Investigate VMware Tanzu Platform hub Security Posture findings

As an administrator, you must maintain the security and performance of your accounts and resources in Tanzu Platform hub.

Tanzu Platform hub reports findings of various types. You must review the findings and decide how to remediate them.

The overview dashboard displays a summary of the findings, severity, drifts, threats, violations, accounts, and the option to customize the dashboard.

The findings get reported in real time if event monitoring was activated during account setup, and twice a day if no event monitoring is in place. You investigate the open findings by priority according to the highest attention score, and follow the workflow through the user interface to remediate those findings.

On the dashboard, you can manage the settings, add or remove widgets, and change the title.

  • Add a widget, click the Edit icon to open the widget list, and drag widgets to the dashboard.
  • Configure the widget and change the grid and actions.
  • Create, duplicate, and delete dashboards.

Where to begin

Verify user roles and permissions:

  • Required for monitoring findings.

For details, go to: Setting up users and projects for VMware Tanzu Platform hub.

Review the types of findings

Tanzu Platform hub reports multiple types of findings.

  • Anomaly
  • Error
  • Threat
  • Violation
  • Vulnerability

To view the findings and filter them:

  1. Click Security Posture > Findings.
  2. Expand the Type category.
  3. Click one or more types of findings and click Apply.

The finding details vary depending on the type you select. For example:

  • Violation findings indicate a violation of a posture policy. When Violation findings get reported, all the details about the violation findings appear, including a suggested action, the policy, and more.
  • You can choose to remediate each finding or suppress it.

To export the findings in the list to a CSV file, click the Export button.

If you’ve set up projects in VMware Tanzu Platform hub, you can view findings for a specific project by selecting it from the context switcher in the top menu for VMware Tanzu Platform hub.

Remediate the most impactful findings

The findings attention score is the place to start to prioritize which findings you address first.

You might need to remediate:

  • A violation of a posture policy, or an anomaly or threat.

Focus on violations first. If a violation occurs, it could indicate a security issue in your cloud resources.

You can reduce the number of overall findings on the page by selecting the filters. You can also suppress individual findings or suppress an applied posture policy.

To remediate security drift, you must have elevated access permissions. To set up elevated access permissions, go to the topic for your provider in: Setting up data connections in VMware Tanzu Platform hub.

To begin investigating the findings for your cloud accounts, subscriptions, and resources:

  1. Review the findings and attention scores.
  2. Expand the filters.
  3. Select the filters for the findings you want to investigate. For example, select the security category, and the violation type.

The findings display the finding name of each security violation, the attention score, the type of resource, the account ID, and a link that displays the cloud tags applied to the resource.

When you begin to investigate the findings, and remediate them, be aware that:

  • For a violation or threat from a posture policy, you click the link from the finding to the associated remediation article and follow the steps in it. Alternatively, you can configure a remediation worker group to automatically resolve supported findings.

Investigate critical threats and violations to your posture

The posture policies enforce the security compliance requirements on your cloud resources by applying rules to those resources.

To monitor your cloud resources for critical security issues, investigate the findings for threats and violations.

  1. Filter the findings.

    The filters let you narrow your search by selecting the categories and types of filters you need to investigate.

  2. Expand a threat or violation finding that has a high attention score.

    The finding details describe the finding and the action to take, with a link to the remediation article that describes the steps to follow to resolve the finding.

  3. To understand the violation, review the description of the finding.

  4. Check the frameworks to determine if the finding is associated with a compliance standard you want to enforce on your accounts.

    When you click the link to the frameworks, the list of applied frameworks appears in a list.

  5. Review the suggested action for a high-level summary of the resolution, then click the View more link to see the remediation article.

  6. Follow the remediation steps in the article to resolve the issue that generated the finding.
  7. To confirm that the open security violation is resolved, click the Resolved button.

Suppress findings that are low priority or have blocked resolution

You might discover that you are not able to resolve a finding after you investigate it. In that case, you can suppress the finding until it can be resolved.

A suppressed finding stops appearing for a length of time selected by the person who submitted the suppression request. Some common scenarios for suppressing a finding include:

  • The finding cannot currently be resolved due to engineering or other blocking issues.
  • The resource configuration that generated the finding is part of the business requirements. If that is true for your entire organization, consider deactivating the policy instead.
  • The finding is a false positive and you verified that no drift or violation occurred.

To suppress a finding, expand or select it from the main list.

  1. Click the Suppress button.
  2. For Duration, set the length of time for suppressing the finding.
  3. For Reason, provide a business justification for your request.
  4. Click Submit.

If you don’t have elevated permissions in Tanzu Platform hub, your suppression request must be reviewed and approved by an administrator before it goes into effect. You can check the status of a suppressed finding in Governance > Suppressions.

Create a report of the findings

You can create a detailed report of the findings in VMware Tanzu Platform hub, and share it with stakeholders.

To create a report of the findings:

  1. Click Security Posture > Reports.
  2. Click Add Report.
    1. Provide a name, select the type of report, and select the report output format.
    2. Select the context for the report generation at either the organization or project level. Then, click Next.
  3. Add criteria for the report.
    1. Select one or more cloud accounts, then click Add Criteria.
    2. Select the criteria to add, and provide the information for each type of criteria. Then, click Next.
  4. Choose when the report gets generated.
    1. You can generate the report manually or on a schedule.
    2. When you choose to manually create the report, you can have VMware Tanzu Platform hub create it when you save it. Then, click Next.
  5. Determine who receives the report by providing one or more email addresses. Then, click Save.

View overall trends in findings

You can view the trends dashboard from the Tanzu Platform hub Home tab to see how findings on your accounts have progressed over days, weeks, or months.

  1. In Tanzu Platform hub, click Security Posture > Overview.

  2. Click the drop-down icon next to the “Security Posture Overview” text and select Trends.

What to read next

Create suppression policies for security posture findings in VMware Tanzu Platform hub

As an administrator or application owner, you must ensure the most critical findings are resolved quickly while managing signal noise from findings that are high in volume and have a low priority or blocked resolution. You can use suppression policies to hide findings across multiple accounts in a single action, or to stop tracking findings completely for policies that don’t fit your organization.

Parent topic: Governing resources in VMware Tanzu Platform hub

check-circle-line exclamation-circle-line close-line
Scroll to top icon