How do I interpret the Cloud Security assessment results?
This page explains how to read results from cloud security reports in Holm Security Center and how to act on them across all supported cloud platforms after a scan completes.
The report is opened from Assessments > Scans, by selecting the Cloud filter and clicking the relevant scan in the list. If a scan has not yet been run, refer to the platform-specific scanning setup documentation.
Status tabs
The top of the report groups findings by status. Each tab shows the count of findings in that state.
| Tab: | Meaning: | Action expected: |
|---|---|---|
| Passed | Passed without any vulnerability found. | None. |
| Warning | Potential misconfiguration vulnerability but does not pose an immediate risk. | Review and decide whether to harden further. |
| Failed | Misconfiguration vulnerability that poses an immediate risk. | Remediate using the SOLUTION tab on the finding. |
| Unknown | The results could not be determined due to API failure or faulty permissions. | Check authentication first, then verify manually using the SOLUTION steps and record the outcome. |
Understanding Unknown results
An Unknown result is not necessarily a failure, it means the assessment could not determine the security status. This commonly occurs when:
- API failure
Service unavailability, rate limits, or connectivity issues prevented data collection. - Insufficient permissions
Invalid credentials, expired tokens, or insufficient access rights blocked the assessment (most common cause). - Manual verification required
The control requires human review (primarily applies to Microsoft 365 due to API limitations).
Getting started with your results
If this is your first time viewing scan results:
- Start with Fail findings
These are confirmed security issues that need immediate attention. - Check authentication first
If you see many UNKNOWN results, check the authentication plugins listed below to ensure your credentials are working. - Prioritize by severity
Address Critical and High severity findings before Medium and Low. - Use the SOLUTION tab
Each finding has step-by-step fix instructions in the SOLUTION tab.
Many unknown results?
If the majority of your results show as Unknown, this is most likely an authentication or permissions issue. Fix credentials before investigating individual findings, as authentication problems often cause widespread Unknown results across multiple checks.
Troubleshooting authentication and permission failures
When troubleshooting Unknown results, check the platform-specific permission check plugins below to verify that your credentials are working correctly.
| Platform: | Plugin name: | Purpose: |
|---|---|---|
| AWS | Holm Security AWS Permission Check | Verifies AWS credentials and required permissions for scanning |
| Azure | Holm Security Azure Permission Check | Verifies Azure App Registration credentials and role assignments |
| Google Cloud | Holm Security GCP Permission Check | Verifies GCP service account credentials and project/organization permissions |
| Oracle Cloud | Holm Security Oracle Cloud Permission Check | Verifies OCI credentials and required policies for scanning |
| Microsoft 365 | Holm Security Microsoft 365 Permission Check | Verifies M365 app permissions and tenant access |
If any of these authentication plugins show FAIL or UNKNOWN, resolve the credential/permission issues before investigating other UNKNOWN findings, as authentication problems often cause widespread UNKNOWN results across multiple checks.
Microsoft 365 — manual verification note
Microsoft 365 is unique among the supported platforms in having genuine manual verification requirements. Out of 118 M365 security checks, approximately 13 are marked as requiring manual verification for the following reasons:
API limitations
Some M365 settings are only visible in admin portals with no supported API access:
- High-risk user notification configurations.
- Audit log forwarding to external SIEM systems.
- Internal compliance retention requirements.
Third-party products
Controls that apply when non-Microsoft products are used:
- Third-party anti-malware solutions for Exchange.
- External DLP solutions.
- Custom SIEM integrations.
For Microsoft 365 manual verification findings, the SOLUTION tab provides exact admin center navigation paths to verify the settings. These are legitimate manual checks, not authentication failures.