You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit
Last updated: Mar 20th, 2023

Cloud Security Posture Management (CSPM)

Identify & remediate configuration risks in the Cloud services you leverage

What is an Elastic integration?

This integration is powered by Elastic Agent. Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, forward data from remote services or hardware, and more. Refer to our documentation for a detailed comparison between Beats and Elastic Agent.

Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.

The Cloud Security Posture Management (CSPM) integration discovers and evaluates the services in your cloud environment, like storage, compute, IAM, and more, against hardening guidelines defined by the Center for Internet Security (CIS) to help you identify and remediate configurations risks that could potentially undermine the confidentiality, integrity, and availability of your data in the cloud.

Getting started with CSPM

For in-depth, step-by-step guidance to help you get started with CSPM, please read through our getting started guide.

Using CSPM

After you deploy this integration, the pages described in the table below will begin to get populated with security posture data. Please read the "Use Cases" section of the CSPM documentation for step-by-step instructions on how to use these pages to get insight into and improve your cloud security posture.

Posture Dashboard
The posture dashboard provides an overview of the security posture of both Cloud accounts and Kubernetes clusters monitored. You can access the posture dashboard via the dashboards section of the security solution. Please read the posture dashboard documentation to learn more.
Findings communicate the configuration risks discovered in your environments. The findings page will always display the most up-to-date configuration risks found. You can access the findings page in the main navigation pane of the security solution. Please read the findings documentation to learn more.
Benchmark Rules
Benchmarks hold the configuration rules that are used to assess your specific environments for secure configuration. You can access benchmark rules in the Manage section of the security solution under CLOUD SECURITY POSTURE. To learn more, please read the benchmark rules documentation

As questions come up, check out the CSPM FAQ or reach out to use directly in our community slack workspace in the #security or #cloud-security channels.