# Identity Intelligence

{% embed url="<https://youtu.be/-ip5yggmsNc>" %}

The identity intelligence page contains IAM user and IAM role-related information that is evaluated by pre-set rules of the ACS platform. The finding of IAM in the identity intelligence page allows users to get detailed information about IAM users and IAM roles.

<figure><img src="https://lh5.googleusercontent.com/12AuWUms-8KbKwXquP1XhtaxUCZHkvZtenHuAKkMtqcvYqzYsInK_jpexUEKQR0_1mBZ9OlJoN-IUO8wsbM7Rl_6EY5T5dpAsgIYK2_HR17yjbUQIBoQbZq0yt9Jja7VQ02CY9Wg0U8UgMj96PN6yz-IvaOEfgj27Ffgi_d11Etk4fWCQ_Gbzdu-bAUaxg" alt=""><figcaption></figcaption></figure>

The top of the identity intelligence page gives the user an overview of the

1. Number of identities,&#x20;
2. Number of users,&#x20;
3. Number of services,&#x20;
4. 3rd Party Identities&#x20;
5. Federated Identities

etc. of the cloud account with an evaluation of the severity level of the IAM user and role.

<figure><img src="https://lh6.googleusercontent.com/JjRZlSSYpWXJNxpgaJmI5IcMS0f_6Z-KHUpSrigbNYnG9EOrcRvGzKcYL5_QE_lbzHESsQOcCWGeJVcHgwJVgo4o-2YgZc3AEqijSLjXOAHVv7nBcHKWUHCLdWxqKhsHzAoDjrKKgAnt8LkjrkXd9mSRZPOZ_cb5FAFryAyiwWUdr7Rjb_4nX2DQ0XpHpA" alt=""><figcaption></figcaption></figure>

The identity intelligence page has 5 filters to filter the data and findings of IAM users and roles

* &#x20;IAM type filter&#x20;
* Severity filter&#x20;
* Services filter
* Label filter&#x20;
* Last activity filter

Also, users can spot the

* All the IAM users and roles&#x20;
* Their last activity&#x20;
* Service used by IAM users and role&#x20;
* Findings for IAM users and role

### IAM type filter:

The user can spot the result of the identity intelligence page by IAM type. Users can have a separate view of IAM user and IAM roles by IAM type filter

<figure><img src="https://lh5.googleusercontent.com/BXOokeNtRelHXGnyHnFe0NaV0B9nquITMozyOcXUpJUwuNMzdK5d_HW2EOQmvaRU-WA6OmgElGexcxNlYtGAAZoYNuUSviwzEryEOrIysnJHT1aYesiJqeDbDf1rdfT0sH7SzGEYoEoWhVwSaz0WiJZCvUt-aQAHgGWal3s-Tm67ZzsteY7Z5gd8ZB5z9Q" alt=""><figcaption></figcaption></figure>

### Severity filter:

The user can spot the result of the Identity intelligence page by the impact of severity as well. 4 severity parameters are available on the identity intelligence page e.g. Critical severity, High severity, Medium severity, and low severity.

<figure><img src="https://lh6.googleusercontent.com/X3A6KnSuFl8FSYunFugLHH8uNwOiCtVHDxsn5sgs3PtZymGBiGs8pAvVWzHwimYzVn5xEbp7o67Apdc1n6r_4oZH-UOXa2jGKMw2RgGvxpcBavPKPEw44ZwFJfFStJDDzvsHkAhH_9gRVZ6QroWI9zbox57PFWM8ktD9tM86kcaLky6rVWhSaZDC3aOsaA" alt=""><figcaption></figcaption></figure>

### Services filter:

A IAM user might take several services in a platform e.g.Amazon Managed Service for Prometheus, Amazon EC2, Amazon Route 53 Domains, AWS CloudWatch RUM, Amazon Connect Voice ID, etc. So our users can also see the result of finding the page by service taken by the IAM user.

