Viewing the Cloud Exposure View dashboard
Summarize
Summary of Viewing the Cloud Exposure View dashboard
The Cloud Exposure View dashboard, accessible within the Security Exposure Management workspace, enables cloud security teams to monitor and manage security exposures across their cloud environments. This module consolidates security findings from multiple vendors and products, providing interactive visualizations and filtering options to help prioritize and act on vulnerabilities, misconfigurations, and compliance issues in cloud assets.
Show less
Access and Roles
To access the dashboard, navigate to Workspaces > Security Exposure Management > Cloud Exposure View. Viewing the workspace requires the snsecexception.read role, while configuring workspace rules requires snvulcmn.usemadmin. For detailed remediation roles by product, consult Security Exposure Management Workspace Roles.
Key Features
- Top-level Filters: Users can filter findings by:
- Finding type: Includes Host Vulnerability Response (virtual machines/servers), Configuration Compliance (cloud service misconfigurations and issues), and Container Vulnerability Response (container vulnerabilities). Relevant applications must be installed to view these findings.
- Source: Organizes exposures by third-party scanner integrations installed.
- Risk rating: Filter exposures by Critical, High, Medium, Low, or None criticality. Multi-select supported, with options to include lower criticalities to broaden imported data.
- Needs Attention Cards: Summarize critical records such as unassigned findings, overdue findings, remediation due within 14 days, and findings in review. Clicking totals opens detailed lists filtered by product type.
- Cloud Security Overview: Displays total active findings by cloud resource types categorized by provider and severity:
- Compute
- Network
- Storage
- Other (resources not in prior categories)
- Top Findings by Images, Accounts, and Regions: Highlights base images and other image types with the highest active findings and risk, as well as top accounts and regions with the most exposures. Findings are grouped and color-coded by severity (Critical-red, High-orange, Medium-yellow).
- Compliance and Exposure Details: Users can review least compliant accounts and externally exposed resources with critical security exposures, with the ability to view detailed lists of up to 1,000 records.
- Toxic Combinations and Failed Test Results: Displays assets with the most security exposures due to failed configurations or toxic combinations of vulnerabilities and misconfigurations. This data requires Configuration Compliance and the Wiz Vulnerability Response Integration to be installed. Findings are color-coded by severity and can be filtered by date ranges (last 7 or 30 days).
Practical Benefits for ServiceNow Customers
This dashboard empowers your cloud security teams to centralize visibility of security exposures, prioritize remediation efforts based on risk and compliance status, and monitor asset health across multiple cloud providers and asset types. With integrated data from various security products and scanner tools, you gain a comprehensive view to efficiently manage vulnerabilities, misconfigurations, and container risks, ensuring proactive cloud security posture management within the ServiceNow platform.
The Cloud Exposure View is a module that is supported by Security Exposure Management workspace. Select interactive visualizations and filter aggregated data for your cloud assets by category to view findings for your security exposures. Cloud security teams can monitor and act on all their cloud-related security findings from multiple vendors across their cloud environments from within the workspace.
Locating the Cloud Exposure View
To view the dashboard, navigate to .
- sn_sec_exception.read to view the workspace
- sn_vul_cmn.usem_admin to configure workspace rules
- For vulnerability findings remediation by product:
Top-level filters
- Finding type - View security exposure findings for your cloud service accounts, cloud regions, and cloud resources with this filter. Note:Finding types are listed by product. You must install the corresponding applications before you can view the imported data for the following finding types:
- HostVulnerability Response supports findings for vulnerabilities in virtual machines and servers.
- Misconfiguration Configuration Compliance supports findings for misconfigurations in cloud resource services such as S3 and EC2. Configuration Compliance also supports findings for Issues, such as assets that are involved in toxic combinations of vulnerabilities and misconfigurations.
- Container - Container Vulnerability Response supports container vulnerability findings.
- Source - View security exposures organized by the third-party scanner product integrations you have installed in your instance.
- Risk rating - View security exposures by their criticality (Critical, High, or Medium). Multi-select is supported.Note:Select the Settings
(gear icon). With Filters selected you can include findings with Low criticality and no imported criticality (None). You might prefer to keep the
criticality in its default setting to limit your import and help you focus on your most important findings. If you modify this filter, findings that match your settings are imported with the next daily data import for all your
finding types.
Needs attention
- Unassigned findings
- Overdue findings
- Remediation due in 14 days
- Findings in review
- Select the total numbers in the cards to view a list of records.
Select a card and then select the filters on the new tabs that are displayed to view lists of findings by product: Host, Misconfiguration, and Container.
Cloud Security Overview
- View breakdowns of totals of active findings across cloud resource types that are categorized by provider and severity for the following assets:
- Compute
- Network
- Storage
- Other - Resources that don't fall under the other categories.
- Select the total numbers in the cards, a provider icon, or the data visualizations to view corresponding lists of records that display total findings for each asset.
- Select Base images or Other image types to view the five findings that have the most security exposures (Top) for the following categories:
- Top base images with active findings
- Top base images by risk
- Select the total number in the card.
Container findings are color-coded for Critical, High, and Medium:- Red
- Orange
- Yellow
Select a data visualization graph or a colored pill to view a list of up to 1,000 records.
- Select Accounts or Regions to view the top five findings that have the most security exposures. Findings are grouped by Host, Misconfigurations (Test results), Toxic combinations (Issues), and Container (Container vulnerabilities) and are color-coded for Critical, High, and Medium:
- Red
- Orange
- Yellow
View records for your least compliant accounts under Non compliant framework. If no data is imported, this column remains unpopulated.
Select a colored pill or View more to view a list of up to 1,000 records.
- Select from Resources or Resources - Externally Exposed to view the top five findings that have the most critical security exposures.Findings are grouped by Misconfiguration (Test results) and Toxic combinations (Issues), are and Container findings and are color-coded for Critical, High, and Medium:
- Red
- Orange
- Yellow
- View toxic combinations and assets with the least compliant scores that have the most security exposures due to failed configurations. Both misconfigurations and issues are populated on test results in Configuration Compliance. This data is imported by the Understanding the Wiz Vulnerability Response Integration, and this data is not displayed unless Configuration Compliance and the Wiz Vulnerability Response Integration are installed.Findings with failed test results are color-coded. You can select the date range for the last 7 days or the last 30 days.
- Red
- Orange
- Yellow
Select View more to view a list of up to 1,000 records.