Skip to content
SecPod  – Documentation
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO
  • Toggle website search
Search this website
Menu Close
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO
  • Toggle website search
  • Docs Home
  • Categories
    • Saner Platform
    • Saner Cloud
    • Saner CVEM
    • Security Intelligence
  • More
    • About SecPod
    • Blog
    • Security & Privacy
    • Support Center
    • Resources
  • SCHEDULE A DEMO

Saner Platform

  • Saner Platform Release Notes
    • Release Notes Saner 6.4.1
    • Release Notes SanerNow 6.4
    • Release Notes SanerNow 6.3.1
    • Release Notes SanerNow 6.3
    • Release Notes SanerNow 6.2.1
    • Release Notes SanerNow 6.2.0.3
    • Release Notes SanerNow 6.2.0.1
    • Release Notes SanerNow 6.2
    • Release Notes SanerNow 6.1.1
    • Release Notes SanerNow 6.1
    • Release Notes SanerNow 6.0
    • Release Notes SanerNow 5.3.1
    • Release Notes SanerNow 5.3
    • Release Notes SanerNow 5.2
    • Release Notes SanerNow 5.1
    • Release Notes SanerNow 5.0
    • Release Notes SanerNow 4.8.0.0
    • Release Notes SanerNow 4.7.0.0
    • Release Notes SanerNow 4.6.0.0
    • Release Notes SanerNow 4.5.0.0
    • Release Notes SanerNow 4.4.0.0
    • Release Notes SanerNow 4.3.0.0
    • Release Notes SanerNow 4.2.2.1
    • Release Notes SanerNow 4.2.2.0
    • Release Notes SanerNow 4.2.1.0
    • Release Notes SanerNow 4.2.0.0
    • Release Notes SanerNow 4.1.1.0
    • Release Notes SanerNow 4.0.0.5
  • Saner Platform Guide
    • Saner Platform Function Guides
    • Saner Device Management User Guide
  • How Tos
    • General
      • How to increase the subscription count for an Account in Saner CVEM
      • How to increment license count for an Organization in Saner CVEM
      • How to provision Saner tools for an Organization
      • How to change subscription type in Saner CVEM
      • How to sign-up with Saner CVEM?
      • How to create a new account in Saner CVEM?
      • How to create a new user in Saner CVEM?
      • How to enable SSO authentication policy in Saner CVEM?
      • How to set alerts in SanerNow?
      • How to view, download and filter the audit logs?
      • How to designate Saner Agent to perform network scan?
      • How to Co-Brand with your logo?
      • How to fetch the details of the mandatory fields from the Okta account?
      • How to create MFA policy for Okta?
      • How to fetch the details of the mandatory fields from the PingID account?
      • How to create MFA policy for PingID?
      • How to fetch the details of the mandatory fields from the PingOne account?
      • How to create MFA policy for PingOne?
      • How to download and install Saner Agent in Mac?
      • How to download and install Saner agent in Linux?
      • How to download and install the Saner agent in Windows?
      • How to update the expiry date of an existing subscription?
      • How to manage users and their preferences using role-based access?
      • How to uninstall SanerNow Agent using SanerNow Offline deployer tool.
      • How to onboard a new organization?
      • How to deploy SanerNow Agent using SanerNow Offline deployer tool.
      • How to install a Saner agent through the command line?
      • How to uninstall the Saner agent through command line?
    • Saner Reports
      • How to configure mail settings to email Report PDF?
      • How to create a custom report in SanerNow?
      • How to schedule for the report back up?
    • Saner Device Management
      • How to create custom groups in Saner CVEM
    • Saner Mail Settings
      • How to create new mail settings in Saner?
      • How to use OAuth-enabled authentication in Saner mail settings
      • How to create OAuth Client ID and Client Secret for Gmail
      • How to create OAuth Client ID and Client Secret for Microsoft 365.
  • FAQs
    • Saner CVEM Technical FAQs
  • Supported OSs and Platforms
    • Operating Systems and Platforms Supported
    • Supported Third-party Applications for Patching

