Skip to main content

Multi-Cloud Posture Dashboard

Normalizing security findings across AWS, Azure, and GCP into a single risk view for leadership and engineering.


Multi-Cloud Posture Dashboard

Challenge

Each cloud exposes findings in different formats (Security Hub, Defender for Cloud, Security Command Center). Leadership needs one risk score trend, not three portals.

Normalization schema

FieldDescription
finding_idStable identifier
cloudaws | azure | gcp
severitycritical … info
resource_arnCanonical resource ID
control_idCIS / custom mapping
owner_teamFrom resource tags
statusopen | remediated | accepted

Grafana / Elastic approach

  1. Ingest via cloud APIs on schedule
  2. Enrich with CMDB or tag-based ownership
  3. Dashboard panels: open critical by team, MTTR trend, top recurring misconfigs

Governance

  • Weekly security review per team with top 5 findings
  • Accepted risk requires CISO delegate approval + expiry
  • Auto-close findings when Config re-evaluates clean