify a source for metadata of the cloud resource, the cloud service platform, and a permission for the request, wherein the instructions to ingest the cloud security posture management database metadata comprises commands to run the ingestion templates and update the cloud security posture management database with the transformed metadata produced from running the ingestion templates. 13 . The non-transitory machine-readable medium of claim 12 , wherein the instructions to generate an ingestion template for each cloud resource comprise instructions to populate transform parameters with second values that indicate a transform operation to apply to obtained metadata. 14 . The non-transitory machine-readable medium of claim 8 , wherein the instructions to filter out each of the attributes classified as not relevant to cybersecurity and each of the attributes classified as relevant to cybersecurity that have been previously observed comprise instructions to filter out those of the cybersecurity relevant attributes that occur in a set of one or more templates for metadata ingestion into the cloud security posture management database, wherein the instructions to ingest the metadata into the cloud security posture management database comprise instructions to run the set of templates. 15 . An apparatus comprising: a hardware processor; and a non-transitory machine-readable medium having instructions stored thereon which are executable by the processor to cause the apparatus to, extract