# Cloud Security Dashboard
The Cloud Security dashboard provides visibility into cloud risks, exposures, and compliance posture across your environment.
It helps you understand how cloud misconfigurations, exposed services, and sensitive data impact your overall security posture.
Use this dashboard to:
* Identify cloud exposures and misconfigurations
* Prioritize risks based on severity and real-world context
* Monitor compliance posture across frameworks
* Detect exposed secrets and sensitive data in cloud assets
* Focus remediation efforts on the most impacted resources
## Issues Breakdown
Displays the distribution of issues by severity.
Trend indicators show how each severity level changes over time.
| Severity | Description |
| ----------- | --------------------------------------------------------------- |
| Appoxalypse | Critical exposure scenarios with high impact and exploitability |
| Critical | High-risk issues requiring immediate attention |
| High | Significant risks that should be prioritized |
| Medium | Moderate risks with lower immediate impact |
## Risk by Cloud Project
Shows risk distribution across cloud projects or accounts. Use this section to identify which projects introduce the highest risk.
The platform supports cloud projects across **AWS**, **Azure**, and **Google Cloud Platform (GCP)**.
| Field | Description |
| ----------------- | -------------------------------------------------- |
| Project | Cloud project or account name |
| Provider | Cloud provider (for example, AWS, Azure, GCP) |
| Risk distribution | Breakdown of issues by severity and exposure level |
## Top Issues Findings
Lists the most impactful cloud issues detected in your environment. Use this table to focus on the issues that affect the most resources or create the highest risk.
| Column | Description |
| -------- | -------------------------------------------------------------------- |
| Severity | Highest risk level of the issue |
| Name | Description of the misconfiguration or exposure |
| Context | Indicators such as internet exposure, runtime state, or service type |
| Count | Number of affected resources |
## Compliance Score per Framework
Displays your compliance posture across security frameworks. Each score represents your current compliance level for the selected framework.
| Framework | Description |
| ------------- | ---------------------------------------- |
| SOC2 | System and Organization Controls |
| CIS-5.0 | Center for Internet Security benchmarks |
| ISO27001:2022 | Information security management standard |
| NIST-800-53 | Security and privacy controls framework |
## Secrets/PII Exposure Level
Shows the exposure status of sensitive data across sources. This section surfaces not only where sensitive data exists, but also how exposed it is.
> **Note:** To use this dashboard section, you must enable Exposure Validation.
Each bar is divided into two segments:
* **Exposed** (red): The portion of sensitive items that are publicly accessible or exposed. Clicking the exposed (red) segment navigates directly to the list of exposed items, so you can investigate and remediate them.
* **Not Exposed** (remainder of the bar): Items that exist but are not currently accessible externally.
**Example:** A bar showing 10 (red) and 15 means there are 25 total sensitive items, 10 of which are exposed. Clicking the red segment opens the filtered list of those 10 exposed items.
Use this section to identify where sensitive data is publicly accessible and take targeted action.
## Secrets/PII in Cloud Assets
Displays where secrets and sensitive data are detected across asset types, for example. This section complements the Exposure Level view by breaking down sensitive data by asset.
> **Note:** To use this dashboard section, you must enable Exposure Validation.
The distribution shows three categories:
* **Active Secrets**: Secrets that are currently active and in use, the highest-priority items to address.
* **Secrets**: Secrets that exist in the asset but are not currently active.
* **PII**: Personally Identifiable Information detected in the asset.
This breakdown helps you understand not just how many sensitive items exist, but their nature and urgency. Active secrets combined with high exposure represent the most critical risk.
Use this section to understand how sensitive data is distributed across your cloud assets and prioritize remediation accordingly.
## Enabling Secrets and PII monitoring
The **Secrets/PII Exposure Level** and **Secrets/PII in Cloud Assets** sections rely on exposure validation being active. Without it, the platform cannot determine which secrets are exposed or active.
To enable exposure validation:
* Go to **Settings > Scan Settings > Exposure Validation** and turn the feature on.
> **Important:** When exposure validation is enabled, the platform actively checks your secrets and assets to determine their exposure status. This can trigger notifications from security tools in your environment. Make sure your team is aware that these checks will occur before enabling the feature.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.ox.security/get-started/onboarding-to-ox/review-scan-results/cloud-security-dashboard.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.