Core Concepts
Overview
Section titled “Overview”RedCloud CSPM uses a consistent vocabulary across every screen and report. Learning these terms once makes the whole platform easier to navigate. This page is for anyone new to RedCloud — security engineers, DevOps, and CISOs alike.
Key benefits
Section titled “Key benefits”| Benefit | Capability | Business value |
|---|---|---|
| Shared language | Consistent terms across UI, API, and reports | Faster onboarding; fewer misunderstandings between teams |
| Prioritization | Severity plus environment-aware risk scoring | Teams fix what actually matters first |
| Context | Findings connected into attack paths | Effort is spent breaking real attack chains, not chasing isolated alerts |
How it works
Section titled “How it works”Finding
Section titled “Finding”A finding is a single detected issue — a misconfiguration, a risky permission, an exposed resource, or a failed control. Each finding carries a title, description, affected resource, evidence, severity, a risk score, and remediation guidance.
Severity
Section titled “Severity”Severity reflects the inherent seriousness of a finding, independent of your environment:
| Severity | Meaning |
|---|---|
| Critical | Immediate, high-impact exposure |
| High | Serious weakness that should be fixed promptly |
| Medium | Meaningful risk to address in normal cycles |
| Low | Minor or hardening-level issue |
Risk score
Section titled “Risk score”The risk score goes beyond severity by weighing exposure, reachability, and blast radius in your environment. A Critical finding on an isolated, unreachable resource may score lower than a Medium finding on an internet-facing identity that can escalate privileges.
Identity
Section titled “Identity”An identity is a principal that can act in your cloud — a user, group, or service account. RedCloud analyzes what each identity can do, how it can be abused, and how far it could reach if compromised.
Attack path
Section titled “Attack path”An attack path is a chain of findings and permissions an attacker could follow to move from an initial foothold toward a high-value target. RedCloud discovers paths using a graph of resources and identities, models privilege-escalation and lateral movement, and maps each step to MITRE ATT&CK tactics and techniques. The blast radius of an identity is everything it could reach if taken over.
Scan profile
Section titled “Scan profile”A scan profile selects which checks run. Profiles range from a fast baseline (mvp15) to comprehensive (full), plus focused profiles such as iam, networking, storage, gke, compute, cis (compliance), audit, red_team, and web_security. The EVERYTHING profile enables the broadest coverage in a single run.
Operation mode
Section titled “Operation mode”RedCloud separates finding problems from acting on them through operation modes:
| Mode | What it does |
|---|---|
| Detect | Passive posture assessment (read-only) |
| Validate | Confirms whether a finding is actually exploitable |
| Simulate | Models adversary behavior safely |
| Red Team | Executes offensive techniques within an authorized scope (gated behind an accepted disclaimer) |
Perspective (Red / Blue / All)
Section titled “Perspective (Red / Blue / All)”Findings views offer a perspective toggle: Red (attacker view), Blue (defender view), or All. It reframes the same data for the audience you’re working with.
Tenant
Section titled “Tenant”A tenant is an isolated workspace. All data — scans, findings, reports, accounts — is strictly scoped to its tenant, and there is no cross-tenant access. Users can belong to multiple tenants and switch between them; each tenant can carry its own branding and plan.
Best practices
Section titled “Best practices”- Start with
mvp15to get oriented, then move tofullfor depth. - Triage by risk score, not severity alone.
- Use attack paths to decide what to fix first — fixing one step can break many chains.
- Keep operation mode on Detect until you explicitly intend to validate or test.