Cloud Scan Workflow

Tenable Cloud Security scans your cloud resources for security compliance and identify violations. When you connect your cloud services, you can select the required virtual private clouds (VPCs).

For a detailed workflow for onboarding cloud accounts, see the following Quick Reference Guides:

Before you begin:

To perform a cloud scan:

  1. Connect your cloud accounts.

    You can connect the following cloud services to Tenable Cloud Security:

  2. (Recommended) Configure and run a cloud scan by defining the resources to scan and scheduling the scan interval.

    You can perform both misconfigurations and vulnerability scans for your cloud accounts. For vulnerability scanning, perform an Agentless Assessment.

  3. View the Tenable Cloud Security dashboard to see the analytics for all projects and timelines.

  4. Analyze the failing policies.

    Tenable Cloud Security displays failing policies when resources fail to comply with the configured policies.

    Tip: You can also view the vulnerability findings for your cloud resources from Tenable Vulnerability Management. For more information, see Vulnerabilities.

  5. Perform workflow actions for the impacted resources. Workflow actions allow organizational users to configure and manage alerting and ticketing.

  6. View cloud to cloud drifts.

    The changes you make to the configuration of any unmapped resource in the cloud account create a cloud-to-cloud drift. An unmapped resource is any resource in the cloud that does not have a matching configuration in IaC. For unmapped resources, your cloud configuration may differ from the previous configuration on the cloud, which creates a cloud-to-cloud drift.

  7. View compliance reports.

    The Tenable Cloud Security Reports page displays the compliance reports for all resources.