Events

CloudGuard generates alerts for findings on your cloud environments based on policies. These findings and events can be viewed in the CloudGuard portal and sent as messages to different notification targets, such as email and SNS.

CloudGuard engines show the found Posture and Security Events on pages below the Events menu. The Posture Findings page shows the table of events that the Compliance Engine, Image Assurance, Serverless, and KubernetesClosed Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts. Image Scanning found in real time. The Threat & Security Events page shows an equivalent table for Intelligence, Admission Control, Kubernetes Runtime Protection, and other findings.

Below All, you can find a summary table for all security events. From this page, you can drill down to learn more details about the event, add remarks for the event, or assign it to specific users for remedial actions.

You can search and filter the view for specific events of interest, based on the environment, event type, entity type, ruleset, and other parameters.

Benefits

  • Enterprise view across all platforms, environments, and entities

  • System messages view on a separate page

  • Customizable by search or filter view for Organizational Unit, environment, platform, source, etc.

  • Actionable from the table menu (acknowledge, set up a remediation or exclusion)

  • Links to referenced entities in CloudGuard

Use Cases

  • For enterprise security managers: high-level summary of security posture and key metrics of security findings across the organization - see Dashboards

  • For security engineers:

    • High-level summary of security posture and key metrics of security findings for specific environments - see Dashboards

    • Can review security findings for the applicable environments and apply remediations - see Creating a remediation for findings