Service Identities
Filter and Sort Service Identities
Use the sortable columns to organize and filter service accounts for assessing identity risks. You can sort service accounts based on the following criteria:
Unused Permission Criticality
Unused Permission Criticality focuses on unused permissions, while Permission Criticality looks at all permissions. It is designed to help you achieve Least Permissive access.
Values: Critical, High, Medium, Low
Permission Criticality
Permission criticality is derived from the threat research severities associated with each permission granted to this Service Principal through roles assigned to the Service Principal.
Values: Critical, High, Medium, Low
Risk
This is a calculation of risk based on all permissions. See Understanding Risk Scoring for more information.
Values: Critical, High, Medium, Low
% of Unused Permissions
This shows the number of unused permissions per total permissions for the group, shown as a percentage graph.
When remediating, immediately target the groups with the greatest exposure and refine them according to the suggestions.
Highest Access
Values:
- Admin: Admin access granted
- Write: Write access granted
- Read: Read access granted
- Empty Access: No permissions are granted at all
See Understand Highest Access for more information.
Findings
A finding in Cloud Infrastructure Entitlement Management (CIEM) indicates poor security hygiene, either due to misconfiguration or inadequate identity security practices.
The findings for GCP accounts focus on highly permissive Google IAM roles and key management.
- Admin: Admin access granted
- Multiple Access Keys Active: Rotating access keys is safer than maintaining multiple active keys.
- Editor Role Applied: The GCP Editor role includes permissions to create and delete resources for most Google Cloud services.
- User-Managed Key: User-managed keys are less secure than Google-managed keys.
- Lateral Movement: Sysdig leverages findings from the GCP Recommender Insights API to detect when a Service Account can move laterally from one project to another due to the roles/permissions it is granted.
- Owner Role Applied: The GCP project owner role includes all Editor permissions plus many others.
Available Filters
- Search: Free text search on terms in the resource name
- Unused Permission Criticalities: By severity
- Cloud Accounts: GCP cloud account name/number
- Access Categories:
Admin
,Write
,Read
, orEmpty Access
- Findings:
Admin
, `Multiple Access Keys Active, Editor Role Applied, User Managed Key, Lateral Movement, Owner Role Applied
Optimize Azure Service Principal Entitlements
You can analyze and address identity risks associated with individual Azure Service Principals and their permissions by using the detailed drawers. Simply click on individual rows on the Service Principals page to open the detailed drawer for further analysis.
Optimize GCP Service Account Entitlements
You can analyze and address identity risks associated with individual GCP service accounts and their permissionsby using the detailed drawers. Simply click on individual rows on the Service Accounts page to open the detailed drawer for further analysis.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.