Cloud Security Connectors¶
Cloud security connectors give AI agents visibility into cloud infrastructure posture, workload vulnerabilities, and cloud-native threat detections across AWS, Azure, and GCP environments. Agents use these connectors to query findings, manage security policies, triage cloud misconfigurations, and orchestrate remediation workflows.
Read operations such as listing findings and querying posture assessments are LOW risk. Operations that modify security group rules, suppress findings, or alter cloud security policies carry MEDIUM to HIGH risk.
| Connector | Operations | Risk Levels | Description |
|---|---|---|---|
| Wiz | 20 | LOW, MEDIUM, HIGH | Wiz CNAPP operations for issue management, graph queries, vulnerability scanning results, and cloud configuration assessments |
| Prisma Cloud | 27 | LOW, MEDIUM, HIGH | Palo Alto Prisma Cloud operations for alert management, compliance posture, RQL queries, and cloud resource inventory |
| AWS Security Hub | 26 | LOW, MEDIUM, HIGH | AWS Security Hub operations for findings management, standards control, insight queries, and cross-account aggregation |
| AWS GuardDuty | 25 | LOW, MEDIUM, HIGH | AWS GuardDuty operations for finding management, detector configuration, threat intel sets, and IP/filter list management |
| AWS WAF | 25 | LOW, MEDIUM, HIGH | AWS WAF operations for web ACL management, IP set rules, rate-based rules, regex pattern sets, and rule group configuration |
| GCP Security Command Center | 25 | LOW, MEDIUM, HIGH | Google Cloud SCC operations for findings management, asset discovery, notification configs, and organization-level security marks |
| Lacework | 27 | LOW, MEDIUM, HIGH | Lacework operations for alert management, compliance evaluations, vulnerability assessments, and cloud activity anomaly queries |
| Orca Security | 25 | LOW, MEDIUM, HIGH | Orca Security operations for asset inventory, alert management, compliance status, and side-scanning vulnerability results |
| Microsoft Defender for Cloud | 25 | LOW, MEDIUM, HIGH | Microsoft Defender for Cloud operations for security recommendations, alert management, regulatory compliance, and secure score queries |
| Azure Sentinel SOAR | 21 | LOW, MEDIUM, HIGH | Azure Sentinel SOAR automation operations for playbook triggering, logic app management, and incident response orchestration |
| CrowdStrike Horizon | 17 | LOW, MEDIUM | CrowdStrike Falcon Horizon operations for cloud registration management, IoA detection, and multi-cloud posture assessment |