Big Cranium Logo White.png
TrainingHelp Center
Find the insights and best practices about our product.
General
FAQs
System & Network Requirements
Getting Started
My AI Dashboard Overview
Release Notes
2026.4.2 Release Notes
2026.4.1 Release Notes
2026.3.1 Release Notes
2026.2.2 Release Notes
2026.2.1 Release Notes
2026.1.1 Release Notes
2025.12.1 Release Notes
2025.11.1 Release Notes
2025.10.3 Release Notes
2025.10.1 Release Notes
2025.9.1 Release Notes
2025.8.1 Release Notes
2025.7.1 Release Notes
2025.4.1 Release Notes
2025.3.1 Release Notes
2025.1.1 Release Notes
2024.12.1 Release Notes
AI Manager
My AI Systems
My AI Systems Overview
AI System Details Overview
Adding a New AI System
Self-Attesting to a Compliance Framework
Compliance Scoring
Compliance Agent [Beta]
My AI Supply Chain
Supply Chain Overview
Managing Outgoing AI Card Requests
Responding to an AI Card Request
Publishing an AI Card Without a Request
My Vendors Overview
Artifacts
Bill of Materials
Bill of Materials Overview
Creating a Bill of Materials with CodeSensor
Self-Attest to a Bill of Materials
AgentSensor Overview
Technology Search Overview
Document Library
Document Library Overview
Vulnerability Management
Arena Shield
Arena Shield Overview
Shield YAML Implementation Guide
Arena
AI Arena Overview
Vulnerability Assessment
Vulnerability Management
Vulnerability Assessment Overview
Accessing a Vulnerability Assessment
Adversarial Inputs Detector
Vulnerabilities Overview
Settings
User Manager Overview
Detect AI
Integrations
Accessing a Private VCS
Registering SSH for CodeSensor
Integrating Bitbucket with Cranium
Integrating GitHub with Cranium
Integrating GitLab with Cranium
Integrating Azure DevOps with Cranium
Continuous Monitoring Overview
VCS Service Rate Limits
CloudSensor
CloudSensor Overview
Public API
Public API Overview
Authentication & Generating Credentials
Pagination & Incremental Sync
Rate Limits & Error Handling
Endpoint Reference
Bills of Materials
Technology Vulnerabilities
Arena Models
Arena Model Vulnerabilities
Home
CloudSensor
CloudSensor Overview
CloudSensor Overview

Introduction

CloudSensor is a cloud security monitoring service that integrates with Azure environments to discover security alerts, monitor unauthorized changes, and assess role-based access controls. The service provides automated scheduling, AI-powered remediation recommendations, and shareable compliance reports for external parties.

Managing CloudSensor Integrations

Navigate to CloudSensor Integrations

Access CloudSensor features through the main application interface. In the navigation drawer, click Settings, then select Cloud Sensor Integrations.

CloudSensor Integrations List

The integrations list displays key operational information for each configured Azure environment connection:

  • Status Indicator: Green shows active and healthy operation
  • Last Update: Timestamp of the most recent successful scan
  • Schedule: Frequency of automated scans (e.g., "every 6 hours")
  • Setup Details: Integration creator and creation date

Managing Existing Integrations

Each integration provides management options through the three-dot action menu:

  • Edit Integration: Modify scan schedules and configuration settings
  • Test Integration: Verify connectivity and Azure permissions
  • Delete Integration: Remove integration and stop all scheduled scans

Understanding the CloudSensor Dashboard

Dashboard Overview

The CloudSensor dashboard displays discovered security items categorized by type and assigned health states based on detected evidence and AI analysis.

Security Categories

Security Monitoring Alerting - Tracks security alerts and their occurrences across your Azure environment. Items are classified as critical when no activity is detected within 7 days or when the last update falls outside acceptable time bounds (21+ days).

Unauthorized Change Protection - Monitors for unauthorized changes and privilege escalation attempts. Items receive critical classification when medium or high severity privilege escalation occurrences are detected.

Role Assignment Detection - Assesses role-based access control implementation. Items are marked healthy when evidence shows over 10,000 role assignments across service principals and users, indicating proper RBAC implementation.

Health State Definitions

Creating and Sharing PDF Reports

Generate PDF Reports

CloudSensor creates PDF versions of your security dashboard for external sharing and compliance purposes.

PDF Report Contents

  • Complete security dashboard overview
  • All security categories with health states
  • Evidence counts and AI-generated remediation recommendations
  • Timestamps showing data currency

Attach Reports to AI Systems

  1. Click the Attach PDF Report to AI System button in the CloudSensor dashboard.
  2. Search and select the target AI System(s) from the dropdown
  3. Click the blue Attach button

CloudSensor reports can be attached to AI Systems and shared as artifacts in AI Cards.

Setting Up New Azure Tenant Integrations

Prerequisites

  • Azure Tenant ID for the target monitoring environment
  • Azure administrator permissions for the tenant
  • Active CloudSensor license for your organization

Create Integration

  1. Navigate to CloudSensor Integrations
  2. Click 'Add New Integration' button
  3. Provide a name and description
  4. Input the Azure Tenant ID
  5. Set scanning schedule (recommended every 4-6 hours)
  6. Save the integration

The new integration displays with "New" status and provides an activation link for Azure portal configuration.

Azure Portal Activation

Activate Integration

  1. Click the activation link in the integration's record
  2. You will be redirected to your Azure portal for authentication
  3. Sign in with Azure administrator credentials
  4. Review and approve permission requests for CloudSensor

Required Permissions

The activation process requests access to read security alerts and configurations, monitor role assignments, access compliance and audit logs, and detect unauthorized changes.

Post-Activation Discovery

After successful Azure portal activation, the integration status changes to "Active" and CloudSensor begins initial discovery scanning. The dashboard populates with discovered security items, though some may initially appear as "Unknown" until sufficient data is collected for proper classification.

Troubleshooting Activation Issues

  • Verify Azure administrator privileges are active
  • Confirm Azure Tenant ID accuracy
  • Check network connectivity and firewall settings
  • Validate CloudSensor licensing status

Health State Classifications and Remediation

CloudSensor uses AI-powered analysis with RAG (Retrieval Augmented Generation) to provide contextual remediation recommendations based on specific security findings and best practice databases.

Using AI Remediation Recommendations

Review the generated suggestions for applicability to your environment, prioritize critical items for immediate action, implement recommended changes following provided step-by-step guidance, and monitor subsequent scans for health state improvements.

Did this answer your question?
Related Articles
Bill of Materials Overview
Detect AI
My AI Systems Overview
VCS Service Rate Limits