icon-zwp.svg
Posture Control (ZPC)

Viewing Cloud Identity Details

ZPC displays information for each cloud identity it finds through entitlement mapping in your cloud deployment. You can view the following details for each identity by selecting an identity from the Cloud Identities page:

  • Identity properties such as the type, source, number of entitlements, etc.
  • Graphical representation of everything the identity can access.
  • All open alerts associated with the identity.

The cloud identity details page (Cloud Posture > Cloud Identities > Identity Name) displays information about each cloud identity in the following tabs:

  • The properties tab offers information on identity details, what the identity can access, its authentication methods, power score, and metadata.

    On the Properties tab, you can do the following:

    1. ZPC supports multiple identity attributes over multiple cloud service providers. Some attributes might be available only for certain cloud service providers.
      • Close

    Some attribute details are offered by cloud service providers only for local identities and not for external identities. For example, AWS and Microsoft Azure only offer the "Has MFA" attribute information for local identities.

    1. View the number of entitlements, assets, asset types, and cloud accounts the identity can access.
    2. View the different authentication methods available to the identity. Cloud service providers offer this information only for local identities.
    3. View the identity's power score and power categories.
    4. View the identity metadata collected by ZPC. You can choose to download or copy the metadata.

    View the identity properties tab on ZPC.

    Close

  • The graph view tab offers a topological co-relation with other identities, roles, accounts, asset types, and assets. You can interact with each graph node to view more information on the details panel.

    View the identity graph view tab on ZPC.

    Close

  • The entitlements tab offers entitlement information for each cloud identity such as the number of assets the identity can access, the permission set the identity has, and the number of accounts the identity can access.

    On the Entitlements tab, you can do the following:

    1. Export the entitlement details as an Excel file.
    2. Search for an entitlement.
    3. View the following details in the entitlement table:
      • Asset Type: View the cloud service provider-defined services the identity is entitled to access.
      • Assets: View the asset count for the asset type.
      • Accounts: View the number of accounts the identity is entitled to perform actions on.
      • Actions: View the list of actions the identity is entitled to access.
      • Permission Set: View the list of permissions the identity has.

    View the identity entitlements tab on ZPC.

    Close

  • The alerts tab offers insight into the alerts generated on your cloud deployment for a specific cloud identity.

    On the Alerts tab, you can do the following:

    1. Filter for alerts based on Alert Status.
    2. Search for alerts using the searchable columns.
    3. View the following alert details:
      • Alert ID: Unique ID of the alert. Click to view the alert details. To learn more, see About Alerts.
      • Risk Level: The severity level (Critical, High, Medium, or Low) of the policy violation. The severity of the alert indicates the impact the issue can have on your assets. The higher the severity, the bigger the impact.
      • Policy Name: The title of the security policy.
      • Alert Age: The age of the alert (in days) from the last time the Alert Status was set to Open.
      • Last Updated: The timestamp for when the alert was last modified.
      • Status: The status (Open, Closed, or Resolved) of the alert.
    4. Modify the table and its columns. You can choose which columns appear on the alert table. To learn more, see Using Tables.

    View the identity alerts tab on ZPC.

    Close

  • The authentication tab offers authentication information on passwords, access keys, and certificates for all AWS local identities.

    AWS does not offer authentication information for external identities to be collected by ZPC. ZPC only displays authentication information for AWS local identities.

    On the Authentication tab (Identity Name > Authentication), you can do the following:

    1. View the password authentication information for the identity:
      • Status: View whether the password is active or inactive.
      • Last Used: View timestamp for when the password was last used by the local identity.
      • Last Changed: View timestamp for when the password was last changed.
      • Next Rotation: View timestamp for when the password must be changed.
      • MFA State: View whether multi-factor authentication is enabled or disabled for the identity.
    2. View the access keys and their information for the identity:
      • Status: View whether the access key is active or inactive.
      • Last Rotated: View timestamp for when the access key was last changed for the local identity.
      • Last Used: View timestamp for when the access key was last used by the local identity.
      • Last Used Region: View the region the access key was last used in.
      • Last Used Service: View the service the access key was last used to authenticate.
    3. View the certificates and their information for the identity:
      • Status: View whether the certificate is active or inactive.
      • Last Rotated: View timestamp for when the certificate was last changed for the local identity.

    View the identity authentication tab on ZPC.

    Close

View identity details on ZPC.

Related Articles
About Cloud IdentitiesViewing Cloud Identity DetailsUnderstanding Identity Types