August 11, 2022 - What's New

Amazon Inspector - General Availability

We are excited to announce that the CloudHealth Secure State inbound integration for Amazon Inspector is now generally available!

Inbound integrations make it easier to correlate information between cloud resource configurations, posture misconfigurations, and threats. When configured, an inbound integration enables ingestion of security findings from external sources such as Amazon GuardDuty and Azure Defender.  The Amazon Inspector v2 service continuously scans virtual machines and ECR container images for software vulnerabilities and unintended network exposure. Findings from the service can now be ingested and correlated by CloudHealth Secure State, providing an additional layer of security insights and enabling security and operational teams to match cloud configurations to host vulnerabilities from one GUI or report.

Amazon Inspector can be configured in a few short steps. Since Amazon Inspector actions are not included in the Security Auditor role as of the release, an inline policy must be added when configuring the integration for the first time. Once the role has been updated, you can choose which accounts to ingest findings into CloudHealth Secute State under Settings > Integrations > Amazon Inspector. To view the findings along with other CloudHealth Secure State findings, navigate to the various Findings views and choose Amazon Inspector in the finding source filter.

To learn more about the Amazon Inspector integration, please see the documentation

AWS GovCloud Support - Public Beta

We are excited to announce the public beta for AWS GovCloud support. With this latest release, we are extending our findings detection and alerting capabilities to the AWS GovCloud environment to help with minimizing security risk and mitigating threats. You can now onboard your AWS GovCloud accounts using the CloudHealth Secure State browser client by selecting “Government” as the account type when onboarding your account. In this initial release, we do not support real-time event monitoring and alerting or remediations, but we will consider these features in future releases.  

For further information on how to onboard your AWS GovCloud accounts, you can refer to the product documentation.

New Reporting Engine - Public Beta

We are happy to announce that the next generation of our reporting functionality is going to the public beta stage! It comes with the following enhancements to the existing reporting functionality:

Findings overview report      

The Findings overview report is provided in a PDF format and presents an executive summary of the security violations in the organization. It consists of multiple sections that present new and resolved findings over time, top rules and resources with findings, findings by severity, and more. The report is customizable so that users can reorder and include/exclude sections according to their liking.

Findings details report now includes controls and control groups   

We have also included an enhancement to the already existing findings details report in CSV – there are two new columns that present the related framework control and control group, so that it is easier to see which sections of the framework have been violated and act accordingly.

You can read more about these new reporting features and how to use them in the documentation.

July 28, 2022 - What's New

AWS and Azure Bulk Onboarding - General Availability

We are excited to announce the general availability of AWS Organization and Azure Management Group bulk account onboarding and continuous account discovery. You can now onboard many AWS accounts and Azure subscriptions associated with an AWS Organization or Azure Management Group in a single action instead of individually when using the CloudHealth Secure State browser client. Any new accounts you add to the AWS Organization or Azure Management Group are detected through continuous account onboarding and can be easily added to the service. CloudHealth Secure State also supports bulk account onboarding and account discovery for Azure Gov accounts within your Azure Management group.  

You can start discovering and bulk onboarding your AWS and Azure accounts by going to Settings > Cloud Accounts in the CloudHealth Secure State browser client or via the APIs. For further information, you can refer to the product documentation.   

July 25, 2022 - What's New

Inventory Views - General Availability

We’re excited to announce the General Availability of CloudHealth Secure State Inventory Views. Inventory Views enable you to better understand your cloud inventory by browsing resources based on cloud provider, service, and resource type. You can view the inventory for your entire organization or apply a filtered view based on tag, environment, region, or cloud account.

For each resource type, you can easily see how resources are distributed based on creation date, region, or cloud account. This is the first release in a series of updates to improve the visibility of your cloud inventory and its security posture.

You can start checking out your inventory views at the Explore > Inventory page from the CloudHealth Secure State browser client.

Recently, Context-Sensitive Help (CSH) has become available for CloudHealth Secure State. You can access CSH by clicking on the help panel icon when using the CloudHealth Secure State browser client. CSH has been configured to provide you with relevant documentation links based on where you are in the product. For example, clicking on the help panel while going through the process now provides you with quick links to our onboarding documentation, while doing so on the integrations page gives you links to setup instructions each type of integration.

If haven't yet had a chance, try it out and let us know your thoughts at

June 21, 2022 - What's New

API Reference documentation now available on VMware Docs

The CloudHealth Secure State API Reference documentation is officially migrated to VMware Docs!

