Setup insights using entity filters

What Are Insights?

Insights provide valuable, actionable information about how users interact with resources and help identify potential security risks or misconfigurations in your identity and access management system. They are based on the data from entities like users, resources, and connections, and they provide valuable context for understanding access patterns and identifying potential security risks.

Examples of insights include:

• MFA Missing: This insight identifies users who do not have Multi-Factor Authentication (MFA) enabled, indicating a security gap that needs to be addressed.

• Over-entitled: This insight highlights users who have excessive access to resources beyond what is necessary for their role, posing a potential security risk.

• SoD (Segregation of Duties): This insight flags potential conflicts of interest by identifying users who have access to multiple resources or actions that should be separated to prevent fraud or errors (e.g., a user who can both approve payments and manage accounts).

• Unused Access: This insight detects access permissions that have not been used in a while, which could indicate unnecessary or outdated access rights that should be reviewed and potentially revoked.

By setting up entity filters and creating insights, you can track important security findings like MFA missing, over-entitled users, segregation of duties (SoD) violations, or unused access.

Steps to Set Up Entity Filters and Create Insights

1. Navigate to the Insights Section

   • In the navigation sidebar, go to the Rules & Playbooks section and select the Insights tab.
2. Create a New Insight

   • Click the Create Insight button located at the top left corner of the page. This will open a modal where you can configure your new insight.
3. Select Entity Filters

   • In the modal, choose the entity filters you would like to apply to this insight. These filters will help you select specific data (such as users, resources, or connections) that you want to evaluate for potential issues.

4. Enter Insight Details

   • Name: Give your insight a clear and descriptive name.

   • Description: Provide a brief explanation of what this insight will track and why it’s important.

   • Label Name: This field determines how the insight will appear on entity pages across the tenant. Choose a concise and meaningful label name, as it will be displayed alongside entities in your system.

5. Save the Insight

   • After filling in the fields, click Save to create the insight.

6. View the Insight

   • After saving, the new insight will appear in the Insights table within the Rules & Playbooks section. Within a short period of time (1-5 minutes), you will start seeing the label associated with the insight applied to relevant entity tables across your tenant.

How Insights Add Value to Managing Entitlements

Insights are a powerful tool for improving the visibility and security of your IAM system. They allow you to:

1. Identify Security Gaps: Insights like MFA Missing help you spot areas where users may not be following best security practices. This allows you to take action to mitigate risks and ensure a stronger security posture.

2. Monitor Excessive Access: Insights like over-entitled users can help you identify individuals who have been granted too many permissions. This is a key component of least privilege access management, helping you ensure users only have access to the resources they need.

3. Ensure Compliance: Insights related to Segregation of Duties (SoD) help you maintain compliance with internal controls and regulatory requirements. They flag situations where access should be restricted to prevent conflicts of interest.

4. Reduce Waste and Risk: Insights such as unused access highlight permissions that no longer serve a purpose, reducing the potential attack surface and simplifying your access control management.

Example Use Case

Let’s say you want to track over-entitled users (users with excessive access). You would:

1. Set up filters to find users with access to resources beyond what’s required for their job.

2. Create an insight with the name "Over-entitled Users" and a concise label name like "Excessive Access."

3. Once the insight is created, it will automatically appear on relevant entity pages, and you’ll be able to identify and review over-entitled users quickly.