Saner Cloud

  • Before You Begin
    • Glossary of Terms
    • Read me First
  • Get Started
    • Saner Cloud Deployment Guides
      • Azure Onboarding
      • Troubleshooting
      • Get Started with Saner CNAPP AWS Cloud Deployment V1.0
      • Onboarding with AWS Credentials(Least Recommended Method)
      • Onboarding with AWS Role(Manual)
      • Onboarding with AWS Role CloudFormation (Automatic): Recommended
    • Roles and Permissions
      • Roles and Permissions for AWS Remediation Access
      • Roles and Permissions for Azure Onboarding, Detection, and Remediation
  • Learn About
    • Excessive Permission Categories Evaluated Across Different Cloud Services
    • Publicly Accessible Resources
    • Patch Aging and Patch Impact
    • SecPod Default Benchmarks
    • Watchlists
    • Cloud Workload Protection Platform(CWPP)
    • Overview of Report Views in Saner Cloud
    • Whitelisting Resources
    • Saner Plasma AI Assistant for Seamless User Interaction
    • Critical Events to Monitor in AWS
    • High-Privilege Actions in Critical Activity Logs for AWS
    • Audit Logs in Saner Cloud
    • Excessive Permissions
    • Alerts in SanerCloud
  • User Guides
    • Cloud Security Remediation Management(CSRM) User Guide
    • Cloud Infrastructure Entitlement Management(CIEM) User Guide
    • Cloud Security Posture Anomaly(CSPA) User Guide
    • Cloud Security Asset Exposure(CSAE) User Guide
    • Cloud Security Posture Management(CSPM) User Guide
  • Tell Me How
    • How to Configure Automation Rule to Remediate Misconfigurations?
    • How to Manage Report Views at Organization-level in Saner Cloud?
    • How to Get a Cohesive View from Saner Cloud Unified Dashboard?
    • How to Use Tags to Quickly Filter Resources?
    • How to Troubleshoot Issues with Audit Logs?
    • How to Manage Groups and Tags in Saner Cloud?
    • How to Manage Report Views for a User Account in Saner Cloud?
    • How to Troubleshoot or Analyze with Critical Activity Logs?
    • How to Setup Alerts Across SanerCloud Tools?
    • How to Take Action on Alert Notifications from SanerCloud?
    • CIEM
      • How to See the Active Version for an IAM Policy?
      • How to Troubleshoot or Analyze with Critical Activity Logs?
      • How to View by Type and Usage for any Identity in CIEM?
      • How to Get Visibility into Cloud Entitlements?
      • How to Use Evidence to Address Policies with Excessive Permission?
      • How to Know the Excessive Permissions on a Specific Service?
      • How to Visually See the Relationship between Identity, Entitlement, Policy, or Permission?
      • How to Determine if a Policy has Excessive Permission?
      • How to Initiate Patch Remediation from CIEM Dashboard?
    • CSRM
      • How to Configure Automation Rule to Remediate Misconfigurations?
      • How to Create a Patching Task for Items Currently in “Approval Pending” State?
      • How to Evaluate Remediation Effort with Patching Impact Chart?
      • How to Prioritize and Address Older or High-Risk Anomalies with Patch Aging?
      • How to Monitor the Overall Status of the Remediation Job?
      • How do I Get to Know the Regions Impacted by a Specific Rule?
      • How to View the Severity of a Missing Patch Affected by a Rule?
      • How to Address Missing Patches Via Remediation Tasks?
      • How to Quickly Access the Necessary Tool for Remediation and Begin Patching Tasks?
    • CSAE
      • How to Setup Watchlist Configuration for a Resource?
      • How to Identify Outdated Resources for Cleanup?
      • How does Resource Categorization Work in Saner CSAE?
      • How to Identify Resources Exposed to External Network?
      • How to Understand the Resource Footprint Globally Across Various Regions?
      • How to Make Informed Decisions on Your Expenditure based on Resource Usage Graph?
    • CSPM
      • How to Setup Benchmarks in Saner CSPM?
      • How to Use Quick Evaluation Benchmarks?
      • How to Detect Patterns over a Period with Resource Trends?
      • How to Assess System Compliance and Security Posture?
    • CSPA
      • How to Initiate Patch Remediation from CSPA Dashboard?
      • How to Quickly Identify the Detected and Remediated Anomalies for an Account?
      • How to Prioritize Remediation or Fixes based on Confidence Levels?
      • How to Examine the Overall Anomaly Information for Specific Rules or Checks?
      • How to Search and Retrieve Anomaly Data?
      • How to Whitelist Rules or Resources in Cloud Security Scans?
  • Frequently Asked Questions
    • Saner Cloud Technical FAQs
  • Saner Cloud Release Notes
    • Saner Cloud – V.1.1 Release Notes
    • Saner Cloud – V.1.0 Release Notes
  • Security Intelligence for Saner Cloud
    • Infrastructure Entitlement Checks in AWS and Azure
      • Implementing Infrastructure Entitlement Checks in Azure
      • Implementing Infrastructure Entitlement Checks in AWS
    • Posture Anomaly Checks in AWS and Azure
      • Implementing Posture Anomaly Checks in AWS
      • Implementing Posture Anomaly Checks in Azure
    • Benchmark Compliance Rules in AWS and Azure
      • AWS
        • Implementing SecPod Default Rules in AWS
          • Implementing SecPod Global Rules in AWS
          • Implementing SecPod Regional Rules in AWS
        • PCI DSS 3.2.1 Rules in AWS
          • Understand SOC2 Regional Rules in Azure
          • Introduction
          • Understand PCI DSS 3.2.1 Global Rules in AWS
          • Understand PCI DSS 3.2. 1 Regional in AWS
        • CIS 3.0.0 and 4.0.0 Rules in AWS
          • Introduction
          • Understand CIS 3.0.0 Global Rules in AWS
          • Understand CIS 4.0.0 Global Rules in AWS
          • Understand CIS 3.0.0 Regional Rules in AWS
          • Understand CIS 4.0.0 Regional Rules in AWS
        • NIST 800-53 Revision 5 Rules in AWS
          • Introduction
          • Understand NIST 800-53 revision 5 Global Rules in AWS
          • Understand NIST 800-53 revision 5 Regional Rules in AWS
        • SOC
          • Implementing SOC 2 Regional Rules in AWS
          • Implementing SOC 2 Global Rules in AWS
        • Implementing HIPAA HITRUST Rules
          • Implementing HIPAA HITRUST Global Rules in AWS
          • Implementing HIPAA HITRRUST Regional Rules in AWS
      • Azure
        • HIPAA HITRUST Rules in Azure
          • Understand HIPAA HITRUST 14.7.0 Rules in Azure
          • Understand HIPAA HITRUST 14.7.0 Global Rules in Azure
          • Understand HIPAA HITRUST 14.7.0 Regional Rules in Azure
        • PCI DSS Rules in Azure
          • Understand PCI DSS 4.0 Rules in Azure
          • Understand PCI DSS 4.0 Global Rules in Azure
          • Understand PCI DSS 4.0 Regional Rules in Azure
        • SOC Rules in Azure
          • Understand SOC2 Rules in Azure
          • Understand SOC2 Global Rules in Azure
          • Understand SOC2 Regional Rules in Azure
        • CIS Rules in Azure
          • Understand CIS 1.1.0 Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Benchmark Compliance Rules in Azure
          • Understand CIS 1.2.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 2.1.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Global Benchmark Compliance Rules in Azure
          • Understand CIS 2.0.0 Regional Benchmark Compliance Rules in Azure
          • Understand CIS 2.1.0 Regional Benchmark Compliance Rules in Azure
          • Understand CIS 3.0.0 Regional Benchmark Compliance Rules in Azure
        • NIST 800-53 Revision Rules in Azure
          • Understand NIST 800-53 Revision 5 Rules in Azure
          • Understand NIST 800-53 Revision 5 Global Rules in Azure
          • Understand NIST 800-53 Revision 5 Regional Rules in Azure
        • SecPod Rules in Azure
          • Understand SecPod Global Rules in Azure
          • Understand SecPod Regional Rules in Azure
          • Understand SecPod Default Rules in Azure

