Azure Bulk Onboarding - Public Beta

June 6, 2022

We are excited to announce the public beta of bulk onboarding and continuous discovery for Azure. You can now onboard multiple Azure subscriptions associated with an Azure management group in a single action instead of onboarding the subscriptions individually when using the CloudHealth Secure State browser client. Additionally, any new accounts you add to an Azure management group are detected through continuous discovery and can be easily added to the service.  

For further information on how to bulk onboard your Azure subscriptions, check out the documentation.

Self-Managed Kubernetes - General Availability

May 19, 2022

CloudHealth Secure State expands support for Kubernetes this week, with self-managed Kubernetes clusters support now generally available. In addition to the cloud-managed clusters you are running in the public cloud, you can now attach self-managed clusters you have running in a cloud or data center environment. We define a cloud environment as any of our supported public clouds, while a data center environment is either on-prem or a different public cloud. When running self-managed clusters in a supported cloud, you will be able to see the relationship between your cloud and Kubernetes resources.

We expanded our rule set to include CIS Kubernetes benchmark and NSA hardening guidelines. We now support beyond Cloud and Upstream Kubernetes clusters to include VMware Tanzu Kubernetes Grid, Rancher, and more. Finally, we have introduced CIS benchmark Kubernetes v1.20 and v1.23, version 1.0.0 as two new compliance frameworks.

To learn more, please read this blog and to get started, refer to the documentation.

Custom Dashboard with Saved Filters - Public Beta

April 21, 2022

We’re happy to announce that custom dashboards with saved filters are now available as a public beta. Admins and analysts can use this new feature to create custom dashboards with pre-configured filter options, so that other users can directly see the content that is most relevant to them and act in a faster, more efficient manner. Each dashboard has its own name, filter configurations, and context, which defines where it's visible to the entire organization or to one or more projects.

New dashboards can be created based on three built-in dashboard templates, which are based on the current overview, compliance, and trends dashboards. Each new dashboard also had a unique URL to easily share it with other users in the system.

Organization admins and project admins have an additional way to drive the attention to a specific dashboard by setting it as default for all members of the context.

Review the documentation for more information about using custom dashboards.

AWS Organization Account Discovery and Onboarding - Public Beta

April 18, 2022

We are pleased to announce the public beta of AWS Bulk Account Onboarding. Prior to this release, you could only onboard AWS accounts individually when using the CloudHealth Secure State browser client. With this new release, you can now onboard a large number of AWS cloud accounts associated with an AWS organization in a single onboarding. Additionally, any new accounts you add to an AWS organization are detected through continuous onboarding and can be easily added to the service. 

If you have already onboarded AWS accounts that are attached to an AWS organization, you can now re-onboard them with the root AWS account using the AWS bulk onboarding action. This should auto-link all the member accounts on the root account.

For further information on how to bulk onboard your AWS accounts, check out the documentation

Webhook and Jira Cloud now in General Availability

April 7, 2022

In January 2022 we announced the public beta of the Jira Cloud and Webhook integrations. We are pleased to announce both features are now in General Availabiltiy for CloudHealth Secure State customers.

Webhook integration

A webhook is a simple HTTP call back that sends a POST request to another service or application when triggered by an event. This allows you to integrate with a plethora of third party services for messaging, ticketing, or SIEM that otherwise lack a specific integration with CloudHealth Secure State. You can now receive real-time alerts for findings in CloudHealth Secure State in your existing collaboration and communication tools automatically without having to query CloudHealth Secure State APIs.

General Availability brings the following features:

  • PagerDuty template now available - Set up real-time alerts and ticketing on PagerDuty for high severity alerts using a pre-defined template.
  • Custom templates now available - Create your own custom template for any third party service such as ServiceNow or Zendesk.

For further information on how to configure a webhook integration, check out the documentation.

Jira Cloud integration

If you use Jira Cloud for ticketing, you can now configure and automate it into your existing workflow. Based on set criteria in alerts, CloudHealth Secure State can trigger and forward findings to Jira Cloud as an issue.

