🚀

Getting Started

Quick Start Guide

Welcome to EchelonGraph. Get up and running in under 10 minutes — connect your cloud, run your first scan, and see your entire attack surface.

1. Create Your Account

Sign up at echelongraph.io/signup with your work email. Your workspace is created with complete tenant isolation from day one — your data is fully separated from every other customer.

2. Connect Your Cloud Accounts

Navigate to Settings → Cloud Accounts and click Add Cloud Account. EchelonGraph connects using read-only credentials — we never request write, delete, or modify access to your cloud environment.

We support all three major cloud providers:

  • AWS: Cross-account IAM Role with SecurityAudit policy
  • GCP: Service account with read-only Viewer role (or Workload Identity Federation for zero-secret access)
  • Azure: App Registration with Reader role on target subscriptions

See Integrations for step-by-step setup guides for each provider.

3. Run Your First Scan

Once connected, EchelonGraph automatically initiates an agentless scan. The scanner queries your cloud provider APIs to discover:

  • Compute: VMs, serverless functions, container services
  • Network: VPCs, subnets, security groups, firewalls, load balancers
  • Storage: Object stores, block storage — with encryption and access policy checks
  • Identity: IAM users, roles, policies, service accounts
  • Data: Managed databases — encryption status, public access, backup configuration
  • Certificates: TLS certificates and their expiry dates

The scan also runs 440+ misconfiguration rules mapped to CIS v2.0 benchmarks and automatically correlates known CVEs against your infrastructure.

No agents to install. No disk snapshots. No write permissions. Pure API-based discovery.

4. View Your Attack Surface

Navigate to the Dashboard to see your interactive 3D blast radius graph. Click any node to explore:

  • Asset properties and cloud metadata
  • Known vulnerabilities with CVSS scores
  • Attack path analysis showing reachable paths from the internet
  • Blast radius impact — which resources are at risk if this node is compromised

5. Check Compliance

Go to Compliance to see live scores across 9 frameworks: SOC 2, GDPR, ISO 27001, NIST CSF 2.0, PCI DSS 4.0, HIPAA, CIS v2.0, DPDP Act, and ISMS-P. Each control shows Pass, Fail, Partial, or N/A — with actionable remediation guidance for every finding.

6. Invite Your Team

Navigate to Settings → Users to invite team members with role-based access:

  • Viewer: Read-only access to dashboards and reports
  • Analyst: Manage alerts, create reports, export data
  • Operator: Manage scans, assets, and integrations
  • Admin: Full tenant administration

Next Steps

  • Integrations — Step-by-step AWS, GCP, Azure, and SSO setup guides
  • Scanning Tiers — Compare agentless, network, and runtime scanning
  • Security — Configure SSO, MFA, and RBAC for your organization
  • Compliance — Deep dive into 9 supported frameworks
  • Data Sovereignty — Deployment options for strict data residency requirements
NextAPI Reference