Saner CVEM

  • Saner CVEM Release Notes
    • Release Notes Saner 6.4.1
    • Release Notes SanerNow 6.4
    • Release Notes SanerNow 6.3.1
    • Release Notes SanerNow 6.3
    • Release Notes SanerNow 6.2.1
    • Release Notes SanerNow 6.2.0.3
    • Release Notes SanerNow 6.2.0.1
    • Release Notes SanerNow 6.2
    • Release Notes SanerNow 6.1.1
    • Release Notes SanerNow 6.1
    • SanerNow Risk Prioritization Launch
    • Release Notes SanerNow 6.0
    • Release Notes SanerNow 5.3.1
    • Release Notes SanerNow 5.3
    • Release Notes SanerNow 5.2
    • Release Notes SanerNow 5.1
    • Release Notes SanerNow 5.0
    • Release Notes SanerNow 4.8.0.0
    • Release Notes SanerNow 4.7.0.0
    • Release Notes SanerNow 4.6.0.0
    • Release Notes SanerNow 4.5.0.0
    • Release Notes SanerNow 4.4.0.0
    • Release Notes SanerNow 4.3.0.0
    • Release Notes SanerNow 4.2.2.1
    • Release Notes SanerNow 4.2.2.0
    • Release Notes SanerNow 4.2.1.0
    • Release Notes SanerNow 4.2.0.0
    • Release Notes SanerNow 4.1.1.0
    • Release Notes SanerNow 4.0.0.5
  • Saner CVEM Guide
    • What’s New in Saner CVEM?
    • Getting Started with Saner CVEM
    • Pre-requisites for Saner CVEM Deployment
    • How does Saner CVEM’s deployment architecture work?
  • Saner CVEM Products
    • Overview of Saner Continuous Vulnerability and Exposure Management
    • Saner CVEM Unified Dashboard User Guide
    • Saner CVEM Asset Exposure User Guide
    • Saner CVEM Continuous Posture Anomaly Management User Guide
    • Data Points IT teams can Fetch from Saner CPAM
    • Posture Anomaly Computation Rules
    • Saner CVEM Vulnerability Management User Guide
    • Saner CVEM Compliance Management User Guide
    • Saner CVEM Risk Prioritization User Guide
    • Saner CVEM Patch Management User Guide
    • Saner CVEM Endpoint Management User Guide
    • Saner CVEM Remote Access User Guide
    • Saner CVEM Network Scanner User Guide
    • Saner CVEM Cyber Hygiene Score User Guide
  • How Tos
    • Saner CPAM
      • How to create new response in PA tool?
      • How to build your own detection and response in PA tool?
      • How to whitelist an entire PA ID?
      • How to configure Posture Anomaly tool for custom detection?
      • How to fix Anomalies from PA dashboard?
      • How to fix anomalies detected in your account from All Anomalies Page?
      • How to fix anomalies from PA Summary page?
      • How to delete PA scan preferences?
      • How to schedule PA Scans on Daily, Weekly, and Monthly basis?
      • How to launch Posture Anomaly scans?
    • Saner AE
      • How to blacklist and whitelist applications in Saner AE?
      • How to manage asset licenses using Saner AE?
      • How to run an asset scan using Saner AE?
    • Saner VM
      • How to automate and schedule vulnerability scans?
      • How to exclude vulnerabilities in Saner VM tool
      • How to manage excluded vulnerabilities in Saner VM?
      • How to remediate vulnerabilities from vulnerability management dashboard?
    • Saner CM
      • How to run a compliance scan?
      • How to custom create a security policy?
      • How to align with PCI security compliance management?
      • How to align with NIST 800-171 security compliance management?
      • How to align with NIST 800-53 security compliance management?
      • How to align with HIPAA security compliance management using Saner CM?
    • Saner PM
      • How to fix firmware in Saner?
      • How to exclude patches in Saner PM?
      • How to manage excluded patches in Saner PM?
      • How to automate patch management in Saner PM?
      • How to roll back patches in Saner PM?
      • How to specify Service Level Agreement (SLA) using Remediation SLA in Saner PM?
      • How to apply missing patches in Saner PM?
      • How to apply the most critical patches in Saner PM?
      • How to perform custom remediation for applications that require paid patches using Saner PM
      • How to check the status of patching activity?
    • Saner EM
      • How to collect all security events from Windows Events Log?
      • How to check password policy set in Windows systems?
      • How to check status of DEP in Windows systems?
      • How to check faulty Anti-Virus (AV) status in Windows systems?
      • How to check for Anti-Virus (AV) status in Windows systems?
      • How to check account lockout policy on Windows systems?
      • How to check if Bit-locker protection is OFF in Windows systems?
      • How to list all inactive users on Windows systems?
      • How to list all guest accounts in Windows systems?
      • How to list all Administrator accounts on Windows systems?
      • How to list last-logon details of users on Windows systems?
      • How to identify all users in Windows systems?
      • How to collect all services that are currently running in Windows systems?
      • How to list all Groups in Windows systems?
      • How to collect all keyboard and pointing devices connected to Windows systems?
      • How to collect all storage devices connected to Windows systems?
      • How to investigate total RAM or CPU threshold (greater than or equal to 80%) in Windows systems?
      • How to collect operating systems information in Windows?
      • How to investigate disks running out of space (<100 MB) in Windows systems?
      • How to collect and investigate disk information on Windows systems?
      • How to collect all installed patches in Windows systems?
      • How to collect all software patches that are hidden in the Windows Update server?
      • How to check the status of Windows Update Server (WSUS/SCCM)?
      • How to collect BIOS information such as serial number, version, manufacturer in Windows systems?
      • How to collect all the important missing patches in Windows systems?
      • How to check wireless security in Linux systems?
      • How to collect mounted disk information on Linux systems?
      • How to check wireless signal quality in Linux systems?
      • How to check all firewall policies on Linux systems?
      • How to collect all Dynamic Host Configuration Protocol (DHCP) information on Linux systems?
      • How to collect DNS information on Linux systems?
      • How to collect ARP entries that are created when a hostname is resolved to an IP address and then to a MAC addressing in Linux?
      • How to check wireless signal quality in Windows systems?
      • How to check wireless security in Windows systems?
      • How to collect all open ports in Windows systems?
      • How to collect all network interfaces in Windows systems?
      • How to investigate DNS cache on Windows systems?
      • How to check all firewall policies on Windows systems?
      • How to collect DNS information on Windows systems?
      • How to collect all the applications with an unknown publisher in Linux systems?
      • How to perform system tuning?
      • How to collect all software licenses in Windows systems?
      • How to identify potentially unwanted programs such as torrent downloaders or unnecessary toolbars running on Windows systems?
      • How to collect a list of applications that are started when you boot your computer?
      • How to collect all the applications with an unknown publisher in Windows systems?
      • How to collect all software licenses in Mac systems?
      • How to collect ARP entries that are created when a hostname is resolved to an IP address and then to a MAC addressing Windows?
      • How to collect all families of operating systems such as Windows, Unix, and macOS?
      • How to collect environment variables set in all operating systems?
      • How to collect all the applications with an unknown publisher in Mac systems?
      • How to delete and quarantine a file?
      • How to start and stop the processes in Saner?
      • How to block blacklisted applications in Saner?
      • How to enable/disable devices in Saner
      • How to manually import devices into Saner?
      • How to deploy software in Saner EM?
      • How to enable and disable firewall settings in Saner AE?
      • How to collect all shared resources on Windows systems?
      • How to collect all Dynamic Host Configuration Protocol (DHCP) information on Windows systems?
      • How to connect to a client machine graphically using Saner Remote Access
  • FAQs
    • Saner CVEM Technical FAQs

