Skip to content
SecPod  – Documentation
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO
  • Toggle website search
Search this website
Menu Close
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO
  • Toggle website search
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO

Saner Platform

  • Saner Platform Release Notes
    • Release Notes Saner 6.4.1
    • Release Notes SanerNow 6.4
    • Release Notes SanerNow 6.3.1
    • Release Notes SanerNow 6.3
    • Release Notes SanerNow 6.2.1
    • Release Notes SanerNow 6.2.0.3
    • Release Notes SanerNow 6.2.0.1
    • Release Notes SanerNow 6.2
    • Release Notes SanerNow 6.1.1
    • Release Notes SanerNow 6.1
    • Release Notes SanerNow 6.0
    • Release Notes SanerNow 5.3.1
    • Release Notes SanerNow 5.3
    • Release Notes SanerNow 5.2
    • Release Notes SanerNow 5.1
    • Release Notes SanerNow 5.0
    • Release Notes SanerNow 4.8.0.0
    • Release Notes SanerNow 4.7.0.0
    • Release Notes SanerNow 4.6.0.0
    • Release Notes SanerNow 4.5.0.0
    • Release Notes SanerNow 4.4.0.0
    • Release Notes SanerNow 4.3.0.0
    • Release Notes SanerNow 4.2.2.1
    • Release Notes SanerNow 4.2.2.0
    • Release Notes SanerNow 4.2.1.0
    • Release Notes SanerNow 4.2.0.0
    • Release Notes SanerNow 4.1.1.0
    • Release Notes SanerNow 4.0.0.5
  • Saner Platform Guide
    • Saner Platform Function Guides
    • Saner Device Management User Guide
  • How Tos
    • General
      • How to increase the subscription count for an Account in Saner CVEM
      • How to increment license count for an Organization in Saner CVEM
      • How to provision Saner tools for an Organization
      • How to change subscription type in Saner CVEM
      • How to sign-up with Saner CVEM?
      • How to create a new account in Saner CVEM?
      • How to create a new user in Saner CVEM?
      • How to enable SSO authentication policy in Saner CVEM?
      • How to set alerts in SanerNow?
      • How to view, download and filter the audit logs?
      • How to designate Saner Agent to perform network scan?
      • How to Co-Brand with your logo?
      • How to fetch the details of the mandatory fields from the Okta account?
      • How to create MFA policy for Okta?
      • How to fetch the details of the mandatory fields from the PingID account?
      • How to create MFA policy for PingID?
      • How to fetch the details of the mandatory fields from the PingOne account?
      • How to create MFA policy for PingOne?
      • How to download and install Saner Agent in Mac?
      • How to download and install Saner agent in Linux?
      • How to download and install the Saner agent in Windows?
      • How to update the expiry date of an existing subscription?
      • How to manage users and their preferences using role-based access?
      • How to uninstall SanerNow Agent using SanerNow Offline deployer tool.
      • How to onboard a new organization?
      • How to deploy SanerNow Agent using SanerNow Offline deployer tool.
      • How to install a Saner agent through the command line?
      • How to uninstall the Saner agent through command line?
    • Saner Reports
      • How to configure mail settings to email Report PDF?
      • How to create a custom report in SanerNow?
      • How to schedule for the report back up?
    • Saner Device Management
      • How to create custom groups in Saner CVEM
    • Saner Mail Settings
      • How to create new mail settings in Saner?
      • How to use OAuth-enabled authentication in Saner mail settings
      • How to create OAuth Client ID and Client Secret for Gmail
      • How to create OAuth Client ID and Client Secret for Microsoft 365.
  • FAQs
    • Saner CVEM Technical FAQs
  • Supported OSs and Platforms
    • Operating Systems and Platforms Supported
    • Supported Third-party Applications for Patching

