Identity Intelligence

The identity intelligence page contains IAM user and IAM role-related information that is evaluated by pre-set rules of the ACS platform. The finding of IAM in the identity intelligence page allows users to get detailed information about IAM users and IAM roles.

The top of the identity intelligence page gives the user an overview of the

  1. Number of identities,

  2. Number of users,

  3. Number of services,

  4. 3rd Party Identities

  5. Federated Identities

etc. of the cloud account with an evaluation of the severity level of the IAM user and role.

The identity intelligence page has 5 filters to filter the data and findings of IAM users and roles

  • IAM type filter

  • Severity filter

  • Services filter

  • Label filter

  • Last activity filter

Also, users can spot the

  • All the IAM users and roles

  • Their last activity

  • Service used by IAM users and role

  • Findings for IAM users and role

IAM type filter:

The user can spot the result of the identity intelligence page by IAM type. Users can have a separate view of IAM user and IAM roles by IAM type filter

Severity filter:

The user can spot the result of the Identity intelligence page by the impact of severity as well. 4 severity parameters are available on the identity intelligence page e.g. Critical severity, High severity, Medium severity, and low severity.

Services filter:

A IAM user might take several services in a platform e.g.Amazon Managed Service for Prometheus, Amazon EC2, Amazon Route 53 Domains, AWS CloudWatch RUM, Amazon Connect Voice ID, etc. So our users can also see the result of finding the page by service taken by the IAM user.

Label filter:

Label filter allows the user to spot the result of the identity intelligence page by its label e.g. MFA, No MFA, Admin, EC2 elevated permission, 3rd party, etc.

Last activity filter:

Last activity filter allows the user to select a date range and spot the result within the date range.

All IAM users and roles:

IAM column of the identity intelligence page allows the user to see all the IAM users and roles.

Last activity:

Last activity column allows the user to spot the data of the last activity of the IAM user and role.

Service

The service column allows the user to spot the number of services taken by the IAM user. Also, it has a modal view to spot the service.

Findings:

Finding column allows the user to spot the number of finding generated for the IAM user and role. It has a brief modal view and a detailed modal view. By clicking on the finding number user can see a brief view of the modal.

Also, Finding has a details view in the modal. By clicking on the IAM user and role, our user can see the detail about the finding so that the user can take necessary action regarding the findings.

Again the user can spot more information about the IAM user and role on the modal e.g. general info, credentials info, policy attaches info, etc.

The permission tab of the modal allows the user to spot the resource and service of the IAM user and their role in the graph view

PreviousHow to Remediate findingsNextExcessive Permission

Last updated