Analyze an assessment

Review access risk across principals using filters and tiered insights

After an assessment is completed, you can assess your security posture on the View Assessment page in both visual and tabular formats:

  • Visual widgets highlight key insights from the assessment and also act as interactive filters.

  • The table below displays detailed data for each principal and can be filtered using the widgets or additional filter controls.

View Assessment page

Analyze assessment details

Follow these steps to analyze the assessment:

  1. On the Access Discovery page, in the row of an assessment, click Explore. The View Assessment page opens.

The top section of the assessment displays the last assessment date, selected integration, number of accounts, number of identities, number of principals, and the status of the assessment.

  1. Filter the assessment by clicking a widget and viewing the details in the table.

Clicking a widget to filter the assessment also selects the corresponding criteria in the dropdown filter menus. You can also apply filters directly through the dropdown filter menus.

Each widget and table column is explained in the following sections. After exploring the assessment, you can investigate and resolve overprivileged access.

Widgets

Widget
Description

Overprivilege

Represents the percentage of permissions not used by a principal within the selected integration

Overprivilege over time

Displays the trend of overprivileged permission over the last seven days split between all permissions and privileged permissions (Admin, IAM)

Dormant (Unused) Principals

Number of principals who have been inactive within the last 90 days

High risk Overprivileged

Number of principals in the highest tier

Principals by Resource Type

Number of principals grouped by the following categories:

  • IAM Role

  • IAM User

  • IAM User Access Key

  • Secret

Principals by Tier

Number of principals grouped by the following tiers:

  • Critical

  • High

  • Medium

  • Low

Each tier is calculated based on the Over Privilege percent, Risk Score, and Privilege Permissions percentage.

Table (Principals)

You can hover over a row and click Ignore to hide principal that you do not consider a threat.

Column
Description

Principal

Name of the principal

Account

Account associated with the resource

Risk Score

Calculation based on the Principal Risk Level (maximum score of policy actions sensitivity) and the account risk level

Identities

Number of human and machine identities assigned to the resource

Last used

Number of days since an identity assigned to the resource used the permissions

Over privilege

Percentage of unused permissions for the principal

Tiers

Calculation based on the Over Privilege percent, Risk Score, and Privilege Permissions percentage.

Examples:

  • If the Privileged Permissions percentage is over 60% and the Risk Score is greater than 4, the Tier will be Critical.

  • If the Privileged Permissions percentage is over 30%, the Over Privilege percentage is over 80%, and the Risk Score is greater than 4, the Tier will also be Critical.

PreviousCreate an assessmentNextInvestigate and resolve overprivileged access

Last updated

Was this helpful?