Saner Cloud

  • Before You Begin
    • Glossary of Terms
    • Read me First
  • Get Started
    • Saner Cloud Deployment Guides
      • Azure Onboarding
      • Troubleshooting
      • Get Started with Saner CNAPP AWS Cloud Deployment V1.0
      • Onboarding with AWS Credentials(Least Recommended Method)
      • Onboarding with AWS Role(Manual)
      • Onboarding with AWS Role CloudFormation (Automatic): Recommended
    • Roles and Permissions
      • Roles and Permissions for AWS Remediation Access
      • Roles and Permissions for Azure Onboarding, Detection, and Remediation
  • Learn About
    • Excessive Permission Categories Evaluated Across Different Cloud Services
    • Publicly Accessible Resources
    • Patch Aging and Patch Impact
    • SecPod Default Benchmarks
    • Watchlists
    • Cloud Workload Protection Platform(CWPP)
    • Overview of Report Views in Saner Cloud
    • Whitelisting Resources
    • Saner Plasma AI Assistant for Seamless User Interaction
    • Critical Events to Monitor in AWS
    • High-Privilege Actions in Critical Activity Logs for AWS
    • Audit Logs in Saner Cloud
    • Excessive Permissions
    • Alerts in SanerCloud
  • User Guides
    • Cloud Security Remediation Management(CSRM) User Guide
    • Cloud Infrastructure Entitlement Management(CIEM) User Guide
    • Cloud Security Posture Anomaly(CSPA) User Guide
    • Cloud Security Asset Exposure(CSAE) User Guide
    • Cloud Security Posture Management(CSPM) User Guide
  • Tell Me How
    • How to Configure Automation Rule to Remediate Misconfigurations?
    • How to Manage Report Views at Organization-level in Saner Cloud?
    • How to Get a Cohesive View from Saner Cloud Unified Dashboard?
    • How to Use Tags to Quickly Filter Resources?
    • How to Troubleshoot Issues with Audit Logs?
    • How to Manage Groups and Tags in Saner Cloud?
    • How to Manage Report Views for a User Account in Saner Cloud?
    • How to Troubleshoot or Analyze with Critical Activity Logs?
    • How to Setup Alerts Across SanerCloud Tools?
    • How to Take Action on Alert Notifications from SanerCloud?
    • CIEM
      • How to See the Active Version for an IAM Policy?
      • How to Troubleshoot or Analyze with Critical Activity Logs?
      • How to View by Type and Usage for any Identity in CIEM?
      • How to Get Visibility into Cloud Entitlements?
      • How to Use Evidence to Address Policies with Excessive Permission?
      • How to Know the Excessive Permissions on a Specific Service?
      • How to Visually See the Relationship between Identity, Entitlement, Policy, or Permission?
      • How to Determine if a Policy has Excessive Permission?
      • How to Initiate Patch Remediation from CIEM Dashboard?
    • CSRM
      • How to Configure Automation Rule to Remediate Misconfigurations?
      • How to Create a Patching Task for Items Currently in “Approval Pending” State?
      • How to Evaluate Remediation Effort with Patching Impact Chart?
      • How to Prioritize and Address Older or High-Risk Anomalies with Patch Aging?
      • How to Monitor the Overall Status of the Remediation Job?
      • How do I Get to Know the Regions Impacted by a Specific Rule?
      • How to View the Severity of a Missing Patch Affected by a Rule?
      • How to Address Missing Patches Via Remediation Tasks?
      • How to Quickly Access the Necessary Tool for Remediation and Begin Patching Tasks?
    • CSAE
      • How to Setup Watchlist Configuration for a Resource?
      • How to Identify Outdated Resources for Cleanup?
      • How does Resource Categorization Work in Saner CSAE?
      • How to Identify Resources Exposed to External Network?
      • How to Understand the Resource Footprint Globally Across Various Regions?
      • How to Make Informed Decisions on Your Expenditure based on Resource Usage Graph?
    • CSPM
      • How to Setup Benchmarks in Saner CSPM?
      • How to Use Quick Evaluation Benchmarks?
      • How to Detect Patterns over a Period with Resource Trends?
      • How to Assess System Compliance and Security Posture?
    • CSPA
      • How to Initiate Patch Remediation from CSPA Dashboard?
      • How to Quickly Identify the Detected and Remediated Anomalies for an Account?
      • How to Prioritize Remediation or Fixes based on Confidence Levels?
      • How to Examine the Overall Anomaly Information for Specific Rules or Checks?
      • How to Search and Retrieve Anomaly Data?
      • How to Whitelist Rules or Resources in Cloud Security Scans?
  • Frequently Asked Questions
    • Saner Cloud Technical FAQs
  • Saner Cloud Release Notes
    • Saner Cloud – V.1.1 Release Notes
    • Saner Cloud – V.1.0 Release Notes
  • Security Intelligence for Saner Cloud
    • Infrastructure Entitlement Checks in AWS and Azure
      • Implementing Infrastructure Entitlement Checks in Azure
      • Implementing Infrastructure Entitlement Checks in AWS
    • Posture Anomaly Checks in AWS and Azure
      • Implementing Posture Anomaly Checks in AWS
      • Implementing Posture Anomaly Checks in Azure
    • Benchmark Compliance Rules in AWS and Azure
      • AWS
        • Implementing SecPod Default Rules in AWS
          • Implementing SecPod Global Rules in AWS
          • Implementing SecPod Regional Rules in AWS
        • PCI DSS 3.2.1 Rules in AWS
          • Understand SOC2 Regional Rules in Azure
          • Introduction
          • Understand PCI DSS 3.2.1 Global Rules in AWS
          • Understand PCI DSS 3.2. 1 Regional in AWS
        • CIS 3.0.0 and 4.0.0 Rules in AWS
          • Introduction
          • Understand CIS 3.0.0 Global Rules in AWS
          • Understand CIS 4.0.0 Global Rules in AWS
          • Understand CIS 3.0.0 Regional Rules in AWS
          • Understand CIS 4.0.0 Regional Rules in AWS
        • NIST 800-53 Revision 5 Rules in AWS
          • Introduction
          • Understand NIST 800-53 revision 5 Global Rules in AWS
          • Understand NIST 800-53 revision 5 Regional Rules in AWS
        • SOC
          • Implementing SOC 2 Regional Rules in AWS
          • Implementing SOC 2 Global Rules in AWS
        • Implementing HIPAA HITRUST Rules
          • Implementing HIPAA HITRUST Global Rules in AWS
          • Implementing HIPAA HITRRUST Regional Rules in AWS
      • Azure
        • HIPAA HITRUST Rules in Azure
          • Understand HIPAA HITRUST 14.7.0 Rules in Azure
          • Understand HIPAA HITRUST 14.7.0 Global Rules in Azure
          • Understand HIPAA HITRUST 14.7.0 Regional Rules in Azure
        • PCI DSS Rules in Azure
          • Understand PCI DSS 4.0 Rules in Azure
          • Understand PCI DSS 4.0 Global Rules in Azure
          • Understand PCI DSS 4.0 Regional Rules in Azure
        • SOC Rules in Azure
          • Understand SOC2 Rules in Azure
          • Understand SOC2 Global Rules in Azure
          • Understand SOC2 Regional Rules in Azure
        • CIS Rules in Azure
          • Understand CIS 1.1.0 Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Benchmark Compliance Rules in Azure
          • Understand CIS 1.2.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 2.1.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 2.0.0 Regional Benchmark Compliance Rules in Azure
          • Understand CIS 2.1.0 Regional Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Regional Benchmark Compliance Rules in Azure
        • NIST 800-53 Revision Rules in Azure
          • Understand NIST 800-53 Revision 5 Rules in Azure
          • Understand NIST 800-53 Revision 5 Global Rules in Azure
          • Understand NIST 800-53 Revision 5 Regional Rules in Azure
        • SecPod Rules in Azure
          • Understand SecPod Global Rules in Azure
          • Understand SecPod Regional Rules in Azure
          • Understand SecPod Default Rules in Azure

