Knowledge base
Knowledge base
Breadcrumbs

Cloud Discovery

Last Updated: 2024-10-09


Purpose

This article describes how to set up a Cloud discovery scan.

Introduction

Cloud Discovery enables you to inventory cloud infrastructure—such as AWS instances—without relying on network-based scanning. Instead, it uses provided credentials to call cloud REST APIs and enumerate assets directly from the cloud provider’s system. This method avoids network impact, detects resources beyond perimeter reach, and ensures accurate discovery of dynamic environments.

A Cloud Discovery scan counts the instances in (AWS currently) cloud environments without using network traffic but with provided AWS credentials and querying the AWS REST APIs.

Setting up a Cloud Discovery Scan

Run the Cloud Discovery Scan

To configure a Cloud discovery scan:

  1. Navigate to Configurations > Scan Configurations in the Main Menu.

  2. Click on the plus icon in the right bottom corner.

  3. Select Cloud discovery.

    Portal_Configuration_Cloud_Discovery.png


  4. Select Credentials from the drop-down menu.

  5. Select Regions.

    Screenshot from 2025-06-23 08-32-49-20250623-063249.png

  6. Choose a scanner.

  7. Click the blue ADD button to save the configuration.

  8. Select the Scan configuration and click on the scan now  Icon_scan_now.png icon in the blue toolbar at the bottom right to run a Cloud discovery scan.

  9. View the scan status under Scans in the Main Menu.

    Portal_Configuration_CloudDiscovery_Scans.png

  10. View the discovered assets, Docker images under Assets > Assets as the list of assets with the filter 'source' set to Cloudsec and the type set to Docker Image.

    Cloudsec_docker_assets (2).png



Related Articles