Security Intelligence

  • Network Scanner Product Support Matrix
  • Privilege levels for authenticated scans using Saner Network Scanner
  • Overview of Security Content and Intelligence
  • Security Content Statistics
  • Application and OS Remediation Coverage
  • Compliance Benchmark Coverage
  • List of Vulnerability to Exploit/Malware Mapping covered in Saner
  • OVAL Definitions Family-wise Distribution
  • OVAL Definitions Class-wise Distribution
  • OVAL Definitions Platform Coverage
View Categories
  • Home
  • Docs
  • Saner Cloud
  • User Guides
  • Cloud Security Posture Management(CSPM) User Guide

Cloud Security Posture Management(CSPM) User Guide

Print Friendly, PDF & Email
Measure Cloud Security Posture and Compliance Position with Saner CSPM

The Saner Cloud Security Posture Management (CSPM) dashboard offers an interactive, real-time overview of your cloud environment’s security posture and compliance with frameworks such as NIST, HIPAA, SecPod Default, CIS, and PCI DSS.

The dashboard features various blocks that categorize findings as follows:

  • Cloud Provider: Includes AWS or Azure.
  • Severity: Ranges from High, Medium, to Low.
  • Publicly Accessible Resources: Identifies resources exposed to the external network.
  • Services: Evaluates specific cloud services.
  • Status: Indicates findings as Passed, Failed, or Unchecked.
  • GeoMaps: Provides a geographic representation of findings.
  • Trends: Monitors changes in security performance over time.

The Trend Analysis feature highlights patterns in your security posture, while the SecPod Default Benchmark offers a ready-to-use compliance framework to streamline risk assessment and mitigation across your cloud assets. Users can sort, filter, search, and customize the records displayed, as well as export data in CSV format for further analysis. Additionally, the dashboard allows users to toggle views between AWS and Azure for more focused insights.

Salient Highlights

Interactive Real-Time Security Overview

Offers a live view of your cloud environment’s security posture and compliance with frameworks like NIST, HIPAA, CIS, SecPod Default, and PCI DSS.

Resource Evaluation and Risk Identification

Displays the number of resources evaluated and associated configuration risks identified during recent scans for AWS and Azure.

Severity-Based Prioritization

Categorizes issues into High, Medium, and Low severity, helping you prioritize remediation efforts effectively.

Publicly Accessible Resources

Identifies resources exposed to external networks to aid in securing publicly accessible assets.

Geographic Security Insights

Provides a visual representation of security findings across geographic locations using an interactive map.

Trend Analysis

Tracks recurring, seasonal spikes, or reductions in affected resources as a result of implemented security measures.

Predefined Compliance Framework

Includes the SecPod Default Benchmark, a ready-to-use compliance framework to simplify risk assessment and mitigation across cloud assets.

Customizable Data Interaction

  • Enables sorting, filtering, searching, and customization of displayed records.
  • Supports exporting data in CSV format for further analysis.

Explore the Dashboard Views
ComponentWhat it Conveys?
Top 5 Affected RegionsThe chart provides information about the number of resources evaluated and any associated configuration risks identified in the recent scan of various cloud services, including AWS or Azure.
 
