Viewing Scan Results

This section of the documentation outlines viewing, interacting with, and interpreting IaC Security scan results. Scans are available under Security > Infrastructure as Code > Scan List.

Scan List

This page lists the previous scans including summary information about scan drivers, date, duration, configuration info, and status/outcome. As soon as a scan has finished, it will be recorded within the Scan List interface.

  • Click Add Filter to use filters to narrow the list of scans to only the most critical or vulnerable
  • Click the link in the Findings Summary column to open the findings summary
    • If an error was encountered during the scan, no findings summary will be available in the column. Instead, click Scan has encountered error to open a window diagnosing the error and containing a download of the error stack trace
  • Click the Edit Configuration icon (pencil) to edit the configuration associated with a scan
  • Use the pagination features at the bottom of the page to quickly navigate through the list of configurations

Filters

Filtering allows for narrowing the scope of the resources list using properties like: cloud accounts, clusters, and resource groups. Click the Add Filters button to open the panel and Select a property to get started. After choosing your desired filters, select Apply to update the page to display the results of your specified filters.

Filtering Behavior

  • Each selected Filter updates dynamically with options appropriate for the property selected.
  • Click + Add Filter to add an additional filter and further narrow the scope.

Save Filters

After adding a filter, you can save it so that can easily be reused the next time you access the feature.

Saved Filters

Saved filters are feature-specific (since options vary between features), i.e., a Feature A saved filter will only be available in Feature A and will not be available in Feature B.

To save a filter:

  1. Use the Add Filter option to create a filtered view of the page.

  2. Expand the Filters section, and click the Options button (ellipsis).

  3. Click Save Filter and provide a name and (optional) description.

  4. If desired, select the checkboxes:

    • Set as Default Filter - Designates this filter as your default when you return to the feature
    • Make this a Public Filter - Makes this filter available to all users inside your InsightCloudSec organization
  5. Click OK. The filter is saved and can be edited from the Saved Filters page for this feature.

Findings Summary

Scans have two possible statuses: success or failure. If any of the resources found in the IaC template failed a check against an Insight, the scan will be marked as a failure (failed scan). Both successful and failed scans can contain warnings, however. An example failed scan might look like this:

From top-to-bottom, here's a summary of the information available:

  • Scan Summary - The name of the IaC configuration, the scan target, the date/time the scan was completed, and the duration for the scan
    • The scan target contains three things: {type|hostname}:{number of files}:{name of files|user-provided string}
  • Download - Enables you to download a copy of the scan in JSON or HTML.
  • Graph - This section provides an at-a-glance color-coded bar graph illustrating the total resources scanned and their individual statuses. The colors for the bar graph are aligned as follows:
    • Green = Passed
    • Orange = Warned
    • Red = Failed
    • Grey = Ignored
  • Details - Details for each Insight that was evaluated during the scan

Results Details

This section of the report shows the scan results for each individual Insight from the selected Insight pack and the resources that apply.

  • Click the plus sign (+) to expand each Insight and see the resources that failed, warned, or passed
  • In the Action column, click Inspect to expose more information about the Insight as well as remediation details