Each finding is assigned a result of either "PASS", "FAIL", "WARN", or "UNKNOWN". Passing results indicate that the cloud security control being tested was not violated in the IaaS account, either becauase no resources of the target type existed, or because they all followed the required best practice. Warning results indicate that a security control is in danger of being violated but may not present an immediate risk. For example, SSL certificates that are expiring within the next 90 days or applications using a deprecated, but not insecure, runtime, may produce warning results. Failing results indicate that the control was violated and should be remediated. Unknown results indicate that CloudSploit was not able to ascertain the status of the resources, either due to API issues, cloud provider downtime, or missing permissions.
What do the result types mean in CloudSploit scans? Print
Created by: Matt Fuller
Modified on: Sun, 10 Nov, 2019 at 11:42 AM
Did you find it helpful?Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.