Viewing the Cloud Exposure View dashboard

  • Release version: Zurich
  • Updated December 3, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Viewing the Cloud Exposure View dashboard

    The Cloud Exposure View dashboard, accessible via the Security Exposure Management workspace in ServiceNow, enables cloud security teams to monitor and manage security findings across multiple cloud environments and vendors. It provides interactive visualizations and filtering capabilities to help prioritize and remediate cloud security exposures effectively.

    Show full answer Show less

    Access and Roles

    • Navigate to Workspaces > Security Exposure Management > Cloud Exposure View to open the dashboard.
    • Required roles:
      • snsecexception.read for viewing the workspace
      • snvulcmn.usemadmin for configuring workspace rules

    Key Features

    • Top-level Filters: Filter security findings by
      • Finding type (e.g., Host vulnerabilities, Misconfigurations, Containers) - requires corresponding product applications installed
      • Source (third-party scanner integrations)
      • Risk rating (Critical, High, Medium), with options to include Low or None severity
    • Needs Attention Cards: Quickly access critical findings such as unassigned, overdue, or due-for-remediation within 14 days, and findings under review. Clicking totals opens detailed lists filtered by product category.
    • Cloud Security Overview: Visual breakdown of active findings by cloud provider, asset type (Compute, Network, Storage, Other), and severity. Interactive elements allow drilling down into detailed records.
    • Top Findings: View top base images and other image types with the most security exposures, grouped and color-coded by severity (Critical in red, High in orange, Medium in yellow).
    • Account and Region Analysis: Identify accounts and regions with the highest number of security exposures, categorized by Host, Misconfigurations, Toxic Combinations (Issues), and Containers.
    • Compliance Monitoring: Track least compliant accounts under frameworks and externally exposed resources with critical findings, supporting up to 1,000 records per list.
    • Toxic Combinations and Configuration Failures: View assets with failed compliance tests and toxic vulnerability combinations imported via the Wiz Vulnerability Response Integration. Requires Configuration Compliance and Wiz integration installed. Findings are color-coded by severity and can be filtered by date range (last 7 or 30 days).

    Practical Use for ServiceNow Customers

    This dashboard consolidates cloud security findings from multiple sources into a central, actionable view, enabling teams to:

    • Filter and prioritize cloud security issues by type, source, and risk rating.
    • Quickly identify and address critical and overdue vulnerabilities.
    • Analyze cloud assets by provider, region, and compliance status.
    • Leverage integrations like Configuration Compliance and Wiz for advanced findings on misconfigurations and toxic combinations.

    By using this dashboard, customers can improve cloud security posture management, streamline vulnerability remediation, and maintain compliance across diverse cloud environments.

    The Cloud Exposure View is a module that is supported by Security Exposure Management workspace. Select interactive visualizations and filter aggregated data for your cloud assets by category to view findings for your security exposures. Cloud security teams can monitor and act on all their cloud-related security findings from multiple vendors across their cloud environments from within the workspace.

    Locating the Cloud Exposure View

    To view the dashboard, navigate to Workspaces > Security Exposure Management > Cloud Exposure View.

    Roles required:
    • sn_sec_exception.read to view the workspace
    • sn_vul_cmn.usem_admin to configure workspace rules
    • For vulnerability findings remediation by product:
    See Security Exposure Management Workspace Roles

    Top-level filters

    Locate and organize findings based on the following top-level filters to help you focus your search:
    • Finding type - View security exposure findings for your cloud service accounts, cloud regions, and cloud resources with this filter.
      Note:
      Finding types are listed by product. You must install the corresponding applications before you can view the imported data for the following finding types:
      • HostVulnerability Response supports findings for vulnerabilities in virtual machines and servers.
      • Misconfiguration Configuration Compliance supports findings for misconfigurations in cloud resource services such as S3 and EC2. Configuration Compliance also supports findings for Issues, such as assets that are involved in toxic combinations of vulnerabilities and misconfigurations.
      • Container - Container Vulnerability Response supports container vulnerability findings.
    • Source - View security exposures organized by the third-party scanner product integrations you have installed in your instance.
    • Risk rating - View security exposures by their criticality (Critical, High, or Medium). Multi-select is supported.
      Note:
      Select the Settings Gear icon that opens configuration options. (gear icon). With Filters selected you can include findings with Low criticality and no imported criticality (None). You might prefer to keep the criticality in its default setting to limit your import and help you focus on your most important findings. If you modify this filter, findings that match your settings are imported with the next daily data import for all your finding types.

    Needs attention

    Select the totals on the cards to open a list in a new browser tab. View your most critical records organized by the applications that you have installed for the following categories.
    • Unassigned findings
    • Overdue findings
    • Remediation due in 14 days
    • Findings in review
    • Select the total numbers in the cards to view a list of records.

    Select a card and then select the filters on the new tabs that are displayed to view lists of findings by product: Host, Misconfiguration, and Container.

    Cloud Security Overview

    • View breakdowns of totals of active findings across cloud resource types that are categorized by provider and severity for the following assets:
      • Compute
      • Network
      • Storage
      • Other - Resources that don't fall under the other categories.
      • Select the total numbers in the cards, a provider icon, or the data visualizations to view corresponding lists of records that display total findings for each asset.
    • Select Base images or Other image types to view the five findings that have the most security exposures (Top) for the following categories:
      • Top base images with active findings
      • Top base images by risk
      • Select the total number in the card.
      Container findings are color-coded for Critical, High, and Medium:
      • Red
      • Orange
      • Yellow

      Select a data visualization graph or a colored pill to view a list of up to 1,000 records.

    • Select Accounts or Regions to view the top five findings that have the most security exposures.
      Findings are grouped by Host, Misconfigurations (Test results), Toxic combinations (Issues), and Container (Container vulnerabilities) and are color-coded for Critical, High, and Medium:
      • Red
      • Orange
      • Yellow

      View records for your least compliant accounts under Non compliant framework. If no data is imported, this column remains unpopulated.

      Select a colored pill or View more to view a list of up to 1,000 records.

    • Select from Resources or Resources - Externally Exposed to view the top five findings that have the most critical security exposures.
      Findings are grouped by Misconfiguration (Test results) and Toxic combinations (Issues), are and Container findings and are color-coded for Critical, High, and Medium:
      • Red
      • Orange
      • Yellow
    • View toxic combinations and assets with the least compliant scores that have the most security exposures due to failed configurations. Both misconfigurations and issues are populated on test results in Configuration Compliance. This data is imported by the Understanding the Wiz Vulnerability Response Integration, and this data is not displayed unless Configuration Compliance and the Wiz Vulnerability Response Integration are installed.
      Findings with failed test results are color-coded. You can select the date range for the last 7 days or the last 30 days.
      • Red
      • Orange
      • Yellow

      Select View more to view a list of up to 1,000 records.