How RedCloud Works
Overview
Section titled “Overview”RedCloud is not a one-shot scanner — it’s a continuously operating platform. This page explains the end-to-end flow of a single assessment and the dynamics that keep it current between scans.
The end-to-end flow
Section titled “The end-to-end flow”Connect cloud → Scan → Findings & risk → Attack paths → Remediation → Report │ │ └────────────── re-scan / verify ◄──────────────┘- Connect a cloud account with least-privilege read access.
- Scan — a five-stage pipeline collects inventory and runs checks (see How Scanning Works).
- Findings & risk — issues are scored by severity and environment-aware risk.
- Attack paths — findings are chained into attack paths mapped to MITRE ATT&CK.
- Remediation — a prioritized roadmap, trackers, and automated fixers close issues.
- Report — branded, bilingual reports for every audience.
- Verify — revalidate findings and re-scan to confirm closure.
What makes it dynamic
Section titled “What makes it dynamic”RedCloud keeps working between your scans:
| Dynamic | What happens |
|---|---|
| Scheduled scans | The scheduler runs recurring scans automatically, so posture stays current without manual launches. |
| RedCloud Brain cycles | Daily planning and nightly execution gather fresh intelligence (CVE/KEV/EPSS/ATT&CK) and turn it into learned detection — coverage keeps pace with new threats. See RedCloud Brain. |
| Drift detection & time-travel | Each scan is a point in time; RedCloud compares scans to surface configuration drift, and the architecture canvas can replay how your environment changed. |
| Real-time scan progress | Scans report stage and percentage live, with streaming logs you can watch in the Scan Investigation Console. |
| Native findings sync | GCP Security Command Center and AWS Security Hub findings are pulled in and normalized alongside RedCloud’s own. |
| Continuous IaC sync | The Fabric deep-sync keeps infrastructure-as-code intelligence current, with AI briefings on version changes surfaced in System Updates. |
| Autonomous operation | Within Rules of Engagement, the autonomous agent can plan and execute security work across multiple parallel sessions. |
Where the data lives
Section titled “Where the data lives”Everything runs in your environment: application state in PostgreSQL, scan artifacts on a tenant-scoped volume. All of it is strictly tenant-isolated. See Architecture and Tenant Isolation.