Saner CVEM

  • Saner CVEM Release Notes
    • Release Notes Saner 6.4.1
    • Release Notes SanerNow 6.4
    • Release Notes SanerNow 6.3.1
    • Release Notes SanerNow 6.3
    • Release Notes SanerNow 6.2.1
    • Release Notes SanerNow 6.2.0.3
    • Release Notes SanerNow 6.2.0.1
    • Release Notes SanerNow 6.2
    • Release Notes SanerNow 6.1.1
    • Release Notes SanerNow 6.1
    • SanerNow Risk Prioritization Launch
    • Release Notes SanerNow 6.0
    • Release Notes SanerNow 5.3.1
    • Release Notes SanerNow 5.3
    • Release Notes SanerNow 5.2
    • Release Notes SanerNow 5.1
    • Release Notes SanerNow 5.0
    • Release Notes SanerNow 4.8.0.0
    • Release Notes SanerNow 4.7.0.0
    • Release Notes SanerNow 4.6.0.0
    • Release Notes SanerNow 4.5.0.0
    • Release Notes SanerNow 4.4.0.0
    • Release Notes SanerNow 4.3.0.0
    • Release Notes SanerNow 4.2.2.1
    • Release Notes SanerNow 4.2.2.0
    • Release Notes SanerNow 4.2.1.0
    • Release Notes SanerNow 4.2.0.0
    • Release Notes SanerNow 4.1.1.0
    • Release Notes SanerNow 4.0.0.5
  • Saner CVEM Guide
    • What’s New in Saner CVEM?
    • Getting Started with Saner CVEM
    • Pre-requisites for Saner CVEM Deployment
    • How does Saner CVEM’s deployment architecture work?
  • Saner CVEM Products
    • Overview of Saner Continuous Vulnerability and Exposure Management
    • Saner CVEM Unified Dashboard User Guide
    • Saner CVEM Asset Exposure User Guide
    • Saner CVEM Continuous Posture Anomaly Management User Guide
    • Data Points IT teams can Fetch from Saner CPAM
    • Posture Anomaly Computation Rules
    • Saner CVEM Vulnerability Management User Guide
    • Saner CVEM Compliance Management User Guide
    • Saner CVEM Risk Prioritization User Guide
    • Saner CVEM Patch Management User Guide
    • Saner CVEM Endpoint Management User Guide
    • Saner CVEM Remote Access User Guide
    • Saner CVEM Network Scanner User Guide
    • Saner CVEM Cyber Hygiene Score User Guide
  • How Tos
    • Saner CPAM
      • How to create new response in PA tool?
      • How to build your own detection and response in PA tool?
      • How to whitelist an entire PA ID?
      • How to configure Posture Anomaly tool for custom detection?
      • How to fix Anomalies from PA dashboard?
      • How to fix anomalies detected in your account from All Anomalies Page?
      • How to fix anomalies from PA Summary page?
      • How to delete PA scan preferences?
      • How to schedule PA Scans on Daily, Weekly, and Monthly basis?
      • How to launch Posture Anomaly scans?
    • Saner AE
      • How to blacklist and whitelist applications in Saner AE?
      • How to manage asset licenses using Saner AE?
      • How to run an asset scan using Saner AE?
    • Saner VM
      • How to automate and schedule vulnerability scans?
      • How to exclude vulnerabilities in Saner VM tool
      • How to manage excluded vulnerabilities in Saner VM?
      • How to remediate vulnerabilities from vulnerability management dashboard?
    • Saner CM
      • How to run a compliance scan?
      • How to custom create a security policy?
      • How to align with PCI security compliance management?
      • How to align with NIST 800-171 security compliance management?
      • How to align with NIST 800-53 security compliance management?
      • How to align with HIPAA security compliance management using Saner CM?
    • Saner PM
      • How to fix firmware in Saner?
      • How to exclude patches in Saner PM?
      • How to manage excluded patches in Saner PM?
      • How to automate patch management in Saner PM?
      • How to roll back patches in Saner PM?
      • How to specify Service Level Agreement (SLA) using Remediation SLA in Saner PM?
      • How to apply missing patches in Saner PM?
      • How to apply the most critical patches in Saner PM?
      • How to perform custom remediation for applications that require paid patches using Saner PM
      • How to check the status of patching activity?
    • Saner EM
      • How to collect all security events from Windows Events Log?
      • How to check password policy set in Windows systems?
      • How to check status of DEP in Windows systems?
      • How to check faulty Anti-Virus (AV) status in Windows systems?
      • How to check for Anti-Virus (AV) status in Windows systems?
      • How to check account lockout policy on Windows systems?
      • How to check if Bit-locker protection is OFF in Windows systems?
      • How to list all inactive users on Windows systems?
      • How to list all guest accounts in Windows systems?
      • How to list all Administrator accounts on Windows systems?
      • How to list last-logon details of users on Windows systems?
      • How to identify all users in Windows systems?
      • How to collect all services that are currently running in Windows systems?
      • How to list all Groups in Windows systems?
      • How to collect all keyboard and pointing devices connected to Windows systems?
      • How to collect all storage devices connected to Windows systems?
      • How to investigate total RAM or CPU threshold (greater than or equal to 80%) in Windows systems?
      • How to collect operating systems information in Windows?
      • How to investigate disks running out of space (<100 MB) in Windows systems?
      • How to collect and investigate disk information on Windows systems?
      • How to collect all installed patches in Windows systems?
      • How to collect all software patches that are hidden in the Windows Update server?
      • How to check the status of Windows Update Server (WSUS/SCCM)?
      • How to collect BIOS information such as serial number, version, manufacturer in Windows systems?
      • How to collect all the important missing patches in Windows systems?
      • How to check wireless security in Linux systems?
      • How to collect mounted disk information on Linux systems?
      • How to check wireless signal quality in Linux systems?
      • How to check all firewall policies on Linux systems?
      • How to collect all Dynamic Host Configuration Protocol (DHCP) information on Linux systems?
      • How to collect DNS information on Linux systems?
      • How to collect ARP entries that are created when a hostname is resolved to an IP address and then to a MAC addressing in Linux?
      • How to check wireless signal quality in Windows systems?
      • How to check wireless security in Windows systems?
      • How to collect all open ports in Windows systems?
      • How to collect all network interfaces in Windows systems?
      • How to investigate DNS cache on Windows systems?
      • How to check all firewall policies on Windows systems?
      • How to collect DNS information on Windows systems?
      • How to collect all the applications with an unknown publisher in Linux systems?
      • How to perform system tuning?
      • How to collect all software licenses in Windows systems?
      • How to identify potentially unwanted programs such as torrent downloaders or unnecessary toolbars running on Windows systems?
      • How to collect a list of applications that are started when you boot your computer?
      • How to collect all the applications with an unknown publisher in Windows systems?
      • How to collect all software licenses in Mac systems?
      • How to collect ARP entries that are created when a hostname is resolved to an IP address and then to a MAC addressing Windows?
      • How to collect all families of operating systems such as Windows, Unix, and macOS?
      • How to collect environment variables set in all operating systems?
      • How to collect all the applications with an unknown publisher in Mac systems?
      • How to delete and quarantine a file?
      • How to start and stop the processes in Saner?
      • How to block blacklisted applications in Saner?
      • How to enable/disable devices in Saner
      • How to manually import devices into Saner?
      • How to deploy software in Saner EM?
      • How to enable and disable firewall settings in Saner AE?
      • How to collect all shared resources on Windows systems?
      • How to collect all Dynamic Host Configuration Protocol (DHCP) information on Windows systems?
      • How to connect to a client machine graphically using Saner Remote Access
  • FAQs
    • Saner CVEM Technical FAQs