CloudHealth Secure State exposes several public APIs that allow users to access and integrate core features into their own tools and automated workflows. Previously, this documentation remained available at Now that it has been migrated, all future updates will take place on the VMware Docs site and old links should re-direct to the new location as well. Re-directs aren't maintained indefinitely, so please take this opportunity to update any bookmarks you may have for the previous content.

You can access the migrated documentation from the new API Reference link on the CloudHealth Secure State product documentation home page.

June 6, 2022 - What's New

Azure Bulk Onboarding - Public Beta

We are excited to announce the public beta of bulk onboarding and continuous discovery for Azure. You can now onboard multiple Azure subscriptions associated with an Azure management group in a single action instead of onboarding the subscriptions individually when using the CloudHealth Secure State browser client. Additionally, any new accounts you add to an Azure management group are detected through continuous discovery and can be easily added to the service.  

For further information on how to bulk onboard your Azure subscriptions, check out the documentation.

May 19, 2022 - What's New

Self-Managed Kubernetes - General Availability

CloudHealth Secure State expands support for Kubernetes this week, with self-managed Kubernetes clusters support now generally available. In addition to the cloud-managed clusters you are running in the public cloud, you can now attach self-managed clusters you have running in a cloud or data center environment. We define a cloud environment as any of our supported public clouds, while a data center environment is either on-prem or a different public cloud. When running self-managed clusters in a supported cloud, you will be able to see the relationship between your cloud and Kubernetes resources.

We expanded our rule set to include CIS Kubernetes benchmark and NSA hardening guidelines. We now support beyond Cloud and Upstream Kubernetes clusters to include VMware Tanzu Kubernetes Grid, Rancher, and more. Finally, we have introduced CIS benchmark Kubernetes v1.20 and v1.23, version 1.0.0 as two new compliance frameworks.

To learn more, please read this blog and to get started, refer to the documentation.

April 21, 2022 - What's New

Custom Dashboard with Saved Filters - Public Beta

We’re happy to announce that custom dashboards with saved filters are now available as a public beta. Admins and analysts can use this new feature to create custom dashboards with pre-configured filter options, so that other users can directly see the content that is most relevant to them and act in a faster, more efficient manner. Each dashboard has its own name, filter configurations, and context, which defines where it's visible to the entire organization or to one or more projects.

New dashboards can be created based on three built-in dashboard templates, which are based on the current overview, compliance, and trends dashboards. Each new dashboard also had a unique URL to easily share it with other users in the system.

Organization admins and project admins have an additional way to drive the attention to a specific dashboard by setting it as default for all members of the context.

Review the documentation for more information about using custom dashboards.

April 18, 2022 - What's New

AWS Organization Account Discovery and Onboarding - Public Beta

We are pleased to announce the public beta of AWS Bulk Account Onboarding. Prior to this release, you could only onboard AWS accounts individually when using the CloudHealth Secure State browser client. With this new release, you can now onboard a large number of AWS cloud accounts associated with an AWS organization in a single onboarding. Additionally, any new accounts you add to an AWS organization are detected through continuous onboarding and can be easily added to the service. 

If you have already onboarded AWS accounts that are attached to an AWS organization, you can now re-onboard them with the root AWS account using the AWS bulk onboarding action. This should auto-link all the member accounts on the root account.

For further information on how to bulk onboard your AWS accounts, check out the documentation

April 7, 2022 - What's New

Webhook and Jira Cloud now in General Availability

April 7, 2022

In January 2022 we announced the public beta of the Jira Cloud and Webhook integrations. We are pleased to announce both features are now in General Availabiltiy for CloudHealth Secure State customers.

Webhook integration

A webhook is a simple HTTP call back that sends a POST request to another service or application when triggered by an event. This allows you to integrate with a plethora of third party services for messaging, ticketing, or SIEM that otherwise lack a specific integration with CloudHealth Secure State. You can now receive real-time alerts for findings in CloudHealth Secure State in your existing collaboration and communication tools automatically without having to query CloudHealth Secure State APIs.

General Availability brings the following features:

  • PagerDuty template now available - Set up real-time alerts and ticketing on PagerDuty for high severity alerts using a pre-defined template.
  • Custom templates now available - Create your own custom template for any third party service such as ServiceNow or Zendesk.

For further information on how to configure a webhook integration, check out the documentation.