The dashboard block displays live data that is updated after each scan, ensuring that the information remains current and accurate for informed decision-making based on the latest findings.
Findings based on SeverityThe pie chart categorizes findings by severity levels with “Critical” representing immediate threats to security or compliance. These findings may include issues like exposed sensitive data, unrestricted network access, and critical compliance failures.
 
Only the latest “Failed” findings with “Critical” severity displays in the dashboard block after each scan.
Publicly Accessible ResourcesUtilize the pie chart to Identify the resources exploitable by external network.
 
User can click on the pie and get a detailed breakdown of the resources. Based on selection of “Failed,” “Passed,” or “Unchecked,” the relevant information displays in the following columns:
— Unique Identifier: A distinct ID for each finding.
— Description: A brief explanation of the security issue.
— Affected Cloud Service Region: The region of the cloud service impacted.
— Number of Affected Resources: The count of resources impacted by each finding.
— Cloud Service Affected: The specific cloud service (e.g., CloudFormation, CloudFront, CloudTrail, ConfigService).
– Impacted Resource Type: The type of resources affected (e.g., Stack, Distribution, Trail, ConfigurationRecorders).
— Severity: For items marked as “Critical.”
— Fix Options for Remediation: Indicated by an “wrench” icon. Click to complete remediation or patching activities.
 
Additionally, users can take various actions from the details view, such as sorting or filtering, searching for keywords, selecting the number of records to view, and exporting the records into a spreadsheet (CSV).
Findings based on ServicesPresents a streamlined view of security findings (issues) across the selected cloud service. This enables users to prioritize remediation efforts based on the severity of issues and the number of affected resources.
 
Based on your selection of “Failed,” “Passed,” or “Unchecked,” the relevant information displays in the following columns:
– Unique Identifier: A distinct ID for each finding.
– Title: A brief explanation of the security issue.
– Benchmark: Benchmark applied to the resource
– Benchmark Rule: Default identifiers for SecPod Default Benchmark
– Rule Type: Each rule is categorized as either Manual or Automated, based on its compliance verification method. Manual Rules require human intervention to ensure compliance. For instance, this may involve checking physical security policies or conducting a manual review of specific rules. Automated Rules can be verified programmatically through scripts or security tools. An example of this is checking whether disk encryption is enabled using automated scans.
– Region: The region of the cloud service impacted.
– Resources Count: The count of resources impacted by each finding.
– Services Type: The specific cloud service (e.g., CloudFormation, CloudFront, CloudTrail, ConfigService).
– Resources Type: The type of resources affected (e.g., Stack, Distribution, Trail, ConfigurationRecorders).
– Severity: For items marked as “Critical.”
– Fix: Indicated by an “wrench” icon. Clicking the wrench(fix)icon navigates you to complete remediation tasks.
 
You can filter the dashboard to focus specifically on “Critical” findings, allowing IT teams to address the most pressing issues and streamline their responses. This interface also allows you to view configuration names, regions, and provides options for evidence and remediation actions directly from the dashboard.
 
Only “Failed” findings with a “Critical” severity level are displayed in the list. For each Failed “Critical” finding, you can follow a link to view a detailed breakdown that includes:
– Title of the Finding: The name given to the finding.
– Severity: Severity in Benchmark rules indicate the level of risk or potential impact associated with each security configuration issue. It helps prioritize issues based on their criticality to system security. The levels include:
Critical, High, Medium, and Low.
All Primary BenchmarksFrom the “All Primary Benchmarks” block in the dashboard, take a look at:
All Benchmark Configurations used to evaluate system security. This helps in tracking compliance across multiple resources.
Benchmark Details  that displays the Configuration Name, Description, and Benchmark Name (e.g., SecPod_Default), indicating which standards are applied (like CIS, NIST, etc.)
Severity Assessment that indicates the risk level(Not Evaluated, Critical, High, Medium, Low) of identified vulnerabilities in different color codes.
Geo-mapProvides a visual representation of security findings across various geographic locations on the map. Findings are color coded to help make high-risk locations immediately visible. For regional insights, users can click on the marker(represented as a dot) in a specific country or region and get a breakdown all the findings. Based on selection of “Failed,” “Passed,” or “Unchecked,” the relevant information displays in the following columns:
– Unique Identifier: A distinct ID for each finding.
– Title: A brief explanation of the security issue.
– Benchmark: Benchmark applied to the resource
– Region: The region of the cloud service impacted.
– Resources Count: The count of resources impacted by each finding.
– Services Type: The specific cloud service (e.g., CloudFormation, CloudFront, CloudTrail, ConfigService).
– Resources Type: The type of resources affected (e.g., Stack, Distribution, Trail, ConfigurationRecorders).
– Severity: For items marked as “Critical.”
– Fix: Indicated by an “wrench” icon. Clicking the wrench(fix)icon navigates you to complete remediation tasks.
 
Additionally, users can take various actions from the details view, such as sorting or filtering, searching for keywords, selecting the number of records to view, and exporting the records into a spreadsheet (CSV).
Data-wise Affected Resources TrendGraphical depiction providing insight into the count of affected resources or cloud services(like AWS or Azure) over a period of time, helping users track patterns and potentially anticipate future issues. This is useful for identifying recurring vulnerabilities, seasonal spikes, or reductions in affected resources due to implemented security measures.

Learn How To

How to Setup Benchmarks in Saner CSPM?

Benchmark settings are configurations designed to evaluate system security and compliance with predefined standards. They specify the types of rules, the rules affected, the values that are checked, and the severity levels used to categorize risks. Saner Cloud provides a variety of security benchmarks, including the built-in SecPod Default Benchmark.

The SecPod Default Benchmark offers a pre-configured, regulatory-compliant assessment framework designed to streamline risk identification and mitigation across cloud environments. Built with industry best practices in mind, this benchmark includes standardized rules that evaluate specific resource configurations, displaying compliance results directly on the dashboard for enhanced visibility and accessibility.