Security Intelligence

  • Network Scanner Product Support Matrix
  • Privilege levels for authenticated scans using Saner Network Scanner
  • Overview of Security Content and Intelligence
  • Security Content Statistics
  • Application and OS Remediation Coverage
  • Compliance Benchmark Coverage
  • List of Vulnerability to Exploit/Malware Mapping covered in Saner
  • OVAL Definitions Family-wise Distribution
  • OVAL Definitions Class-wise Distribution
  • OVAL Definitions Platform Coverage
View Categories
  • Home
  • Docs
  • Saner Cloud
  • User Guides
  • Cloud Security Asset Exposure(CSAE) User Guide

Cloud Security Asset Exposure(CSAE) User Guide

Print Friendly, PDF & Email
Manage Asset Exposures Effectively with Saner CSAE

Saner Cloud offers a comprehensive toolset for managing an organization’s assets. The focus on Asset Exposure ensures that IT administrators have full visibility and control, which is crucial for maximizing resource utilization and ensuring compliance through automated audit reports. Additionally, users gain complete visibility of compliant and non-compliant resources across AWS and Azure to prioritize them for remediation based on risk.

The CSAE dashboard provides a quick view into:

1. Service Distribution

2. Resources Distribution

3. Active Resources on Geo Locations

4. Resource Categorization

5. All Resources

6. Resource Type and Service Type Trends over time

7. Total Resources Trends over time

8. Cost and Usage Graph

9. Cost and Usage Breakdown

10. All Outdated Resources

11. Watch Listing Resources

Additionally, administrators can:

12. Run scans to update the dashboard with the current information

13. Take various actions from the view, such as sorting or filtering, searching for keywords, selecting the number of records to view, and exporting the records into a spreadsheet (CSV).

Salient Highlights

AI Assistant Integration

The summarization grid in the various dashboards enables the AI assistant to retrieve responses related to the relevant data.

By clicking the green icon within the summarization grid, the AI assistant dynamically fetches and displays the response in a tooltip within the dashboard.

Real-Time Insights

Provides live data updates after every scan for accurate decision-making on security and resource optimization.

Resource Proportion and Distribution

  • Assess the proportion of each resource type in your cloud infrastructure.
  • Track cloud assets and services across geographical regions to identify resource concentrations and assess their security posture based on location.

Resource Organization

Categorizes resources into various groups: Compute, Application Integration, Databases, Blockchain, Storage, Networking, Cloud Financial Management, etc.

Security and Resource Monitoring

  • Visual indicators highlight “Publicly Accessible” resources with distinct color codes for active and inactive resources.
  • Aids in identifying security risks related to public network interfaces.

Fluctuation and Vulnerability Insights

Track changes in service/resource distributions and monitor remediation efforts for vulnerabilities over time.

Cost and Usage Management

View aggregate costs incurred across services and months in specific environments.

Identification of Outdated Resources

Identify applications or systems relying on deprecated or unsupported versions.

Critical Resource Monitoring

Highlight resources requiring special attention due to higher risks or essential infrastructure roles.

Actionable Dashboard Features

Sort, filter, search for keywords, adjust record views, and export data into CSV files.