Jira Cloud integration

If you use Jira Cloud for ticketing, you can now configure and automate it into your existing workflow. Based on set criteria in alerts, CloudHealth Secure State can trigger and forward findings to Jira Cloud as an issue.

General Availability brings the following features:

  • Field template - When configuring your Jira Cloud integration, you can use the Fields Template section to customize your ticket template using Mustache format. The Fields Template allows the user to add both custom and JIRA native fields. So you can add a Jira custom fields, for something like "customfield_10801":{"value":"Team1"} , but you can also add "labels":["label1", "label2"], a Jira native field, to pre-populate your tickets with desired labels.

With the new custom field enhancements, you can auto-assign findings from CloudHealth Secure State to specific projects and users in Jira tickets with pre-defined information relevant to your organization.

For further information on how to set up a Jira Cloud integration, check out the documentation.

March 10, 2022 - What's New

Azure Government Subscription Support

In December 2021, we announced the public preview of Azure Government Support. Today, we’re excited to announce the general availability of visibility and detection capabilities for Azure Government environments. You can follow our Azure onboarding documentation for specific instructions and visual examples of this process.

To onboard your Azure Government subscription, follow the standard process to add an Azure cloud account in the CloudHealth Secure State dashboard and choose “Government” as the account type when filling out general information.

Interconnected KSPM now supports self-managed Kubernetes in the Data Center – Public Beta

In December 2021, we announced the general availability of CloudHealth Secure State Interconnected Kubernetes Security Posture Management (KSPM) for clusters running in cloud-managed services like Azure Kubernetes Service, Amazon EKS and Google Kubernetes Engine. In January, we announced the extension of this capability to monitor self-managed Kubernetes clusters hosted on virtual machines using public cloud compute services like Amazon EC2, Azure Compute, and Google Compute Engine. Today, we are pleased to announce the self-managed Kubernetes cluster public beta is further extended to include the self-managed Kubernetes clusters running in your data center. Customers can now gain the consistent visibility and security of approximately 200 rules of Kubernetes clusters across both cloud and data center environments. 

To get started, go to Settings > Cloud Accounts, then create a Data center cloud account to to attach and group your Kubernetes clusters. Make sure you're using latest collector version (2022.3.2-130 or later) to take advantage of this feature.

We strongly recommend reviewing the documentation for this feature that discusses some ideas of how to organize your data center Kubernetes clusters in your CloudHealth Secure State organization before adding too many clusters. We are interested in your feedback, please work with your Technical Account Managers to share your thoughts.

March 3, 2022 - What's New

CloudHealth Secure State Docs is migrating to VMware Docs

Change is coming to the CloudHealth Secure State product documentation!

Effective on March 3, 2022, the release notes, what's new announcements, and all user guides will be available from VMware Docs at This new website provides a host of new features and usability improvements for our users, including:

  • Topic-based content - Shorter, more impactful articles.
  • Richer experience - Better navigation options, improved code callouts, and overall consistency with documentation for other VMware products.
  • Search - Use the VMware Docs search bar to find the right content based on keywords.
  • Feedback button - Easy, open line of communication to call out improvements and challenges.

More features are planned in the coming months, including:

  • Migration of API documentation - The API Reference documentation will be migrated and available with all the same benefits mentioned above.
  • Context Sensitive Help - Planned integration with the VMware CSP help panel will allow the CloudHealth Secure State UI to suggest the documents most relevant to the parts of the product you're currently using.

Migrated documents at will no longer receive updates and will eventually be retired, so please start referring to the VMware docs site as soon as possible. Make sure you update any bookmarks you've saved for current documentation, as well as links in any personal process documentation you've created.

January 27, 2022 - What's New

Remediation by Project Admin

We are pleased to announce that project administrators in Secure State can now use the remediation service.

In most cases, organization administrators are responsible for creating a remediation action for common or reoccurring violations. However, the remediation must be evaluated and run by a project administrator who owns the cloud infrastructure and understands the impact of the remediation. Until today only organization administrators were able to run a remediation, but with this new release, project administrators can now view and run remediations on findings in their projects.

As a project administrator, note that an organization administrator must still create the remediation and associate it with your project before you can see and run it on findings. You can then investigate the impact of the remediation on your application and select Remediate if you choose to correct the finding. If you decide to suppress the finding, request a suppression by navigating to the finding details.

check-circle-line exclamation-circle-line close-line
Scroll to top icon