Events

CloudGuard generates alerts for findings on your cloud environments based on policies. These findings and events can be viewed in the CloudGuard portal and sent as messages to different notification targets, such as email and SNS.

CloudGuard engines show the found Events on pages below the Events menu. On the All Events page, you can find a summary table (All) for all security events. From this page, you can select events of a specific type (Posture Findings, CIEM, or Vulnerabilities tab) and drill down to learn more details about the event, add remarks for the event, or assign it to specific users for remedial actions.

You can search and filter the view for specific events of interest, based on the environment, event type, entity type, ruleset, and other parameters.

Benefits

  • Enterprise view across all platforms, environments, and entities

  • System messages view on a separate page

  • Customizable by search or filter view for Organizational Unit, environment, platform, source, etc.

  • Actionable from the table menu (acknowledge, set up a remediation or exclusion)

  • Links to referenced entities in CloudGuard

Use Cases

  • For enterprise security managers: high-level summary of security posture and key metrics of security findings across the organization - see Dashboards

  • For security engineers:

    • High-level summary of security posture and key metrics of security findings for specific environments - see Dashboards

    • Can review security findings for the applicable environments and apply remediations - see Creating a remediation for findings