> For the complete documentation index, see [llms.txt](https://docs.p0.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.p0.dev/getting-started/getting-started-with-posture.md).

# Getting Started with Posture

With [Posture](/readme/posture.md), P0 automatically scans your cloud environment for access risks, such as overprivileged accounts, unused privileged access, and risky lateral-movement paths. This guide walks you through your first scan and shows you how to review, triage, and remediate the findings P0 surfaces.

## Steps to get started

This guide provides the following sections to help you get up and running with Posture:

1. [Set up an account](#set-up-an-account)
2. [Connect your cloud and run your first scan](#connect-your-cloud-and-run-your-first-scan)
3. [Review your posture findings](#review-your-posture-findings)
4. [Investigate and triage a finding](#investigate-and-triage-a-finding)
5. [Create a custom monitor](#create-a-custom-monitor)

{% hint style="info" %}
Setup takes about 15 minutes. Your first scan then runs in the background and may take additional time to complete, depending on the size of your environment.
{% endhint %}

{% hint style="info" %}
This guide uses the following terms:

* **Monitor:** A rule that P0 evaluates against your access graph to detect a class of access risk. P0 provides built-in monitors, and you can define your own.
* **Finding:** A single issue that a monitor detects in your environment.
  {% endhint %}

## Set up an account

To create your P0 account:

1. Create a free P0 account at <https://p0.app/create-account>. All you need is an email address.
2. Set up a cloud integration through the guided onboarding flow (select **Privilege Governance**). You can skip this step and instead connect your cloud in the [next step](#connect-your-cloud-and-run-your-first-scan).

## Connect your cloud and run your first scan

Posture findings come from a scan of your cloud environment. To connect a cloud provider, create an environment, and run your first scan, follow the steps in [Creating an Environment](/environments/creating-an-environment.md).

{% hint style="info" %}
If you already use P0 for just-in-time access, you still need to complete this step. Data collection for Posture requires different permissions in your cloud provider than access orchestration does.
{% endhint %}

When the scan completes, P0 evaluates its built-in monitors against your access graph and populates your findings. Select **Dashboard** to confirm that your first scan has finished.

{% hint style="info" %}
A single environment and scan power both products. The same data also feeds [Access Inventory](/inventory/access-inventory.md), a queryable view of every identity, entitlement, and resource P0 collected. To explore it, see [Getting started with Access Inventory](/getting-started/getting-started-with-access-inventory.md).
{% endhint %}

## Review your posture findings

Select **Posture** in the P0 app sidebar to see the results of each monitor.

<figure><img src="/files/En5gA1PKFJUuR8KQeqoO" alt="Posture overview page showing findings summary with urgent, new, and average age metrics, filter controls, and a list of monitors with severity and count"><figcaption><p>The Posture overview lists each monitor with its severity and finding count.</p></figcaption></figure>

By default, this page shows all open findings, ranked by severity. To narrow the list:

* Select the filter icon to reveal the filter controls.
* Use the **Status** dropdown to filter by finding status: `Open`, `Ignored`, or `Resolved`.
* Enable the **Unassigned** checkbox to show only findings that aren't assigned.
* Narrow results to a specific target scope, such as an AWS account, Azure subscription, or GCP project.

To work through a single monitor, select it to open its [Monitor Results](/posture/monitor-results.md) page. This page shows the monitor's description, its history of new and resolved findings, and the full list of findings.

{% hint style="info" %}
Start with your highest-severity monitors. P0 resolves findings automatically once they no longer appear in a later scan, so focus your first session on the issues that matter most.
{% endhint %}

## Investigate and triage a finding

Select **view** next to a finding to open its [details](/posture/finding-details.md). From here, you can understand the risk and decide how to act on it.

<figure><img src="/files/2zdfyiAEzfqElwIxNG8P" alt="Finding details page showing attack path visualization, actions for Assign, Ignore, and Review fix, and risk details for an AWS IAM policy" width="563"><figcaption><p>A finding's details page shows its attack path and the actions you can take.</p></figcaption></figure>

For each finding, you can:

* **Review the attack path.** P0 shows how an actor holding the identity can gain risky access to your system.
* **Review fix.** For P0-provided monitors, P0 generates cloud shell commands that resolve the finding, such as replacing an overly permissive policy with a least-privilege one.
* **Assign.** If you've connected P0 to [Jira](/integrations/tracker-integrations/jira.md), assign the finding for resolution. P0 creates a ticket containing the finding description, its context, and any resolution commands.
* **Ignore.** Document an acceptable risk. The finding no longer appears in your results unless you filter by `Ignored` status.
* **Add notes.** Record a business justification or other context directly on the finding.

{% hint style="info" %}
You can assign, ignore, or review fixes for several findings at once from a monitor's results page using bulk actions.
{% endhint %}

## Create a custom monitor

Beyond P0's built-in monitors, you can define custom monitors to enforce your organization's own access policies. A custom monitor starts from a query in the [Access Inventory](/inventory/access-inventory.md):

1. In the Inventory, select a **show** option and enter a **where** query.
2. When the results match what you expect, select **Save Search**.
3. Enable the **Create a monitor for this search?** toggle, then add a title, description, and severity.

P0 evaluates your custom monitor on every scan, and its results appear alongside the built-in monitors in [Monitor Results](/posture/monitor-results.md). For full details, see [Creating custom monitors](/inventory/access-inventory.md#creating-custom-monitors).

## What's next

If you run into any issues, contact <support@p0.dev> for help.

Now that you can review and triage posture findings, you can:

* Run [custom queries to explore your environment](/inventory/query-search.md)
* Connect P0 to a [ticketing system](/integrations/tracker-integrations.md) to assign findings automatically
* Connect P0 to [your directory](/integrations/directory-integrations.md) to enrich identity data
* Add more cloud accounts and resources by [creating additional environments](/environments/creating-an-environment.md)
* Start using [P0's just-in-time access](/getting-started/getting-started-with-just-in-time-access.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.p0.dev/getting-started/getting-started-with-posture.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.