Skip to main content

CSPM (Cloud Security Posture)

Overview

CSPM (Cloud Security Posture) is a self-serve cloud posture check. You provide an asset inventory as JSON, choose the cloud (AWS, Azure, or GCP), and the scan evaluates the assets against the matching rule packs and returns prioritized findings. The scan is stateless: it analyzes the inventory you submit and returns results. It does not connect to your cloud accounts and does not store cloud data.

What it is for

  • Check an exported cloud asset inventory for common misconfigurations (for example public storage buckets, security groups open to 0.0.0.0/0 on sensitive ports) without standing up a connected scanner.
  • Get quick, prioritized findings with a severity and a plain-language reason.
  • Keep control of your data: you decide what inventory to submit, and nothing is retained.

How to use it

  1. Open CSPM (#/cspm) in the platform.

  2. On the Assets tab, pick the cloud (AWS / Azure / GCP) and paste an asset inventory JSON array. Each asset has an id, a resource_type, and a properties object, for example:

    [
      {"id": "aws_s3_bucket.demo", "resource_type": "s3_bucket", "properties": {"acl": "public-read"}},
      {"id": "sg.open", "resource_type": "security_group", "properties": {"cidr": "0.0.0.0/0", "from_port": 22, "to_port": 22}}
    ]

  3. Run the scan. The Findings tab lists each flagged resource with the rule, a message, and a severity.

By API:

  • POST /api/cspm/scan with { "cloud": "aws|azure|gcp", "assets": [ ... ] } returns { "cloud": "...", "findings": [ {resource, rule, message, severity} ] }. Authenticated, licensed workspace access is required.

Evidence and privacy

The scan is stateless and inventory-in / findings-out. Dralvia does not connect to cloud provider accounts and does not store the submitted inventory. You control exactly which assets are evaluated.

Where it appears

  • CSPM console (#/cspm): overview, asset input, and findings review.

Limits

This is a rule-pack evaluation against an inventory you provide, not a connected, continuously-monitoring CSPM that reads your cloud accounts directly. Coverage is the breadth of the shipped rule packs for each cloud. Bring an up-to-date inventory export for the most useful results.