Salto Protect helps you detect and remediate security issues in your critical applications' configuration. This capability proactively identifies risks across supported applications, provides actionable insights to strengthen your security posture, and helps you remediate these risks using standard Salto change management tools. This is especially important for sensitive configurations of enterprise security apps like IAM (Okta, Microsoft Entra ID), MDM (Jamf Pro, Microsoft Intune), EDR (Crowdstrike Falcon, Microsoft Defender for Endpoint), WAF (Cloudflare) and others.

Following every change to your environment configuration, the Salto platform runs numerous detection rules to identify new risks. In addition, Salto's Security Team continuously reviews new risks and opportunities for risk-reduction, and adds rules accordingly.

To review your security issues, start by going to the environment's Detect & Remediate tab:

In this view you can:

When you select a specific issue, you'll be able to see more details about it, and which elements the issue was detected on:

You can also select an individual occurrence to see the exact issue within the configuration element:

In case a specific issue does not pose a security risk for your organization, you can easily hide it from the view:

You can also hide elements in which the issue was detected, in case you've determined that there's no need to address the issue on that specific element:

Hidden issues and elements will not be shown in the Detect & Remediate tab. To view them or un-hide them, toggle the "Hidden" switch at the upper-right part of the table.

Each issue may have one or more remediations recommended by Salto. Click them to read more.

Remediations which include a check box can be automatically remediated by Salto. Once you select one or more of these, and click on Preview Remediations, Salto will create a Deployment targeted at your environment which contains configuration edits remediating the issue:

Once in the deployment, you can review Salto's edits before actually deploying them:

As with all Salto deployments, click the "Edit" ✏️ button to make additional edits before deploying.

When Salto detects a new security issue, it can emit a New Security Issues email.

To configure who gets these emails, go to the Detect & Remediate section in your environment's settings screen:

Salto will only send an email when a new security issue is detected. Emails will also include information about other changes in your security posture.

Salto runs an automatic scan after every fetch to your environment. That includes scheduled fetches, manual fetches, and post-deployment fetches.

Not yet; however, you can suggest new rules, or improvements to existing rules, by using the feedback dialogs. Access them using the "..." button in the Detect & Remediate view's top right corner, or on specific rules:

We plan to introduce more rule customization options in the future.

Today, Salto provides out-of-the-box detection rules for Okta, Microsoft Security apps, Jamf, Cloudflare, CrowdStrike Falcon and Salesforce.

More applications are being added on regular basis.

All Salto users can view security issues. Only Salto administrators can hide items from the view.

Remediations can be done by anyone with deployment permissions on the environment, as they are done using Salto's standard deployment mechanism.

Please email us at support@salto.io with anything else you'd like to now.