Groups

The Groups page provides numerous ways to sort, filter, and rank the detected AWS IAM User Group to quickly remediate identity risks associated with the group’s users and policies.

Sysdig recommends creating Groups of users and assigning permissions at the Group level rather than the individual User level to facilitate administration tasks.

The GCP CIEM data is in Technical Preview status.

Filter and Sort

Sortable Columns

Actionable Risk

Values: Critical, High, Medium, Low

Actionable Risk focuses on unused permissions, while Risk looks at all permissions. Actionable Risk is designed to help you achieve Least Permissive access.

Risk

Values: Critical, High, Medium, Low

This is a calculation of risk based on all permissions. See also: Understanding Risk Scoring.

% of Unused Permissions

This shows the number of unused permissions per total permissions for the group, shown as a percentage graph.

When remediating, immediately target the groups with the greatest exposure and refine them according to the suggestions.

Membership

The number of users who are part of this group.

Highest Access

See also: Understand Highest Access

Values:

  • Admin: Admin access granted
  • Write: Write access granted
  • Read: Read access granted
  • Empty Access: No permissions are granted at all

Findings

The findings on User pages include:

  • Admin
  • Inactive

Available Filters

  • Search: Free text search on terms in the resource name
  • Platform: by provider, e.g. AWS
  • Actionable Risks: By severity
  • Cloud Accounts: Account name/number by cloud provider (e.g. AWS)
  • Access Categories: Admin, Write, Read, or Empty Access
  • Findings: Admin , Inactive

Analyze and Remediate

To reduce the entitlements for a particular Group, click on the group name to open the detail drawer and subtabs. The remediation options for groups work in a similar way to users and roles.

Detail Drawers

The Groups page organizes everything around the group.

  • Overview: Displays the critical permissions issues detected for this group, sorted by Risk and Actionable Risk.
  • Users: Displays the list of users assigned to the group, including the user Name, when they were Last Active, and the number of other groups they are part of.
  • Attached IAM Policies: Displays the policies to which this group is connected, sorted by unused permissions.
  • Group Details: Displays a summary of this group details, including creation date, number of users, number of policies, and ARN details.

Optimization Examples

See the User Optimization Examples and follow the same basic pattern for Groups. You can:

  • Analyze the group permissions details
  • Create a group-specific optimized policy
  • Optimize a policy globally (see example)
  • Delete an unused policy

User Permission Warning

The User list in the Groups detail subtab may display a warning emoji when a user has been assigned permissions outside the group.

We recommend streamlining user permissions and using group permissions when possible.