Explore the Dashboard Views
ComponentWhat it Conveys?
Service DistributionThe Service Distribution visualization helps assess cloud security posture by displaying the type of resources being used (e.g., virtual servers, instances, databases) and the number of services, categorized by their status (e.g., critical services, services with vulnerabilities, remediated services, and pending services). 

This visualization is presented as a clustered bar stack chart, combining “Resource Type” and “Number of Services” to offer insight into cloud resource usage and service status. The live data in the dashboard block is updated after every scan, ensuring the information is current and accurate for making decisions about security and resource optimization.
 
Users can customize the stack chart visualization by selecting specific services or a combination of services through a drop-down in the dashboard block. Clicking on a specific service type opens the “Details” page, listing all the resources with the corresponding Resource ID, Resource Name, Resource Type, Profile Name, Region Name, and if Publicly Accessible.
 
By following the Resource ID link, users can access additional details such as Cloud Account ID, Cloud Provider, Profile Name, Region Name, Resource Category, Service Type, and a detailed summary covering Reservations, Groups, Instances, and more. This visualization and linked data provide a comprehensive tool for monitoring cloud environments, ensuring informed security decisions and effective resource management.
 
Visual indicators are used to monitor the status of the “Publicly Accessible” resources, indicating if these are properly flagged or monitored. Exposed resources are denoted in orange, while nonexposed resources are marked in grey. This setup helps in quickly identifying which instances are actively utilizing public network interfaces and which ones are not, aiding in security and resource management decisions.
 
Additionally, users can take various actions from the view, such as sorting or filtering, searching for keywords, selecting the number of records to view, and exporting the records into a spreadsheet (CSV).
Resources DistributionResource Distribution Pie chart visually represents the distribution of active resources to help you quickly assess the proportion of each resource type within your cloud infrastructure.
 
Active resources are distributed across the following categories:
— Log Streams
— Log Groups
— Network interfaces
— Rules
— Security Groups
— Stacks
— Virtual private cloud (VPC)
— DB cluster snapshots
-— DB instances
— Keys
— Key pairs
— Total Resources
 
Additionally, users can take various actions in the dashboard block, such as: Applying filters to view specific resources and Exporting the records into a spreadsheet (CSV).
 
The live data in the dashboard block is refreshed after every scan, ensuring that the information remains current and accurate for making decisions about security and resource optimization.
Active Resources on Geo LocationsActive Resources by Geo-location shows active resources on a map, displaying country names, total resources, and total services. This visualization helps to track cloud assets and services across different geographical regions, allowing for the identification of resource concentration and assessment of their security posture based on location.
 
When an instance is associated with a geographical location, it is bound to be used only in that region. During AWS account creation, default quotas are set on the resources on a per-region basis. By monitoring the usage, quotas are automatically raised within each region.
Resource CategorizationResource Categorization organizes resources into different categories such as Compute, Application Integration, Databases, Blockchain, Business Applications, Storage, Networking & Content Delivery, Cloud Financial Management, and more.
When you click on a specific resource category, it opens the “Details” page, which lists all the resources along with their corresponding Resource ID, Resource Name, Resource Type, Service Name, Profile Name, Resource Type, and Resource Category.
 
By following the Resource ID link, users can access additional details such as Cloud Account ID, Cloud Provider, Profile Name, Region Name, Resource Category, Service Type, and a detailed summary covering Reservations, Groups, Instances, and more.
 
Users can also take additional actions from the dashboard block, such as exporting the records into a spreadsheet (CSV) or opening the detailed view of all resource categories using the bi-directional arrow.
 
In the detailed view, users can specify the number of records to display on a page. Additionally, they can create a new Watchlist configuration for the resources. To do this, follow the Watchlist link and complete the following steps:
— Provide the configuration name
— Choose one or more cloud profiles from the multi-select drop-down
— Choose one or more Service Types from the multi-select drop-down
— Choose one or more Regions from the multi-select drop-down where the watchlist must apply
— Determine the reason for watchlisting
— Apply on the current dataset or next cloud scan
— Finally, add to the watchlist configuration list
 
The live data in the dashboard block is refreshed after every scan, ensuring that the information remains current and accurate for decision-making regarding security and resource optimization.
All ResourcesA column view presents all the resources along with their Resource ID, Resource Name, Resource Type, Service Name, Profile Name, Resource Type, and Resource Category. By clicking on the Resource ID link, users can access additional details including Cloud Account ID, Cloud Provider, Profile Name, Region Name, Resource Category, Service Type, and a detailed summary covering Reservations, Groups, Instances, and more.
 
Visual indicators are used to monitor the status of “Publicly Accessible” resources, with exposed resources displayed in orange and nonexposed resources in grey. This setup allows for quick identification of which instances are actively utilizing public network interfaces, aiding in security and resource management decisions.
 
This visualization and linked data provide a comprehensive tool for monitoring cloud environments, ensuring informed security decisions and effective resource management.
 
Users can take various actions from the view, such as sorting or filtering, searching for keywords, selecting the number of records to view, and exporting the records into a spreadsheet (CSV).
Resource Type and Services Type Trends over timeThis graph is presented as a Stacked Area Chart and is designed to track Resource Types (such as Virtual Servers, Instances, Databases, etc.) and Service Types (Critical Services, Vulnerable Services, Remediated Services, Pending Services, etc.) over a 30day time period. This visualization can offer insights into:
— Fluctuations in the distribution of services and resources.
— If remediation efforts are keeping up with vulnerabilities over time.
 
Each color in the stack represents a service type, allowing you to observe the total resources and their distribution in the specified days. The live data in the dashboard block is refreshed after every scan, ensuring that the information remains current and accurate for decision-making regarding security and resource optimization.
 
