Using Access Explorer - Feature Guide

Understanding the Access Explorer Interface

After completing the setup and configuration to launch Cloud IAM Governance - Access Explorer, you will be ready to take advantage of this feature. To launch Access Explorer, navigate to “Security → Access Explorer” on your InsightCloudSec platform.

16001600

Access Explorer Landing Page

General Viewing Options

Access Explorer consists of a title toolbar with the following:

13831383

Access Explorer Main Viewing Options

The main content display in Access Explorer is located beneath the title toolbar and has four key areas: Search Bar, Applications, Principals, and Resources. Users can use the search bar to “Search for a Subject” using a specific term or a key:value pair, which will filter the results below (Applications, Principals, Resources).

On any page, click Column Options to enable any of the Application Property Customizations you have added under “Access Explorer → Settings → Application Property Customizations” as columns in the main viewing area. Refer to the configuration documentation for details on changing or using these application settings.
- Note: Any changes you make to the columns display will apply to Applications, Principals, and Resources.

Also available are the “Subjects per page” (20, 50, 100) feature and the pagination controls.

Applications

Applications, as the name suggests, display a list of all applications that have been discovered and created using the Application Group feature.

From the “Security → Access Explorer” section of InsightCloudSec, selecting "Access Explorer" will open the main page, which defaults to the "Applications" tab, as shown below. Note: Applications with zero resources will have interactions disabled.

13811381

Applications View

Principals

Principals are a person or machine making a request for an action or operation on a resource. Within Access Explorer this can be a federated user, IAM Role, or IAM User with access to cloud resources (these can be used to filter the list of principals).

Access Explorer uses principals to map the "who" to the "what." From the “Security → Access Explorer” section of InsightCloudSec you can select the “Principals” tab in Access Explorer to view the list of Principals.

13831383

Principals View

Clicking on the actions menu to the left of an individual Principal opens a submenu that includes:

  • Principal Explorer - Opens the Principal Explorer for this principal.
  • Show Details - Opens an overlay with expanded details for the selected item including the Resource ID, name, last used, etc.
    • Note: The details that display vary based on the type of principal selected.
  • Principal Activity - Opens a page with a list of activity for the selected principal.
13821382

Explore an Individual Principal

Principal Activity

Principal Activity helps you identify IAM activity risk and take action to reduce exposure of critical cloud assets. With Principal Activity, you can see all the recent actions taken by a principal. Use cases include:

  • Auditing - capture footsteps of internal and external actors
  • Forensics - a powerful incident response tool
  • Look back 1, 7, 30, 60, or 90 days
  • Sort by Name, Count, or Date

Principal Activity is the first element of our anticipated Least-Privileged Access (LPA) functionality. Before getting started there are some additional configuration requirements, details on these configurations are available under the Least-Privileged Access (LPA) Setup & Config page.

Selecting the "Principal Activity" option next to an individual Principal enables a view of the actions (with total count) performed by the selected Principal over the last 90 Days.

  • The page header shows the total number of actions executed and total action types executed.
  • The selector for time frame is in the header sentence.
11661166

Example View of User Activity

The data view provides the name of the action, the count for the number of times it took place over the specified time period (90 by default, can be reduced to 60, 30, or 7 days) and the last date the action was executed. You can sort by Action Name, Count, and Last Executed Date.

Resources

Within Access Explorer any of the resource types that InsightCloudSec can harvest for AWS (S3 Bucket, EC2 instance, etc.) can also be viewed within the context of Cloud IAM Governance. Are you interested in knowing which EC2 instances can access a critical S3 Bucket, or which containers can access an SNS Topic? Access Explorer allows you to view information at a resource-to-resource level. From the “Security → Access Explorer” section of InsightCloudSec, you can select the “Resources” tab in Access Explorer to view the list of Resources.

  • Select a Resource Type to filter the list of resources before entering a subject.
13851385

Resources View

Selecting the actions menu to the left of the name of an individual resource provides access to "Show Details"

  • Show Details - Opens an overlay with expanded details for the selected item including the Resource ID, name, last used, etc.
    • Note: The details that display vary based on the type of resource selected.

Exploring Associations

After selecting to display Applications, Principals, or Resources, users can explore the associated items for an individual Application, Principal, or Resource respectively. For example, if a user explores an Application, they will be provided with a contextual list of associated Principals and Resources. Exploring Principals provides associated Resources and Applications, and exploring Resources provides associated Principals and Applications.

In the image below the Access Explorer navigation content bar has been updated to reflect the current view "Resources accessible by admin," which lets the user know they are viewing the list of resources accessible by a principal named "admin".

  • Note: The relevant icon for an access type (Application, Principals, Resources) will appear in the breadcrumbs statement above the search bar.
13831383

Example: Viewing Resources Associated with a Principal


Did this page help you?