<figure><img src="https://lh4.googleusercontent.com/A0aZVxbbCzMtSayVL1BOVUkvQcmoSN4wIltKkzCAD8HM3sNZF7JoEVHPcB05fMgUR1EL40KxtTaBZ1HXU1mdprOYLqLLiCC8xUOUZj4Eap7xcTZGw_w5xs2n76eULNpodPEHjsUwrWCM-YO-FGVcAyKHwHaBRKRoulc7Pi-Tn6Oj5yvk13mtbYAGZ_Q0kA" alt=""><figcaption></figcaption></figure>

### Label filter:

Label filter allows the user to spot the result of the identity intelligence page by its label e.g. MFA, No MFA, Admin, EC2 elevated permission, 3rd party, etc.

<figure><img src="https://lh4.googleusercontent.com/kEw8IfVQguu2WUM2BYld179e91zLx9H6-0WDGCxpynfaArLEA9t9OJ2e7fqz8u7vaA5WPuybrC_0BPv6AoVe7U3VzhkOVSqbg2S8MPaXHA9c-GtQBKAAfSZXw4ZMDXW98miKLzbgxrv2Rwg_iI5vs4lQAxDml7x_bgOz1h6j04Xs1i5lE5XJ_wv3CesFSQ" alt=""><figcaption></figcaption></figure>

### Last activity filter:

Last activity filter allows the user to select a date range and spot the result within the date range.

<figure><img src="https://lh3.googleusercontent.com/cJlq-gCc_zRGxIw9KlNjcb-6phhKY02bh9s519B-rgl0uo4bWR9tEsRn1JGCt62ZkPYGZQKdEnYQ35PzmoWoDJPeIo8B44nETHDHkuyz-VMN6DlbA-oFqmrfm10tpQ2kYlUW2fZjrbI9TRgECmz27a0XXytYCTzX3qJ1HFssF7jSHL-wHPlvFJ96BRmrvg" alt=""><figcaption></figcaption></figure>

<figure><img src="https://lh3.googleusercontent.com/ydCbkMVp_8Bf6ZMuSAlPQQgBWbFV2OtLNA7lwlOQO9QIbn_ygqXTjR63_Z40UZ8CDWrQOu5twtGq1GXjiMeOfVEuxLspDGvYje1BgbRcVpjifsWFu-PAn4S4naKcI5o_xaSWd0DOkUU02cKsX15zTiARyL-cUdTMfBayYHu-PK_ZGCzHAMqBVmUt--7bQg" alt=""><figcaption></figcaption></figure>

### All IAM users and roles:

IAM column of the identity intelligence page allows the user to see all the IAM users and roles.

<figure><img src="https://lh6.googleusercontent.com/9NA_t5yERD1sHd-TRbhLQlTXoSoOyFbK1UfC_DyHdMf_rD0qB10ME2ErQBq6cvN_UJi-MHxmlRL93QIZVhSCrLgcdLlvz9HpbU5-TDZilPsS9HKFd25bauggY1utJjHijrHABYYjBoWXPbWKr1mqWYaLwlvPz664NQywgYdZ_DXxAeyyb26JinP1-H0T1Q" alt=""><figcaption></figcaption></figure>

### Last activity:

Last activity column allows the user to spot the data of the last activity of the IAM user and role.

<figure><img src="https://lh3.googleusercontent.com/Yo2-G55ge4G2iy8XxOkcVWXI4gpEA_JkvwyOMWMFk0FI5axZCXHujKGK78E-zKOpSegcvw3yI7C_8uVqueXt2lEVrj7wYjFykV13Kjm6bEzLpahNuTDF5UyTQEcUzts9TO4RNui2LexCGpexMy2SNjp_p-0a1jRWgiIXEkM9bDv8Kdu8qZvfmlpelkzbRg" alt=""><figcaption></figcaption></figure>

### Service&#x20;

The service column allows the user to spot the number of services taken by the IAM user. Also, it has a modal view to spot the service.