Users have an additional capability to export the records into a spreadsheet(CSV).
Total Resources Trends over timeThis graph is presented as a Stacked Area Chart and is designed to track the total number of resources across various Virtual Servers, Instances, Databases, etc. over a 30day time period. This visualization offers insights into:
– Fluctuations in the distribution of resources.
– If remediation efforts are keeping up with vulnerabilities over time.
 
Users have an additional capability to export the records into a spreadsheet(CSV).
Cost and usage graphThe cost and usage graph is shown as a stacked bar chart, displaying the expenses for various cloud services each month in USD for a specific environment. Users also have an option to export the records into a CSV spreadsheet.
Cost and usage breakdownA column view presents the aggregate amount incurred over the different months across all the services in a specific environment(profile). Users can take various actions from the view, such as sorting or filtering, searching for keywords, selecting the number of records to view, and exporting the records into a spreadsheet (CSV).
All Outdated ResourcesApplications or systems that depend on deprecated or unsupported versions are commonly known as “Outdated Resources.” If these resources are not maintained properly, they can expose the environment to serious security risks, compliance violations, operational downtime, and data breaches, among other issues.
 
SanerNow offers guidance by executing automated vulnerability scans and displaying outdated resources on a user-friendly dashboard. This enables users to:
a) Identify deprecated or unsupported resources
b) Review and prioritize resources that are no longer in use or are vulnerable
c) Remove unnecessary resources
Watch Listing ResourcesWatchlist resources refer to specific cloud assets or services identified for closer monitoring due to their significance, potential vulnerabilities, or critical role in operations. These resources may require special attention because they could present a higher risk or are part of essential infrastructure that must be continuously monitored.
Watchlist resources can include:
— Critical services or assets with known vulnerabilities.
— Resources flagged for security risks or non-compliance.
— High-value or frequently used resources that are vital to the organization’s operations.
— Pending resources that are awaiting remediation or further action.

Adding resources to a Watchlist enables proactive monitoring and ensures that any changes or risks associated with these critical resources are addressed promptly.

Learn How To

Setup Watchlist Configuration for a Resource?

Overview

Adding resources to a Watchlist enables proactive monitoring and ensures that any changes or risks associated with these critical resources are addressed promptly.

Access Watchlists from Saner Cloud Security

Step 1: Launch Saner CSAE

After you login, select Cloud Security from the landing page. Next, click the App Launcher(on top of the page) and choose CSAE(Cloud Security Asset Exposure).

Step 2: Access Watchlists

Click the Watchlist link on the top-right of the page. The Watchlist Configuration details page opens. Go ahead and click the Create New Watchlist Configuration button to add resources to the watchlist.

Add Resources to the Watchlist

Step 1: Provide a name for the watchlist and choose the cloud profile, service type, and regions from the relevant drop-down menus

Step 2: Enter the reason for creating the watchlist

Step 3: Specify when you want the configuration to take effect by selecting “Current Dataset” or “Next Cloud Scan”

Step 4: Finally, click the “Add to watchlist” button to add your resources to the watchlist

Step 5: [Optional] If you want to start over, click the “Clear configuration” button to clear the fields

View the Configured Watchlists

The configured watchlists display in the Details view.

From the details view you have an option to only delete the watchlist. The system restricts editing a watchlist. You need to create a new watchlist incase you want to update a watchlist.

How to Identify Outdated Resources for Cleanup?

Overview

Utilizing deprecated or unsupported software components can pose security risks as you no longer receive security updates or patches. Saner Cloud offers guidance by executing automated vulnerability scans and displaying outdated resources on a user-friendly dashboard. This enables users to:

a) Identify deprecated or unsupported resources

b) Review and prioritize resources that are no longer in use or are vulnerable

c) Remove unnecessary resources

Step1: Launch Saner CSAE

After you login, select Cloud Security from the landing page. Next, click the App Launcher(on top of the page) and choose CSAE(Cloud Security Asset Exposure).

Step 2: Access the Outdated Resources

Access all the resources that are no longer in use within a region along-with the reason for marking as outdated from the CSAE dashboard. After scanning, Saner CSAE detects and presents the “All Outdated Resources” view, which includes the following information in a column format:

  • Resource ID
  • Resource Name
  • Resource Type
  • Service Type
  • Region
  • Reason

You can review the data to identify resources that are no longer in use and prioritize their cleanup to avoid exposing the environment to security risks.

How does Resource Categorization Work in Saner CSAE?

Overview

Resource categorization is essential for managing large cloud environments effectively. It enhances visibility, helps identify unused or outdated resources, ensures compliance with security standards and policies, and allows for detailed analysis to diagnose issues.

Saner CSAE organizes cloud resources into logical groups and offers guidance to analyze these resources to assess their relevance, configuration, and security posture.

Understand the Available Resource Categories

Resource categories within Saner CSAE include:

