Generate and download the Permissions analytics report

Important

CloudKnox Permissions Management (CloudKnox) is currently in PREVIEW. Some information relates to a prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

This article describes how to generate and download the Permissions analytics report in CloudKnox Permissions Management (CloudKnox).

Note

This topic applies only to Amazon Web Services (AWS) users.

Generate the Permissions analytics report

  1. In the CloudKnox home page, select the Reports tab, and then select the Systems Reports subtab.

    The Systems Reports subtab displays a list of reports the Reports table.

  2. Find Permissions Analytics Report in the list, and to download the report, select the down arrow to the right of the report name, or from the ellipses (...) menu, select Download.

    The following message displays: Successfully Started To Generate On Demand Report.

  3. For detailed information in the report, select the right arrow next to one of the following categories. Or, select the required category under the Findings column.

    • AWS
      • Inactive Identities
        • Users
        • Roles
        • Resources
        • Serverless Functions
      • Inactive Groups
      • Super Identities
        • Users
        • Roles
        • Resources
        • Serverless Functions
      • Over-Provisioned Active Identities
        • Users
        • Roles
        • Resources
        • Serverless Functions
      • PCI Distribution
      • Privilege Escalation
        • Users
        • Roles
        • Resources
      • S3 Bucket Encryption
        • Unencrypted Buckets
        • SSE-S3 Buckets
      • S3 Buckets Accessible Externally
      • EC2 S3 Buckets Accessibility
      • Open Security Groups
      • Identities That Can Administer Security Tools
        • Users
        • Roles
        • Resources
        • Serverless Functions
      • Identities That Can Access Secret Information
        • Users
        • Roles
        • Resources
        • Serverless Functions
      • Cross-Account Access
        • External Accounts
        • Roles That Allow All Identities
      • Hygiene: MFA Enforcement
      • Hygiene: IAM Access Key Age
      • Hygiene: Unused IAM Access Keys
      • Exclude From Reports
        • Users
        • Roles
        • Resources
        • Serverless Functions
        • Groups
        • Security Groups
        • S3 Buckets
  4. Select a category and view the following columns of information:

    • User, Role, Resource, Serverless Function Name: Displays the name of the identity.
    • Authorization System: Displays the authorization system to which the identity belongs.
    • Domain: Displays the domain name to which the identity belongs.
    • Permissions: Displays the maximum number of permissions that the identity can be granted.
      • Used: Displays how many permissions that the identity has used.
      • Granted: Displays how many permissions that the identity has been granted.
    • PCI: Displays the permission creep index (PCI) score of the identity.
    • Date Last Active On: Displays the date that the identity was last active.
    • Date Created On: Displays the date when the identity was created.

Next steps