Quick Start Guide

This guide takes you from a fresh login to your first set of findings. The walkthrough uses the web interface; an API alternative is shown at the end.

Prerequisites

Requirement	Description	Why it’s needed
A RedCloud account	An invited user with at least the `scans.run` permission	To launch scans
A valid license	The platform must be activated (`License` is valid, not locked)	Scanning is blocked while the license is invalid
A cloud account to scan	A GCP project/folder/org, AWS account, or Azure subscription	This is the scan target
Read access credentials	A service account key / role with least-privilege read access	RedCloud collects configuration read-only

Open the platform URL and sign in. RedCloud supports email/password (with optional 2FA), Google sign-in, SAML SSO, and Google Cloud IAP, depending on what your administrator enabled.

Step 2 — Connect a cloud account

Open Administration → Connections → Deployments.
Choose your provider — Google Cloud, AWS, Azure, Microsoft 365, or Google Workspace.
Follow the provider flow:
- GCP — supply a service account key, or use Workload Identity / Application Default Credentials.
- AWS — launch the guided CloudFormation stack (classic role or Workload Identity Federation), or supply keys.
- Azure — connect a subscription or tenant.
Click Test credentials to confirm the connection, then save.

The connected account now appears in the scan launcher’s Connected Accounts quick-select.

Step 3 — Run a scan

Open Administration → Operations → New Scan.
Pick a Cloud Provider (or All Clouds).
Select your Connected Account (this auto-fills the target).
Set the Scope — Project, Folder, Org, or Custom.
Choose a Profile. For a first run, mvp15 (a fast 15-check baseline) or full (comprehensive) are good choices.
(Optional) Run a Pre-scan Permission Check to confirm RedCloud has the access each service needs.
Click Launch. The scan starts asynchronously and appears in Scan History.

Step 4 — View your findings

When the scan finishes, open Findings & Risk → Issues.
Filter by severity (Critical / High / Medium / Low), search, or switch the Red / Blue / All perspective.
Open any finding to see its evidence, risk score, affected resource, and remediation guidance.
Visit Dashboard for the at-a-glance posture (KPI cards, severity donut, top attack paths).

Verification

You have completed the quick start when:

The scan shows Completed in Scan History.
The Dashboard KPI cards show non-zero identities scanned and a severity breakdown.
Issues lists findings you can open and read.

API alternative

If you prefer automation, launch the same scan over the REST API:

curl -X POST "https://<your-host>/scans" \
  -H "X-API-Key: cspm_xxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "projects": ["my-gcp-project-id"],
    "profile": "mvp15"
  }'

The call returns 202 Accepted with a scan_id. Poll GET /scans/{scan_id} for status. See the API & Developer Reference for authentication and the full request schema.

Troubleshooting

Issue	Cause	Resolution
Scan rejected before it starts	Cloud credentials expired or insufficient	Re-authenticate the connected account; run the Pre-scan Permission Check
Everything is blocked with a license error	License invalid or locked	Activate a valid license under Administration → System Settings → License
Scan completes but inventory is empty	Missing read permissions or wrong scope	Widen the scope or grant the missing read roles, then re-scan
`403` on the API call	Missing/invalid API key, or key lacks `scans.run`	Issue a key with the right permission under Administration → User Management → API Keys

Next steps

Understand the terminology in Core Concepts.
Learn the full scan launcher in Running a Scan.
Connect more clouds in Integrations.