The Upwind Posture Detection Passthrough rule re-raises Upwind cloud posture and CSPM findings inside Panther to centralize cloud posture monitoring. It targets cloud misconfigurations, exposed secrets, configuration drift, and CSPM policy violations by correlating Upwind findings with Panther resources. The rule queries Upwind.Detections for posture findings across the same resource.cloud_account_id and resource.type within the past 30 days to determine if the condition is an isolated misconfiguration or indicative of systemic risk. It then reviews resource.risk_categories and triggers[].policy_name to identify which compliance policies are violated and the scope of exposure. To assess active exploitation, it searches for runtime or network threat detections against the same resource.name or resource.cloud_account_id in the past 7 days. The rule maps notable findings to MITRE ATT&CK, notably Exfiltration (TA0010/T1530) and Data from Cloud Storage (TA0005/T1562). Operationally, the rule is Enabled and marked Experimental with a deduplication window of 1440 minutes and a threshold of 1, designed to surface relevant posture events promptly while reducing noise. The included tests illustrate typical posture findings (public S3 bucket, overly permissive IAM role) and a non-posture/false-positive scenario, guiding analysts on expected behavior. This passthrough enables faster risk prioritization, cross-resource correlation, and consistency between Upwind CSPM signals and Panther alerts, while allowing security teams to observe posture-related incidents alongside runtime and network detections.