Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.osto.one/llms.txt

Use this file to discover all available pages before exploring further.

Posture Management connects your cloud environments to Osto so it can continuously scan your configuration, flag misconfigurations, and surface findings in the Cloud Security section of the dashboard.

What Osto scans

Once a cloud account is connected, Osto checks:
  • Identity and access — overly permissive IAM roles, unused credentials, public access misconfigurations.
  • Network security — open security groups, unrestricted ingress rules, missing VPC flow logs.
  • Encryption — unencrypted storage buckets, volumes, and databases.
  • Logging and monitoring — missing audit trails, disabled log sinks, unconfigured alerts.
  • Compliance mapping — findings are automatically mapped to relevant controls in frameworks such as SOC 2, ISO 27001, and CIS Benchmarks.

Supported cloud providers

ProviderGuide
Amazon Web ServicesConnecting AWS to Osto
Google Cloud PlatformConnecting GCP to Osto
Microsoft AzureConnecting Microsoft Azure to Osto

How connection works

Osto uses read-only credentials to pull configuration data from your cloud provider’s APIs. No write access is requested, and no changes are made to your cloud environment. Each provider guide walks through creating a service account or IAM user with the minimum permissions required.

After connecting

Scan results appear in Posture Management → Cloud Security within a few minutes of completing setup. Findings are severity-scored and grouped by resource type. Resolved findings drop off automatically on the next scan cycle.