Cloud monitoring is an essential mechanism for helping secure cloud services. Thus, a plethora of monitoring schemas have been proposed in recent years. Particularly, a newly proposed indirect monitoring mechanism outperforms others with the unique merit of addressing scenarios where the information of the monitoring target is not directly accessible. To conduct indirect cloud security monitoring, a key prerequisite is to obtain a special set of monitoring data termed “monitoring path”. However, how to ascertain the monitoring path is still an open issue. In this paper, we propose Flashlight as a novel monitoring path identification mechanism to address the gap where the information of monitoring targets is inaccessible. For this purpose, Flashlight first introduces a novel data reduction technique to filter unnecessary monitoring information. Second, Flashlight develops a data association approach to identify the monitoring path by utilizing data relations and data attributes. Third, Flashlight devises a monitoring property graph to support fine-grain monitoring path identification as well as represent identified monitoring paths. In addition, the efficacy of our proposed approach is demonstrated by the case studies where Flashlight successfully identifies the monitoring paths for underpinning indirect cloud monitoring. © 2018 Association for Computing Machinery.