Add external findings sources in VMware Tanzu Platform hub

Add external finding sources so that you can combine cloud-native governance findings with the Tanzu Security Posture findings for a single list of vulnerabilities related to your cloud resources.

Findings report the misconfiguration or vulnerabilities for your resources. Findings are based on policies that define industry standards or configuration rules, or your own requirements. In addition to the governance policies that you define and apply in VMware Tanzu Platform hub, you can also pull in the cloud-native monitoring data so that you can evaluate all your vulnerabilities in a single user interface. For example, Amazon GuardDuty, Amazon Inspector, and Microsoft Defender for Cloud.

Before you begin

• Verify that the monitoring services are turned on in your cloud provider.
• Add accounts and verify that the IAM policies include your finding sources.

Activate an external finding source

The external finding sources are collected from the cloud provider when you add a cloud account. To add them to the findings, you must activate the finding source.

1. Select Setup & Configuration > Findings sources.
2. Click View on the tile for the source you want to add.
3. To activate an inactive source, select one or more sources and click Activate.

How to review the findings for the added sources

When the finding sources are active and healthy, you can use the information to review problems based on the attention score.

1. To review the report findings for any of the sources, select Security Posture > Findings.

2. To limit the findings to a source, apply the Finding Source filter by selecting the source, and click Apply.

   For example, select Amazon GuardDuty.

3. To troubleshoot a finding, expand the details for that finding.

   • To review the cloud provider policy, click the Policy link.
   • To review the affected resource in Hub, click the Resource name link.

For additional governance troubleshooting options, see Investigate VMware Tanzu Platform hub Security Posture findings.

How to determine if the finding sources are providing data

If you do not see findings from your finding sources, review the status and health of the finding sources.

1. Select Setup & Configuration > Findings sources.

2. Select the source and review the Status and Health Status.

   Status	Health Status	What it means	Possible remediation actions
   Active	Healthy	The source is connected in VMware Tanzu Platform hub and collecting data.	Event monitoring might not be configured for the account. If configured, the updates are real-time. If it is not configured, the updates are approximately every 12 hours.
   Active	Not triggered	The source is activated in VMware Tanzu Platform hub but cannot receive data.	The source service is not enabled for the account in the cloud provider. Go to your cloud account and verify that the service is enabled. The account is not configured with the latest IAM policy. Rerun your account configuration to get the latest script updates.
   Inactive	Healthy	The source is not activated in VMware Tanzu Platform hub but the account is ready to collect data.	Activate the source.
   Inactive	Not triggered	The source is not activated in VMware Tanzu Platform hub and VMware Tanzu Platform hub cannot receive data.	Activate the source. The source service is not enabled for the account in the cloud provider. Go to your cloud account and verify that the service is enabled. The account is not configured with the latest IAM policy. Rerun your account configuration to get the latest script updates.

Parent topic:Setting up data connections in VMware Tanzu Platform hub