Using Access Explorer - Feature Guide

Understanding the Access Explorer Interface

After completing the setup and configuration to launch Cloud IAM Governance - Access Explorer, you will be ready to take advantage of this feature!

To launch Access Explorer navigate to “Security → Access Explorer” on your InsightCloudSec platform.

Access Explorer Landing PageAccess Explorer Landing Page

Access Explorer Landing Page

General Viewing Options

Access Explorer consists of a title toolbar with the following:

  • "Application Group" selection drop-down menu
  • “IAM Data Last Updated” menu with cache options
  • Drop-down Settings menu

Check out Access Explorer - Configuration and Settings for more details on settings.

Just below this title toolbar users can “Search for a Subject” using a specific term or a key:value pair.

The main content display in Access Explorer has three key areas (tabs): Applications, Principals, and Resources.

Applications

Applications, as the name suggests, display a list of all applications that have been discovered and created using the Application Group feature.

Viewing Applications

From the “Security → Access Explorer” section of InsightCloudSec, selecting "Access Explorer" will open the main page, which defaults to the "Applications" tab, as shown below.

  • Click on an individual application to view additional details. Note: Applications with zero resources will be disabled.

  • Download CSV - downloads a CSV file of the resources/principals associated with the selected application.

Applications View and OptionsApplications View and Options

Applications View and Options

By default your applications display by name alphabetically in descending order.

  • Column Options - Include any of the Application Property Customizations you have added under “Access Explorer → Settings → Application Property Customizations.” Refer to the configuration documentation for details on changing or using these application settings.
    • Note: Any changes you make to the columns display will apply to Applications, Principals, and Resources.
  • Context Menu - Clicking on the three dots to the left of an individual resource or principal provides access to the "Show Details" option (and "Principal Explorer" for principals) and enables you to explore that item in greater detail.

Principals

Principals are a person or machine making a request for an action or operation on a resource. Within Access Explorer this can be a federated user, IAM Role, or IAM User with access to cloud resources. Access Explorer uses principals to map the "who" to the "what."

Viewing Principals

From the “Security → Access Explorer” section of InsightCloudSec you can select the “Principals” tab in Access Explorer to view the list of Principals.

  • You must select a Principal Type to narrow down your search criteria before searching for a subject.
Principals ViewPrincipals View

Principals View

  • Column Options - Modifies the displayed list of principals using the displayed table columns.
    • Note: Any changes you make to the columns display will apply to Applications, Principals, and Resources.
  • “Subjects per page” (20, 50, 100), and the pagination controls. By default your principals display by name alphabetically in descending order.

Viewing Individual Principal Details

Explore an Individual PrincipalExplore an Individual Principal

Explore an Individual Principal

Clicking on the actions menu to the left of an individual Principal opens a submenu that includes:

  • Principal Explorer - Opens the Principal Explorer for this principal.
  • Show Details - Opens an overlay with expanded details for the selected item including the Resource ID, name, last used, etc.
    • Note: The details that display vary based on the type of resource selected.
  • User Activity - Opens a page with a list of user activity for the selected principal, this capability must be configured to work properly, refer to the Least-Privileged Access (LPA) - Setup & Config documentation for details on configuring this.

User Activity

User Activity helps you identify IAM activity risk and take action to reduce exposure of critical cloud assets. With User Activity, you can see all the recent actions taken by a User. Use cases include:

  • Auditing - capture footsteps of internal and external actors
  • Forensics - a powerful incident response tool
  • Look back 1, 7, 30, 60, or 90 days
  • Sort by Name, Count, or Date

User Activity is the first element of our anticipated Least-Privileged Access (LPA) functionality. Before getting started there are some additional configuration requirements, details on these configurations are available under the Least-Privileged Access (LPA) Setup & Config page.

Access to the User Activity capability is available in the Principal tab of Access Explorer by selecting "User Activity" on an individual Principal.