<figure><img src="https://lh5.googleusercontent.com/JkdxNT6aoWwQ-564pBauBl-bQaN_8ThKaJBR3Q5sfzysCLR5o3bNLU0jnED_mB-O6LkaWRwT1MCTjCJRkiLWZ8dG6n7Z3RY5HWLCv4q1Mr3KoO3PPBap2chGLOays0hkKigaof-Kqg027crLc-_31f2pHg1JEd9AWVDa3X6qc_cLVAmnh9XM43QFxflYuQ" alt=""><figcaption></figcaption></figure>

<figure><img src="https://lh4.googleusercontent.com/4Dbnfkvyj7_rUz44UOfQ8VxNXQrJy29hIteOQlWjIaZ90McHjGzEmDB3unJKl0bL3-WZyTecVBFT26UTXXEWT9wIPnFKedcsNDcNRQTCeoP0FHzSL2Ldj7cE30Mer9e8YvCE4btTOUOwGdAsNwCct2L-Yt_klS-SMQKsSw1rb67vapoT4E3xaUxpp-OFtw" alt=""><figcaption></figcaption></figure>

### Findings:&#x20;

Finding column allows the user to spot the number of finding generated for the IAM user and role. It has a brief modal view and a detailed modal view. By clicking on the finding number user can see a brief view of the modal.

<figure><img src="https://lh3.googleusercontent.com/JQdTENucEOk7iBb3oTlFLP61TJ4aorkcq44Ul0Q3NMhYwXeX1GE5dLdktMO3rfcDECRYtMugO2xEdjdfy3HJvFjLNdzWc27EmGr2VoZ-SOdY0qKUwnxSfaegqGy3V2bZFsSeHoI0EAemDrrOL2U4ikIEEaaHm36hNYNzejkY8kRpQfCcEJZhcIE3FedXZA" alt=""><figcaption></figcaption></figure>

<figure><img src="https://lh4.googleusercontent.com/s1BN-adxfGwiTkhcdWEYGDSUZLkw2V04KnrMZzWTZqCKhPuBWENz13zOCsYoNTEUN8S4qVGItDotNrKEQzsAPWffZ74HDoXAXFx4NnJ2_B-LfEZuV67k5DKmE_8AZKWAYRB16bg3PlESFQMbY0uvn7xXTIMdaQ2DC-qYeRp77j1l8hZvyckmbVYlCaLR6w" alt=""><figcaption></figcaption></figure>

Also, Finding has a details view in the modal. By clicking on the IAM user and role, our user can see the detail about the finding so that the user can take necessary action regarding the findings.

<figure><img src="https://lh5.googleusercontent.com/MRA-WnX5N3LUfaCJLDyQbRkbx7gopI9s1u2gJ6ErHWIRhRV6WA8N8BoZElfG3NQ4dU-DfLlUl5Xs2lyV2siolcQDIZoMtgPW9Q7Pdav6uJseXCVjkzCU0xww4JwchoBK25tk97ibawizC_0cuYmE_kG2LXV6KexQBkso2a_JLYEMZyBbnkTcG-qkhBAHjQ" alt=""><figcaption></figcaption></figure>

Again the user can spot more information about the IAM user and role on the modal e.g. general info, credentials info, policy attaches info, etc.

<figure><img src="https://lh4.googleusercontent.com/yypMRpjdeHnAwBNbME8NBr1yxEA8xwhX7XWNeo5Ndx9-uL_Y2aBA9sFiEXSRyZhbsCbXUFQ0XD6cTPj85GnRq0RpDii6JGSHFEx3LiU3EanKRN0EvAjl2ZYYiPiMB0GFPHNRSOZIO2r_X1Khjg8ZNIboYw9S2qwM4SZY0EF6Bggk1Hp3jkNol4Zlij1X7w" alt=""><figcaption></figcaption></figure>

The permission tab of the modal allows the user to spot the resource and service of the IAM user and their role in the graph view

<figure><img src="https://lh3.googleusercontent.com/FGEXxwX46B1JG0uSmpUBGcQ7qJXWHTf4Jk2m3c6zURBmF3dCWqFPBPHk9RzB3uACl6A8cOs6wy37bb51ZIGeL5r8uxGCbeXF3p4WkFcQ9_yeEBcXr1jvhjNyISC5AS1aVnQhFVQq1MPgOnNJucOnvbQST0ycOCS0e8gNembKQwHNaDEr4a0bnI9vOxt8tw" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs-acs.clouddefenseai.com/identity-and-access-management/identity-intelligence.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.