Access Benchmarks from Saner Cloud Security

Step 1: Launch Saner CSPM

After you login, select Cloud Security from the landing page. Next, click the App Launcher( on top of the page) and choose CSPM(Cloud Security Posture Management).

Step 2: Access Benchmarks

Click the Benchmarks link on the top-right of the page. The Configuration details page opens. Go ahead and click the Create New Benchmark button to launch the Wizard-based UI.

Setup a Benchmark Using Wizard-based UI

With the guided User Interface, go ahead and create a custom benchmark if predefined benchmarks don’t fit all your needs.

Step 1: Specify Security Benchmark to Use, Compliance Type, and Region to Apply

In this step, select the security benchmark that you want to use from the drop-down menu.

Available options:

  • CIS Amazon Web Services Foundations Benchmark v3.0.0
  • SecPod Default Benchmark
  • NIST SP 800-53 Rev. 5
  • PCI DSS v3.2.1
  • HIPAA
  • SOC

Additionally, specify the cloud region for which you want to apply the benchmark to from the drop-down menu.

Note: If you do not select the region, then the benchmark applies to all regions by default.

Define Benchmark Rules for a Compliance Type

If You Choose…Then
RegionalRegion drop-down list appears, allowing you to select specific regions
GlobalThe benchmark is applied to all regions by default
BothYou can apply the benchmark to both specific regions and globally

Additionally, specify the cloud region for which you want to apply the benchmark to from the drop-down menu.

Note: If you do not select the region, then the benchmark applies to all regions by default.

Tabular Listing of Benchmarks and Rules

Click Next to see the Tabular listing of the Benchmarks with details on:

  • ID
  • Compliance Type
  • Configuration Benchmark
  • Severity
  • Compliance Statistics
  • Compliance%
  • Regions
  • Date
  • Actions

From the tabular listing, you have an option to:

  • Select Benchmarks for which you want create rules. Click Next and begin to select rules that align with the security standard
  • See the Rule Type — Manual or Automated — applied to the Benchmark
  • Update the Severity of Benchmarks. Click the Edit button under the Severity column and set the severity level.
  • Get a quick glance of the benchmark details by clicking the Ask anything icon(displayed as a circled question mark) next to each Benchmark

See the Rule Type Applied to the Benchmark

Manual Rules require human intervention to verify compliance. For example, checking physical security policies or manually reviewing rules.

Automated Rules can be verified programmatically using scripts or security tools. For example, checking if disk encryption is enabled via automated scans.

Adjust the Benchmark Values As You Wish

In the context of Saner Cloud Security Posture Management (CSPM), the term “No Input Required” refers to “Automated” security checks that do not require any additional configurations, manual inputs, or user intervention.

Saner CSPM automatically indicates whether a rule necessitates user input for customization or functions with default settings (“No input required”). However, users have an option to modify the entries in the “Values” column as they wish.

Additionally, you can also Allow or Deny the selected instance types. Just click the appropriate option(Allow or Deny) and select the relevant instance type from the dropdown list.

If you wish to increment or decrement values for certain rules, just use the up/down arrows.

Use the Manual Benchmarks for rules that are not automatically identified by the scanner. For Manual Benchmarks, by setting the values to:

  • Unaudited — you can indicate the rules that have not been checked, either due to lack of data or because they were skipped in the scan
  • Audited — you can ensure that the rule configurations are checked or verified against the benchmark

Prioritize Issues based on Criticality to System Security

Severity in Benchmark rules indicate the level of risk or potential impact associated with each security configuration issue. It helps prioritize issues based on their criticality to system security. The levels shown in the image include:

  • Critical: Indicates issues that pose the highest risk and require immediate attention to prevent severe security breaches.
  • High: Represents significant risks that could lead to security vulnerabilities if not addressed promptly.
  • Medium: Denotes moderate risks that are less urgent but still important to mitigate to maintain overall security.
  • Low: Denotes risk of lesser severity and does not need immediate attention

This classification helps security teams focus their efforts on the most pressing compliance issues first.

Click Next. The following Caution message displays. Click the button, I Understand and Continue to proceed with creating the Benchmark configuration.

What Can You Interpret from Global Benchmarks?

Global benchmarks assess services and configurations that are not region-specific. For instance, AWS CloudFront is classified as a global service because it operates across multiple regions.

Saner CSPM offers guidance based on the findings from these global benchmarks by labeling these checks as “Global.” When you hover over the benchmark icon (represented as a “question mark”), it displays key insights explaining the importance of these checks and suggested actions to address any identified issues (see screenshot for an example).

Step 2: Choose Rules that Align with Security Standard

Provide a Name and Description to Your Benchmark.

If you want to specify this benchmark as a primary one, then turn on the Primary Benchmark slider.

Choose the rules that align with the specified security standard. Click the checkbox(es) to choose one or more rules that you want to map with the security standard.

In the Assign to Other Accounts, observe the current cloud account selected by default. If you’d want to apply this benchmark for any other account, then click the appropriate checkbox(es).

Note that only administrators have the privilege to select one or more accounts to assign the benchmark.

Lastly, click the Create New Benchmark button.

Step 3: Complete Benchmark Creation

On completing all the steps, the system applies the selected benchmark rules to the chosen regions and resources for evaluation.

Click Next to view the list of rule IDs, descriptions, affected Rules, along with the “Values” on the Configuration page.

How does the Benchmark Rule Work?

The benchmark rule system evaluates resources and services based on established security standards. It performs regular or on-demand scans to identify any misconfigurations or compliance gaps. After collecting the data, the system compares it against benchmark criteria, categorizing each finding as either a “Pass” or “Fail” to clearly indicate the compliance status. This process simplifies the tracking and remediation of vulnerabilities.

