Security Posture Control: Configuring and viewing your findings

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 3 minutes de lecture

    • You can view the findings generated by the evaluation of policies in Security Posture Control in the Security Posture Control Workspace.

    Overview for findings

    Any matching assets are reported as 'Findings'. You can configure findings to be generated from the execution of policies so that these findings can be assigned to various teams for remediation or used for reporting. Security Posture Control publishes these findings as ‘Test Results’ in the Configuration Compliance module. All administrative controls in the Configuration Compliance application that are related to assignment, grouping (remediation task generation), remediation targets, exceptions are supported for findings that are generated by Security Posture Control.

    The types of findings:

    Tool coverage
    This type represents a security tool coverage gap. This finding type is applicable for policies using ‘Reported-by-connector’ and ‘Not-reported-by-connector’ relationships.
    Internet exposure
    This type represents internet exposure of a cloud asset. This finding type is applicable for policies using ‘Has-internet-exposed-port’ relationship on CloudVM.
    High-risk combination
    This type represents an issue having more than one risk factor associated, that is, assets with critical vulnerabilities and a missing endpoint protection agent.

    Depending on the relationships that are used in the policies, the available finding types are visible when you select, Configure findings. For example, if you select Configure findings on a policy that has more than one risk factor such as ‘Cloud assets with critical vulnerabilities, missing endpoint protection, and SSH port 22 open to internet’, the following options are displayed as finding types that can be generated.

    1. High-risk combination
    2. Tool coverage
    3. Internet exposure

    You can choose to generate findings of type ‘High-risk combination’ which creates one finding per every asset matching this policy. Alternatively, you can choose to create findings of the type, ‘Tool coverage’ and ‘Internet exposure’, which will result in two findings created per each asset that matches the policy: one of the type ‘Tool coverage’, and one of the type ‘Internet exposure’.

    By using the type of findings or Test Result, you can write assignment rules in Configuration Compliance to route these issues to respective teams for remediation. For example, you can send ‘Tool coverage’ findings to IT ops team, and ‘Internet exposure’ to the application team.

    However, if one of the remediation owners fixes the issue, the other finding is automatically closed, because these findings are generated from a policy looking for the combination. For example, if the IT ops team closes the ‘Tool coverage’ finding by installing the endpoint protection agent, the ‘Internet exposure’ finding generated from this policy is automatically closed even though the asset is internet-facing, since this finding is generated from a policy looking for a combination of issues. If you would like to keep track of internet exposure issue on assets, it is recommended you create another policy that looks for only internet exposure on the assets and not any other risk factor.

    Where to view findings

    You have these options to view the findings generated by the evaluation of policies.

    • Navigate to Security Posture Control Workspace > Lists > Findings > All.
    • On a policy record, select View findings.
    • In the Configuration Compliance application, select Test Results and filter the records by Source is ServiceNow SPC.

    The dashboard

    In the Security Posture Control Workspace, the Home (landing page) displays these visualizations:

    Overview
    • Assets: the number of assets monitored on-premise and in the Cloud.
    • Findings by criticality: The number of critical findings out of your total assets.
    • Assets monitored by top 5 sources: The top five Service Graph Connectors reporting on assets.
    • Cloud accounts: The number of Cloud accounts monitored by AWS and Azure.
    • Open vs closed findings: A comparison of records still in process or awaiting resolution and those that are resolved.
    Key insights
    • Endpoint protection agent installed: The total number of assets have or do not have endpoint protection.
    • Managed device coverage: The number of managed assets compared to those that are unmanaged.
    • Vulnerability scan coverage: The total number of scanned assets compared to the number that are not scanned for known vulnerabilities by a third-party vulnerability scanner.
    • Assets with critical vulnerabilities: The number of assets out of the total number of assets that have critical vulnerabilities.
    • Vulnerable items by criticality: The total number of vulnerable items broken down by their severity. A known vulnerability that matches an asset in your CMDB results in a vulnerable item.
    • Top 3 policies by findings: The policies that return the most findings (matches) on your assets.

    Key use case coverage

    Select a visualization and Help improve to view which service graph connectors and policies are activated for the key use cases.