Viewing the Cloud Exposure View dashboard

Release version: Yokohama

Updated December 3, 2025

3 minutes to read

Summarize

Summarized using AI

Summary of Viewing the Cloud Exposure View dashboard

The Cloud Exposure View dashboard, accessible via the Security Exposure Management workspace in ServiceNow, enables cloud security teams to monitor and manage security findings across multiple cloud environments and vendors. It consolidates cloud-related security exposures, allowing for interactive visualization and filtering of aggregated data by categories such as cloud assets, risk levels, and finding types. This centralized view helps teams prioritize and remediate vulnerabilities efficiently.

Show full answer Show less

Access and Roles

Navigate to Workspaces > Security Exposure Management > Cloud Exposure View to access the dashboard.
Required roles include snsecexception.read for viewing and snvulcmn.usemadmin for configuring workspace rules.

Key Features

Top-level filters: Filter findings by type (e.g., Host Vulnerability Response, Configuration Compliance, Container Vulnerability Response), source (third-party scanner integrations), and risk rating (Critical, High, Medium, with optional Low and None).
Needs attention cards: Quickly access lists for unassigned, overdue, remediation-due, and in-review findings by clicking on totals, providing focused remediation workflows.
Cloud Security Overview: Breakdown of active findings by cloud provider, asset type (Compute, Network, Storage, Other), and severity with interactive cards and visualizations to drill down into detailed records.
Top findings: View leading base images and image types with the most security exposures, color-coded by risk severity for easy identification.
Accounts and regions: Identify least compliant accounts and regions with the most critical findings, grouped by Host, Misconfiguration, Toxic combinations, and Container vulnerabilities.
Resources exposure: Review top externally exposed resources and those with the highest critical security exposures.
Toxic combinations and compliance scores: Monitor assets with failed configurations and toxic vulnerability combinations using data imported from Configuration Compliance and Wiz Vulnerability Response Integration, with findings color-coded by severity and filtered by recent date ranges.

Practical Use

By leveraging this dashboard, ServiceNow customers can efficiently prioritize remediation efforts, track compliance across cloud environments, and gain a comprehensive understanding of their cloud security posture. The ability to filter and drill down into findings by asset type, provider, severity, and compliance status empowers security teams to focus on critical risks and improve cloud security management.

The Cloud Exposure View is a module that is supported by Security Exposure Management workspace. Select interactive visualizations and filter aggregated data for your cloud assets by category to view findings for your security exposures. Cloud security teams can monitor and act on all their cloud-related security findings from multiple vendors across their cloud environments from within the workspace.

Locating the Cloud Exposure View

To view the dashboard, navigate to Workspaces > Security Exposure Management > Cloud Exposure View.

Roles required:

sn_sec_exception.read to view the workspace
sn_vul_cmn.usem_admin to configure workspace rules
For vulnerability findings remediation by product:

See Security Exposure Management Workspace Roles

Top-level filters

Locate and organize findings based on the following top-level filters to help you focus your search:

Finding type - View security exposure findings for your cloud service accounts, cloud regions, and cloud resources with this filter.
Note:
Finding types are listed by product. You must install the corresponding applications before you can view the imported data for the following finding types:
- HostVulnerability Response supports findings for vulnerabilities in virtual machines and servers.
- Misconfiguration Configuration Compliance supports findings for misconfigurations in cloud resource services such as S3 and EC2. Configuration Compliance also supports findings for Issues, such as assets that are involved in toxic combinations of vulnerabilities and misconfigurations.
- Container - Container Vulnerability Response supports container vulnerability findings.
Source - View security exposures organized by the third-party scanner product integrations you have installed in your instance.
Risk rating - View security exposures by their criticality (Critical, High, or Medium). Multi-select is supported.
Note:
Select the Settings (gear icon). With Filters selected you can include findings with Low criticality and no imported criticality (None). You might prefer to keep the criticality in its default setting to limit your import and help you focus on your most important findings. If you modify this filter, findings that match your settings are imported with the next daily data import for all your finding types.

Needs attention

Select the totals on the cards to open a list in a new browser tab. View your most critical records organized by the applications that you have installed for the following categories.

Unassigned findings
Overdue findings
Remediation due in 14 days
Findings in review
Select the total numbers in the cards to view a list of records.

Select a card and then select the filters on the new tabs that are displayed to view lists of findings by product: Host, Misconfiguration, and Container.

Cloud Security Overview

View breakdowns of totals of active findings across cloud resource types that are categorized by provider and severity for the following assets:
- Compute
- Network
- Storage
- Other - Resources that don't fall under the other categories.
- Select the total numbers in the cards, a provider icon, or the data visualizations to view corresponding lists of records that display total findings for each asset.
Select Base images or Other image types to view the five findings that have the most security exposures (Top) for the following categories:
- Top base images with active findings
- Top base images by risk
- Select the total number in the card.
Container findings are color-coded for Critical, High, and Medium:
- Red
- Orange
- Yellow
Select a data visualization graph or a colored pill to view a list of up to 1,000 records.
Select Accounts or Regions to view the top five findings that have the most security exposures.
Findings are grouped by Host, Misconfigurations (Test results), Toxic combinations (Issues), and Container (Container vulnerabilities) and are color-coded for Critical, High, and Medium:
- Red
- Orange
- Yellow
View records for your least compliant accounts under Non compliant framework. If no data is imported, this column remains unpopulated.
Select a colored pill or View more to view a list of up to 1,000 records.
Select from Resources or Resources - Externally Exposed to view the top five findings that have the most critical security exposures.
Findings are grouped by Misconfiguration (Test results) and Toxic combinations (Issues), are and Container findings and are color-coded for Critical, High, and Medium:
- Red
- Orange
- Yellow
View toxic combinations and assets with the least compliant scores that have the most security exposures due to failed configurations. Both misconfigurations and issues are populated on test results in Configuration Compliance. This data is imported by the Understanding the Wiz Vulnerability Response Integration, and this data is not displayed unless Configuration Compliance and the Wiz Vulnerability Response Integration are installed.
Findings with failed test results are color-coded. You can select the date range for the last 7 days or the last 30 days.
- Red
- Orange
- Yellow
Select View more to view a list of up to 1,000 records.

Cloud Exposure view

Yokohama Security Management