Use Quick Evaluation Benchmarks

Saner Cloud offers supplementary benchmarks in addition to the primary benchmarks. These secondary benchmarks are available for each region and are designed to complement the primary benchmarks by assessing compliance with various standards or internal policies, such as CIS Amazon Web Services, NIST, PCI DSS, or SecPod Default. “Quick Evaluations” provide flexible and faster scans that focus on specific areas or services.

Create a Benchmark for Quick Evaluation

From the Select Benchmark Rules page, make sure to keep the Primary Benchmarks slider Turned Off when you create the benchmark rule and proceed with next steps.

KEY POINTS TO REMEMBER IN BENCHMARK CONFIGURATION

The system considers the most recently created, edited or updated benchmark as the active one. This means:

If you want to…Then you must…Result
Replace the Default BenchmarkCreate a custom benchmark that has the same configuration as the Default BenchmarkMessage displays asking if you want to override the existing benchmark. Review the benchmark before you proceed to make the changes.

Default Benchmark disappears from the “All Primary Benchmarks” block on the dashboard. Only the newly created custom benchmark displays.
Replace the Custom BenchmarkEdit or update the custom benchmark and save to make this the active one Message displays asking if you want to override the existing benchmark. Review the benchmark before you proceed to make the changes.

The modified custom benchmark displays as the active one in the “All Primary Benchmarks” block on the dashboard
Display all the BenchmarksSlightly adjust the configuration to ensure the system supports displaying multiple benchmarks simultaneouslyAll the Benchmarks displays in the “All Primary Benchmarks” block on the dashboard
Additional Benchmark Actions

1. View All the Configured Benchmarks

From the Benchmark Configuration list, you have an option to view all the configured benchmarks, edit regions, update rules, and delete the benchmark as needed. Just click the appropriate button and perform the requisite action.

2. Differentiate between Primary Benchmark and Quick Evaluation Benchmark from the Configuration List

The primary or quick evaluation benchmark that you created displays in the Benchmark Configuration Details list. In the Configuration Benchmark column, observe the Primary Benchmarks indicated in a green circle and Quick Evaluation Benchmarks indicated in a grey circle.

3. Edit the Regions for Primary or Quick Evaluation Benchmarks

To edit a record, click the Edit button next to the relevant benchmark entry. This allows you to edit the cell under the Region column. Next, click the drop-down arrow and select or clear the checkboxes next to the desired regions. Finally, click the Save icon. A confirmation message appears. Click Yes to confirm your changes.

4. Update the Rules for Primary or Quick Evaluation Benchmarks

From the Benchmark Configuration list, click the Update Benchmark icon (under the Actions column) corresponding to a benchmark and proceed to modify the Benchmark Rules.

5. Run Scan on the Quick Evaluation Benchmark

Click the Scan button under the Actions column on the Benchmark Configuration Details page. Once the scan completes, the severity of the benchmark displays as applicable.

6. Re-evaluate the Benchmark

You have an option to reevaluate the benchmark by clicking on the Scan button on the Benchmark Configuration details page. Once the scan completes, the severity of the benchmark and compliance displays as applicable.

7. Delete the Benchmark

From the Benchmark Configuration list, click the Delete icon(under Actions column) corresponding to a Primary or Quick Evaluation Benchmark.

8. View the Current Data Using Refresh

Simply click the Refresh button on the Benchmark Configuration page and see the updated information.

9. Search by Specific Benchmark Information and Retrieve Results

You can do a standard keyword search based on:

  • Name
  • Compliance Type
  • Configuration Benchmark

How to Assess System Compliance and Security Posture?

From the “All Primary Benchmarks” Block

From the “All Primary Benchmarks” block in the Saner CSPM dashboard, take a look at:

  • All Benchmark Configurations used to evaluate system security. This helps in tracking compliance across multiple resources
  • Benchmark Details that displays the Configuration Name, Description, and Benchmark Name (e.g., SecPod_Default), indicating which standards are applied (like CIS, NIST, etc.)
  • Severity Assessment that indicates the risk level(Not Evaluated, Critical, High, Medium, Low) of identified vulnerabilities in different color codes

“Not Evaluated” status indicates that scanning has not taken place for the primary benchmark(s). Only after scanning completes, the relevant statuses: critical, high, medium, or low displays.

  • Compliance Statistics that provide quick insights into compliance levels (e.g., the score 601 might represent compliant checks, pending patches, or specific policy metrics)

Detect Patterns over a Period with Resource-Trends

Step 1: Launch Saner CSPM

Step 2: Go straight to the “Date-Wise Affected Resources Trend” block on the dashboard.

Step 3: Identify seasonal variations, predict and prepare for recurring vulnerabilities and mitigate future security risks.

Commonly Asked Questions
What can I infer from the “Findings by Cloud Provider” and how does this contribute to my overall security posture management?

The pie chart displays the total number of resources evaluated across various cloud providers (e.g., AWS, Azure) and highlights any configuration risks found during the latest scan.

IT teams can make informed decisions with the real-time view of configuration risks across cloud services and easily identify high-risk areas and prioritize remediation.

What qualifies a finding as “Critical”?

Critical findings include serious security and compliance issues such as exposed sensitive data, unrestricted network access, and significant compliance failures that need immediate attention.

How does the “Publicly Accessible Resources” chart support risk management?

By identifying exploitable resources and providing actionable details, the chart helps users prioritize and address network vulnerabilities quickly. The detailed breakdown view, users can gather further details on the remediation steps with guidance on how to resolve each finding effectively.

I want to detect patterns such as recurring security vulnerabilities, spikes in affected resources, or periods of stability. How is this possible?

From the trends chart you can gain insight into these and take proactive steps to improve security.

I want to predict future vulnerabilities. How can I do it from the dashboard?

From the trends chart you can identify seasonal variations, predict and prepare for recurring vulnerabilities and mitigate future security risks.

What is a CSPM Benchmark and which one should I choose for my organization?