Resource CategoriesWhat it Constitutes?
ComputeVirtual machines, containers, or serverless functions
Application IntegrationServices like messaging queues, integration tools, and event-driven architectures (e.g., AWS SQS, SNS, Step Functions)
BlockchainAPI calls and resource actions
Business ApplicationsERP systems, CRM tools, financial platforms, eCommerce sites
Networking & Content DeliveryNetwork interfaces, load balancers, VPCs, and security groups.
Cloud Financial ManagementPayment processing, transaction database management, resource cost optimization, data security compliance, and access management
DatabasesManaged database services (e.g., AWS RDS, Azure SQL, BigQuery).
StorageObject storage (e.g., AWS S3, Azure Blob) and block storage (e.g., EBS)
Developer ToolsSource code repositories, artifact storage security, pipeline IAM optimization, outdated developer environments, unused CI/CD resources
End User ComputingVirtual desktops, file storage, snapshots/backups, virtual applications
Front-end Web & Mobile
S3 Buckets / Storage, APIs, CDNs (CloudFront, etc.), Serverless Functions, CI/CD Pipelines, IAM Roles
Internet of ThingsIoT Endpoints, Cloud Storage, APIs, Outdated Firmware, Serverless Functions, IAM Roles
Machine LearningStorage buckets, Compute Instances, Model Endpoints, Pipelines, IAM Roles, Outdated Libraries
AnalyticsPublic Data Lake Exposure, Idle Redshift Clusters, Exposed Tableau Dashboards, Unsecured Data Pipelines, Excessive IAM Permissions
Security, Identity, & ComplianceIAM Roles & Policies, Security Groups, Public Resources, Encryption, Compliance, Inactive Accounts, Logs & Monitoring
Management and GovernanceLogging services, alarms, IAM policies, and monitoring
Media ServicesMedia storage, CDNs, DRM and Encryption, Media APIs, Transcoding Jobs, Streaming Services
Migration & TransferData transfer services, IAM Roles, Staging Buckets, Virtual Machines, Firewalls and Security Groups, Databases
Quantum TechnologiesQuantum Workloads, Quantum Cryptography, Quantum APIs, Quantum Communication Channels, Orphaned Quantum Jobs, Hybrid Quantum-Classical Systems
RoboticsControl Systems, Sensor Data Storage, Fleet Management, Simulation Environments, APIs for Robotic Systems, AI/ML Models
SatelliteSatellite Control Systems, Satellite Data Storage, Ground Station Infrastructure, Real-time Data Streams, APIs for Satellite Operations, Orphaned Resources
OthersAs applicable
Drill-down on Specific Resource Category

Click on a specific resource category to open the detailed page that lists all the resources along with their corresponding details.

Resource DetailsDescription
Resource IDUnique identifier for the resource (e.g., arn for AWS resources)
Resource NameName of the cloud resource
Service NameName of the cloud service (e.g., EC2, S3, and so on)
Resource TypeSpecifies the kind of resource (e.g., Network Interface, Log Stream, and so on)
Resource CategoryGroup to which the resource belongs

The live data in the page refreshes after every scan, ensuring that the information remains current and accurate for decision-making regarding security and resource optimization.

Drill-down into Individual Resources for Analysis

By following the Resource ID link, users can access additional details and Summary for further analysis.

Additional Resource DetailsDescription
Cloud Account IDThe Id assigned to a cloud account within an organization
Cloud ProviderSpecifies the platform (AWS and Azure)
Region NameGeographical location of the resource (e.g., us-west-2, us-east-1)
Resource CategoryGroup to which the resource belongs to. For example, Networking and Content Delivery
Service TypeCategory of resources. Common service types include:
Infrastructure Services: Servers, storage, networks (e.g., AWS EC2, Azure VM)
Platform Services: Databases, middleware, runtime environments (e.g., AWS)
Application Services: Web apps, APIs, email services (e.g., Office 365, SAP)
Security Services: Firewalls, intrusion detection, encryption tools (e.g., Palo Alto, Fortinet)
SummaryUsers can do a detailed analysis with extended information
Switch Between Standard and Json Views

Within a specific Resource, you have an option to toggle between the Standard and Json views by clicking the appropriate buttons within the individual resources details view.

Search and Access Categories

From the “Resources by Category” section under the Categorization tab, use the search bar to quickly locate specific resources or categories based on keywords. Just key in your search criteria, expand the desired category to view its resources, and drill-down into individual resources to analyse the security posture, usage, or outdated components.

Perform More Actions

Users can also take additional actions from the dashboard block, such as exporting the records into a spreadsheet (CSV) or using the bi-directional arrow to open the sub-categories pertaining to the resource.

In the detailed view, users also have an option to specify the number of records to display on a page.

How to Understand the Resource Footprint Globally Across Various Regions

Overview

Active Resources by Geo-location shows active resources on a map, displaying country names, total resources, and total services. This visualization helps to track cloud assets and services across different geographical regions, allowing for the identification of resource concentration and assessment of their security posture based on location.
 
When an instance is associated with a geographical location, it is bound to be used only in that region. During AWS account creation, default quotas are set on the resources on a per-region basis. By monitoring the usage, quotas are automatically raised within each region.

Access the Active Resources on GeoLocations

Step 1: Launch Saner CSAE

Step 2: Go straight to the “Active Resources on Geo-location” block on the dashboard.

Track cloud assets and services across different geographical regions; additionally identify the resource concentration and assessment of their security posture based on location.

How to Identify Resources Exposed to External Network?

Overview

You can quickly identify which resources are actively utilizing the public network interfaces and which ones are not, aiding in security and resource management decisions. These resources can include databases, storage buckets, or compute instances.

Identify the Publicly Accessible Resources

Step 1: Launch Saner CSAE

Step 2: Go straight to the “All Resources” block on the dashboard

Step3: Look into the “Publicly Accessible” column.

Observe the resources that need attention are flagged in orange, and those that comply with specifications are in grey making it easy for identification.

Step3: Click on the resources highlighted in orange to learn more about why they are marked as public. You can switch between the Standard and JSON views by clicking the corresponding buttons in the individual resource details view.

How to Make Informed Decisions on Your Expenditure based on Resource Usage Graph?

Overview

You can quickly gain insight into the expenses for various cloud services each month in USD for a specific environment.

Analyze Your Expenditure

Step 1: Launch Saner CSAE

Step 2: Go straight to the “Cost and Usage Graph” block on the dashboard

Step 3: View the breakdown of resource usage across different months. Alternatively, from the CSV spreadsheet, select the values for the preferred resources and months to analyse the total expenditure.

