Cloud Scan Workflow
Tenable Cloud Security scans your cloud resources for security compliance and identify violations. When you connect your cloud services, you can select the required virtual private clouds (VPCs).
For a detailed workflow for onboarding cloud accounts, see the following Quick Reference Guides:
For vulnerability scanning, perform an Agentless Assessment.
Before you begin:
-
Perform the steps in Getting Started with Tenable Cloud Security.
To perform a cloud scan:
-
You can connect the following cloud services to Tenable Cloud Security:
-
-
AWS CloudTrail monitors and records account activity across your AWS infrastructure. Integrate AWS CloudTrail with Tenable Cloud Security to get real-time logs and alerts for CloudTrail events resulting from cloud scan.
-
-
-
(Recommended) Configure cloud scan to define the resources to scan and to schedule scan intervals.
-
View the Tenable Cloud Security dashboard to see the analytics for all projects and timelines.
-
Tenable Cloud Security displays failing policies when resources fail to comply with the configured policies.
Tip: You can also view the vulnerability findings for your cloud resources from Tenable Vulnerability Management. For more information, see Cloud Findings. -
Perform workflow actions for the impacted resources. Workflow actions allow organizational users to configure and manage alerting and ticketing.
-
The changes you make to the configuration of any unmapped resource in the cloud account create a cloud-to-cloud drift. An unmapped resource is any resource in the cloud that does not have a matching configuration in IaC. For unmapped resources, your cloud configuration may differ from the previous configuration on the cloud, which creates a cloud-to-cloud drift.
-
The Tenable Cloud Security Reports page displays the compliance reports for all resources.