πŸ”¬Result Details

Clicking on a query result will open a drawer with that result's details. Details looks like this:

Query path

At the top of the details you'll see a graph visualization of why this result matches your query. For instance, if you select an identity with risk:exfiltration as your search, you'll see the entitlements and privileges that lead to data-exfiltration risks.

Result information

The top of the page shows detailed information for the result. The information displayed depends on the result type.

Credential

Identity

The identity accessed via this credential

Last used

The most recent date that this credential was used

Last rotated

When this credential was created

Entitlements

All entitlements that can be used for access via this credential

Risks

Access risks reachable from this credentiall, and the privileges that expose those risks

Entitlement

Principal

The principal identity that is assigned this entitlement

Role | Policy

The name of the granted role (for non-AWS systems) or policy (for AWS)

Condition

(GCP role bindings only) this role binding's access condition

Resource

The resource(s) to which this entitlement grants direct access

Risks

Reachable IAM risks for this entitlement, broken down by whether the privilege(s) that yield the risk are used or not within the previous 90 days

Accessible by

The identities that can use this entitlement, including via federation, group membership, or lateral movement

Identity

Parent

The resource in which the identity is defined (e.g. AWS account, Azure subscription, GCP project, etc.)

Last Used

The last time this identity authenticated with its identity provider

Accessible by

(Federation identities only) the identities that can gain access to your system via this federation identity

Members

(Groups only) this group's direct and indirect members

MFA

(Users only) whether two-factor authentication is required for this user

Entitlements

A link to view all of the identity's entitlements

Risks

Access risks reachable from this identity, and the privileges that expose those risks

Resource

Parent

This resource's parent resource in the system's resource hierarchy (e.g. a database table's parent resource will be its enclosing database schema); top-level resources have the service as their parent

Children

A list of all this resource's child resources (e.g. a database schema will have all its tables, indices, views, etc. as children)

Accessible by

All identities that have direct access to this resource

Last updated