Commonly Asked Questions
How does Saner Cloud help me track resource usage?

The system allows users to track resource usage per region and automatically adjusts quotas based on usage. During AWS account creation, default quotas are set on the resources on a per-region basis. By monitoring the usage, quotas are automatically raised within each region.

I want to know how flexible is the CSAE dashboard in terms of customizing the data I see?

Users can customize the stack chart visualizations by selecting a single service or a combination of services from the drop-down menu to create tailored views. This customization helps in focusing on specific resources or services that require more attention.

Additionally, you can also apply customizations to:

• Filter by specific resource types (e.g., Virtual Servers, Databases)

• Visualize resources on a map, broken down by regions or countries

I need to prioritize security actions for my critical assets and services. Which components in the CSAE dashboard helps me do this?

The CSAE dashboard includes Service weightage metrics such as Resource Type and Number of Services, allowing users to quickly identify critical services and those with known vulnerabilities. This helps in prioritizing security actions for high-risk assets.

I want to avoid unnecessary exposure from resources exposed to public network. Is there a way to identify these publicly accessible cloud resources?

You can utilize the CSAE dashboard to identify which resources are truly accessible from the external network. Resources that need attention are flagged with green, and those that comply with specifications are in red making it easy to identify which instances are actively using public network interfaces.

I want to have a quick view of resources that are obsolete. Where can I find it in Saner CSAE?

Access all the Outdated resources within a region along-with the reason for marking as outdated from the CSAE dashboard.

I want to do an in-depth analysis of specific types of resources. How does Saner CSAE fulfil this need?

CSAE categorizes resources into groups like Compute, Databases, Networking, etc. Clicking on a resource category opens a detailed page that includes information such as Resource ID, Service Name, Cloud Provider, Profile Name, and more.

For specific analysis, users can drill down into each resource for a detailed summary, which includes reservations, groups, and instances.

I want to closely monitor my high-value/high-usage critical assets/services and quickly address any risks or changes associated to these. Is there a way to do it in Saner CSAE?

The Watchlist Dashboard allows users to monitor the resources in the watchlist and set tighter security controls for the assets on the watchlist. For instance, additional monitoring rules or access restrictions can be implemented to ensure that these critical assets have the highest level of protection.

I want to make informed decisions on my expenditure based on complete and current information or resource usage in the last 3months. How does Saner CSAE enable me to do this?

You can directly view the breakdown of resource usage across different months from the “Cost and Usage” dashboard block.
Alternatively, from the CSV spreadsheet, you can select the values for the preferred resources and months to analyse the total expenditure.

I’d like to gain visibility of all resources from a single source. How can I do that from Saner CSAE?

Review the detailed configuration (such as network interfaces, security groups, and virtual private clouds) via the resource details page.

A column view presents all the resources along with their Resource ID, Resource Name, Resource Type, Service Name, Profile Name, Resource Type, and Resource Category. By clicking on the Resource ID link, users can access additional details including Cloud Account ID, Cloud Provider, Profile Name, Region Name, Resource Category, Service Type, and a detailed summary covering Reservations, Groups, Instances, and more.

Just click on the specific country or region on the Geo-location map to get a quick summary or detailed information about the resources and services deployed there..

I want to know how Saner CSAE can address resource optimization to eliminate waste and redundancy?

• The centralized view of active resources across geo-locations provides a clearer overall security posture without redundant entries

• Resource categorization (e.g., Compute, Databases, Networking) removes confusion or redundancy

• Active/Non-active flags(Green/Red) aids in removing redundant resources no longer in use

I want to identify deviations or anomalies in resource usage patterns over time. How does SanerCSAE help me do this?

From the Resource and Service Type Trends Chart on the CSAE dashboard, detect and analyze resource and usage patterns over time. This visualization helps you identify unusual fluctuations in the distribution of services and resources affecting cloud assets

I ‘d like understand the resource and service footprint globally across various regions? How is this possible from Saner CSAE?

You can gain geographical insights into cloud resources or services across various geo-locations.

Active Resources by Geo-location shows active resources on a map, displaying country names, total resources, and total services. This visualization helps to track cloud assets and services across different geographical regions, allowing for the identification of resource concentration and assessment of their security posture based on location.

When an instance is associated with a geographical location, it is bound to be used only in that region. During AWS account creation, default quotas are set on the resources on a per-region basis. By monitoring the usage, quotas are automatically raised within each region.

How often is the CSAE dashboard updated?

Data in the dashboard is automatically updated each time the scheduled scan runs. If you want to start a scan on-demand, then turn on the scan to see the latest data in your dashboard view.

Does the product automatically categorize resources on Cloud? Can I create my own category of services?

Using watchlists, one can mark resource type/service type/specific resource to monitor. On the other hand, using the tagging feature helps categorize, identify or provide a filtered view of your resources across the product.

Share This Article :
  • X
  • LinkedIn
Still stuck? How can we help?

Saner Documentation Feedback

Cloud Security Posture Anomaly(CSPA) User GuideCloud Security Posture Management(CSPM) User Guide
Table of Contents
  • Setup Watchlist Configuration for a Resource?
  • How to Identify Outdated Resources for Cleanup?
  • How does Resource Categorization Work in Saner CSAE?
  • How to Understand the Resource Footprint Globally Across Various Regions
  • How to Identify Resources Exposed to External Network?
  • How to Make Informed Decisions on Your Expenditure based on Resource Usage Graph?
Copyright 2025 - SecPod. All Rights Reserved. Privacy Policy.
SanerNow Version 6.3.x