Saner CSPM (Cloud Security Posture Management) Benchmark refers to a set of standards or guidelines designed to evaluate the security posture of your cloud environment. These benchmarks assess your cloud configuration, identify potential vulnerabilities, and recommend improvements to ensure compliance with best practices and regulatory requirements. When selecting the right benchmark for your organization, several factors should be considered, including industry and regulatory requirements, the cloud provider environment, and compliance needs.

How do I create a CSPM Benchmark?

The Saner CSPM Default Benchmark offers a pre-configured, regulatory-compliant assessment framework designed to streamline risk identification and mitigation across cloud environments. Built with industry best practices in mind, this benchmark includes standardized rules that evaluate specific resource configurations, displaying compliance results directly on the dashboard for enhanced visibility and accessibility.

What are the different CSPM Benchmark settings and what do they signify?

Saner Cloud Security Posture Management (CSPM) utilizes various benchmark settings to assess and improve the security of cloud environments. These benchmarks align with industry standards, regulatory frameworks, and security best practices.

Some common CSPM benchmark settings and their significance:
— NIST – Commonly used by U.S. government agencies and organizations in highly regulated industries
— PCI DSS – Essential for organizations handling payment card data to avoid breaches and ensure compliance
— HIPAA – Critical for organizations dealing with healthcare data to avoid penalties and protect patient information
— CIS – Helps organizations comply with industry standards, reduce attack surfaces, and achieve baseline cloud security

How do I edit a benchmark?

Access the Detailed view from Saner CSPM dashboard and make the necessary changes.

How do I identify critically vulnerable assets from not critically vulnerable assets?

The Severity, Service, and Resource Type columns provide a comprehensive view of security risks where “Critical” severity implies an immediate need for remediation especially if associated with core services or sensitive resources across different geographic regions.

The All Findings view in the CSPM dashboard presents a streamlined view of security findings (issues) across the selected cloud service. This enables users to prioritize remediation efforts based on the severity of issues and the number of affected resources.
Based on your selection of “Failed,” “Passed,” or “Unchecked,” the relevant information displays in the following columns:

  • Unique Identifier: A distinct ID for each finding.
  • Description: A brief explanation of the security issue.
  • Affected Cloud Service Region: The region of the cloud service impacted.
  • Number of Affected Resources:The count of resources impacted by each finding.
  • Cloud Service Affected: The specific cloud service (e.g., CloudFormation, CloudFront, CloudTrail, ConfigService).
  • Impacted Resource Type: The type of resources affected (e.g., Stack, Distribution, Trail, ConfigurationRecorders).
  • Severity: For items marked as “Critical.”
  • Fix Options for Remediation: Indicated by an “i” icon for further details.

You can filter the dashboard to focus specifically on “Critical” findings, allowing IT teams to address the most pressing issues and streamline their responses. This interface also allows you to view configuration names, regions, and provides options for evidence and remediation actions directly from the dashboard.

Only “Failed” findings with a “Critical” severity level are displayed in the list. For each Failed “Critical” finding, you can follow a link to view a detailed breakdown that includes:

  • Title of the Finding: The name given to the finding.
  • Severity: Confirmation that the finding is marked as Critical.
  • Details: Including “First Detected On,” “Last Scanned On,” Service, and Resource Type.
  • Affected Resource: Featuring a unique identifier (ARN) and the specific “Region” with its “Configuration.”

The Trend Graph offers visual representations of the number of affected resources over time, while the Geographical Map highlights affected locations: red dots indicate regions with issues, and green dots represent regions without any problems.

How do I check critically vulnerable assets only in specific region?

The Severity, Service, and Resource Type columns provide a comprehensive view of security risks where “Critical” severity implies an immediate need for remediation especially if associated with core services or sensitive resources across different geographic regions.

The All Findings view in the CSPM dashboard presents a streamlined view of security findings (issues) across the selected cloud service. This enables users to prioritize remediation efforts based on the severity of issues and the number of affected resources.

Based on your selection of “Failed,” “Passed,” or “Unchecked,” the relevant information displays in the following columns:

  • Unique Identifier: A distinct ID for each finding.
  • Description: A brief explanation of the security issue.
  • Affected Cloud Service Region: The region of the cloud service impacted.
  • Number of Affected Resources:The count of resources impacted by each finding.
  • Cloud Service Affected: The specific cloud service (e.g., CloudFormation, CloudFront, CloudTrail, ConfigService).
  • Impacted Resource Type: The type of resources affected (e.g., Stack, Distribution, Trail, ConfigurationRecorders).
  • Severity: For items marked as “Critical.”
  • Fix Options for Remediation: Indicated by an “i” icon for further details.

The Geographical Map highlights affected locations: red dots indicate regions with issues, and green dots represent regions without any problems.

What can I do to improve my Cloud Security Posture?

Apply appropriate the Benchmarks for your organization and monitor for misconfigurations. For more details refer to “How to Setup Benchmarks in Saner CSPM?“.

Share This Article :
  • X
  • LinkedIn
Still stuck? How can we help?

Saner Documentation Feedback

Cloud Security Asset Exposure(CSAE) User Guide
Table of Contents
  • How to Setup Benchmarks in Saner CSPM?
    • Step 1: Launch Saner CSPM
    • Step 1: Specify Security Benchmark to Use, Compliance Type, and Region to Apply
    • Step 2: Choose Rules that Align with Security Standard
    • Step 3: Complete Benchmark Creation
    • Create a Benchmark for Quick Evaluation
    • KEY POINTS TO REMEMBER IN BENCHMARK CONFIGURATION
  • How to Assess System Compliance and Security Posture?
    • Detect Patterns over a Period with Resource-Trends
Copyright 2025 - SecPod. All Rights Reserved. Privacy Policy.
SanerNow Version 6.3.x