Access Explorer User Activity Via PrincipalsAccess Explorer User Activity Via Principals

Access Explorer User Activity Via Principals

Selecting the "User Activity" option next to an individual Principal enables a view of the actions (with total count) performed by the selected Principal over the last 90 Days.

  • The page header shows the total number of actions executed and total action types executed.
  • The selector for time frame is in the header sentence.
Example View of User ActivityExample View of User Activity

Example View of User Activity

The data view provides the name of the action, the count for the number of times it took place over the specified time period (90 by default, can be reduced to 60, 30, or 7 days) and the last date the action was executed. You can sort by Action Name, Count, and Last Executed Date.

Resources

Within Access Explorer any of the resource types that InsightCloudSec can harvest for AWS (S3 Bucket, EC2 instance, etc.) can also be viewed within the context of Cloud IAM Governance. Are you interested in knowing which EC2 instances can access a critical S3 Bucket, or which containers can access an SNS Topic? Access Explorer allows you to view information at a resource-to-resource level.

Viewing Resources

From the “Security → Access Explorer” section of InsightCloudSec, you can select the “Resources” tab in Access Explorer to view the list of Resources.

  • Select a Resource Type to narrow down the search options before entering a subject.
Resources ViewResources View

Resources View

  • Column Options - Opens a module that allows you to configure the table columns.
    • Note: Any changes you make to the columns display will apply to Applications, Principals, and Resources.
  • Subjects per page 20/page (20, 50, 100) provided pagination controls. By default your resources display by name alphabetically in descending order.

Viewing Resource Details

Selecting the actions menu to the left of the name of an individual resource provides access to "Show Details"

  • Show Details - Opens an overlay with expanded details for the selected item including the Resource ID, name, last used, etc.
    • Note: The details that display vary based on the type of resource selected.

Viewing Details

After selecting to display Applications, Principals, or Resources, users can explore the associated items for an individual Application, Principal, or Resource respectively.

  • For example, if a user explores an Application, they will be provided with a contextual list of associated Principals and Resources. Exploring Principals provides associated Resources and Applications, and exploring Resources provides associated Principals and Applications.

In the image below the Access Explorer navigation content bar has been updated to reflect the current view "Principals with access to Resources contained in Acceptor VPC," which lets the user know they are viewing the application "Acceptor VPC" and the list of associated Resources and Principals for that application.

  • Note: The relevant icon for an access type (Application, Principals, Resources) will appear in the breadcrumbs statement above the search bar.
Example: Viewing Principals Associated with an ApplicationExample: Viewing Principals Associated with an Application

Example: Viewing Principals Associated with an Application

Context Menus for Individual Items

Within the lists of Applications, Principals, or Resources you have the option to select a context menu by clicking on the arrow to the right of any item.

  • Note: This context menu is available for every item listed and will update dynamically based on the item selected.

By selecting "Explore this Principal", you can view the list of accessible resources and the view will update the context to help you identify the filtering context you have selected. (The example below shows "Resources accessible by admin" based on the selection.)

Example: Viewing Resources Accessible by a Specific PrincipalExample: Viewing Resources Accessible by a Specific Principal

Example: Viewing Resources Accessible by a Specific Principal

Permissions

Clicking on any of the individual permissions will provide details on both the specific policies, roles, and the effective access (see Using the Principal Explorer for more details).

  • Explore Policy Stack detail by clicking on the arrow(s) to expand upon specific details around policies. Click a policy to jump to the relevant JSON in the Policy Viewer.
  • Explore the Policy Viewer by clicking the magnifying glass ("Search") to filter through the JSON or clicking "Download" to download the policy JSON file.
  • Explore Effective Access details by clicking on any of the column headings (All, List, Read, etc.).
Example: Viewing Policies,  Roles and Effective AccessExample: Viewing Policies,  Roles and Effective Access

Example: Viewing Policies, Roles and Effective Access

What's Next?

We hope this page has covered the basics and enabled you to comfortably navigate Access Explorer and gain insight in to the rich contextual data it provides.

If you still have questions, we are here to help! Reach out to us at any time through theCustomer Support Portal.


Did this page help you?