General Availability brings the following features:

  • Field template - When configuring your Jira Cloud integration, you can use the Fields Template section to customize your ticket template using Mustache format. The Fields Template allows the user to add both custom and JIRA native fields. So you can add a Jira custom fields, for something like "customfield_10801":{"value":"Team1"} , but you can also add "labels":["label1", "label2"], a Jira native field, to pre-populate your tickets with desired labels.

With the new custom field enhancements, you can auto-assign findings from CloudHealth Secure State to specific projects and users in Jira tickets with pre-defined information relevant to your organization.

For further information on how to set up a Jira Cloud integration, check out the documentation.

Azure Government Subscription Support

March 10, 2022

In December 2021, we announced the public preview of Azure Government Support. Today, we’re excited to announce the general availability of visibility and detection capabilities for Azure Government environments. You can follow our Azure onboarding documentation for specific instructions and visual examples of this process.

To onboard your Azure Government subscription, follow the standard process to add an Azure cloud account in the CloudHealth Secure State dashboard and choose “Government” as the account type when filling out general information.

Interconnected KSPM now supports self-managed Kubernetes in the Data Center – Public Beta

March 10, 2022

In December 2021, we announced the general availability of CloudHealth Secure State Interconnected Kubernetes Security Posture Management (KSPM) for clusters running in cloud-managed services like Azure Kubernetes Service, Amazon EKS and Google Kubernetes Engine. In January, we announced the extension of this capability to monitor self-managed Kubernetes clusters hosted on virtual machines using public cloud compute services like Amazon EC2, Azure Compute, and Google Compute Engine. Today, we are pleased to announce the self-managed Kubernetes cluster public beta is further extended to include the self-managed Kubernetes clusters running in your data center. Customers can now gain the consistent visibility and security of approximately 200 rules of Kubernetes clusters across both cloud and data center environments. 

To get started, go to Settings > Cloud Accounts, then create a Data center cloud account to to attach and group your Kubernetes clusters. Make sure you're using latest collector version (2022.3.2-130 or later) to take advantage of this feature.

We strongly recommend reviewing the documentation for this feature that discusses some ideas of how to organize your data center Kubernetes clusters in your CloudHealth Secure State organization before adding too many clusters. We are interested in your feedback, please work with your Technical Account Managers to share your thoughts.

CloudHealth Secure State Docs is migrating to VMware Docs

March 3, 2022

Change is coming to the CloudHealth Secure State product documentation!

Effective on March 3, 2022, the release notes, what's new announcements, and all user guides will be available from VMware Docs at This new website provides a host of new features and usability improvements for our users, including:

  • Topic-based content - Shorter, more impactful articles.
  • Richer experience - Better navigation options, improved code callouts, and overall consistency with documentation for other VMware products.
  • Search - Use the VMware Docs search bar to find the right content based on keywords.
  • Feedback button - Easy, open line of communication to call out improvements and challenges.

More features are planned in the coming months, including:

  • Migration of API documentation - The API Reference documentation will be migrated and available with all the same benefits mentioned above.
  • Context Sensitive Help - Planned integration with the VMware CSP help panel will allow the CloudHealth Secure State UI to suggest the documents most relevant to the parts of the product you're currently using.

Migrated documents at will no longer receive updates and will eventually be retired, so please start referring to the VMware docs site as soon as possible. Make sure you update any bookmarks you've saved for current documentation, as well as links in any personal process documentation you've created.

Remediation by Project Admin

January 27, 2022

We are pleased to announce that project administrators in Secure State can now use the remediation service.

In most cases, organization administrators are responsible for creating a remediation action for common or reoccurring violations. However, the remediation must be evaluated and run by a project administrator who owns the cloud infrastructure and understands the impact of the remediation. Until today only organization administrators were able to run a remediation, but with this new release, project administrators can now view and run remediations on findings in their projects.

As a project administrator, note that an organization administrator must still create the remediation and associate it with your project before you can see and run it on findings. You can then investigate the impact of the remediation on your application and select Remediate if you choose to correct the finding. If you decide to suppress the finding, request a suppression by navigating to the finding details.

check-circle-line exclamation-circle-line close-line
Scroll to top icon