AWS - AccessAnalyzer (beta)
AWS - AccessAnalyzer (beta) Pack.#
This Integration is part of thebeta
This is a beta Integration, which lets you implement and test pre-release software. Since the integration is beta, it might contain bugs. Updates to the integration during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the integration to help us identify issues, fix them, and continually improve.
Amazon Web Services IAM Access Analyzer
For detailed instructions about setting up authentication, see: AWS Integrations - Authentication.
#
Configure AWS - AccessAnalyzer (beta) on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for AWS - AccessAnalyzer (beta).
Click Add instance to create and configure a new integration instance.
Parameter Description Required AWS Default Region False Role Arn False Role Session Name False Role Session Duration False Fetch incidents False Incident type False Access Key False Secret Key False Trust any certificate (not secure) Trust any certificate (not secure). False Use system proxy settings Use system proxy settings. False Fetch Analyzer ARN (Required for fetching incidents) The ARN to fetch findings for False Click Test to validate the URLs, token, and connection.
#
Fetch IncidentsThe integration fetches findings, generated by the analyzer specified in the Fetch Analyzer ARN parameter, as incidents.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
aws-access-analyzer-list-analyzersRetrieves a list of analyzers.
#
Base Commandaws-access-analyzer-list-analyzers
#
InputArgument Name | Description | Required |
---|---|---|
region | The AWS Region, if not specified the default region will be used. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.AccessAnalyzer.Analyzers.arn | Unknown | List of Analyzers and their details. |
#
Command Example!aws-access-analyzer-list-analyzers
#
Context Example#
Human Readable Output#
AWS Access Analyzer Analyzers
arn createdAt lastResourceAnalyzed lastResourceAnalyzedAt name status tags type arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 2021-09-08T17:25:37 arn:aws:iam::120685635585:role/accessadvisor 2021-09-08T17:25:37 ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 ACTIVE ACCOUNT
#
aws-access-analyzer-list-analyzed-resourceRetrieves a list of resources that have been analyzed.
#
Base Commandaws-access-analyzer-list-analyzed-resource
#
InputArgument Name | Description | Required |
---|---|---|
analyzerArn | The ARN of the analyzer to retrieve a list of analyzed resources from. | Required |
maxResults | The maximum number of results to return in the response. | Optional |
resourceType | Filter findings by one of the resource type. Possible values are: AWS::IAM::Role, AWS::KMS::Key, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::S3::Bucket, AWS::SQS::Queue. | Optional |
region | The AWS Region, if not specified the default region will be used. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.AccessAnalyzer.Analyzers.Resource | Unknown | List of analyzed resources. |
#
Command Example!aws-access-analyzer-list-analyzed-resource analyzerArn=arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5
#
Context Example#
Human Readable Output#
AWS Access Analyzer Resource
analyzerArn resourceArn resourceOwnerAccount resourceType arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 arn:aws:iam::120685635585:role/-TestRole 120685635585 AWS::IAM::Role
#
aws-access-analyzer-list-findingsRetrieves a list of findings generated by the specified analyzer.
#
Base Commandaws-access-analyzer-list-findings
#
InputArgument Name | Description | Required |
---|---|---|
analyzerArn | The ARN of the analyzer to retrieve findings from. | Required |
maxResults | The maximum number of results to return in the response. | Optional |
resourceType | Filter findings by one of the resource type. Possible values are: AWS::IAM::Role, AWS::KMS::Key, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::S3::Bucket, AWS::SQS::Queue. | Optional |
status | Filter findings by status. Possible values are: ACTIVE, ARCHIVED, RESOLVED. | Optional |
region | The AWS Region, if not specified the default region will be used. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.AccessAnalyzer.Findings | Unknown | Access Analyzer findings. |
#
Command Example!aws-access-analyzer-list-findings analyzerArn=arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5
#
Context Example#
Human Readable Output#
AWS Access Analyzer Findings
action analyzedAt condition createdAt id isPublic principal resource resourceOwnerAccount resourceType status updatedAt sts:AssumeRole 2021-09-08T17:25:37 2021-09-08T17:25:37 78eb6782-5387-49k0-bpe5-39am61c3baee false AWS: 232015767104 arn:aws:iam::120685635585:role/c7nSecurityAuditRole 120685635585 AWS::IAM::Role ACTIVE 2021-09-08T17:25:37
#
aws-access-analyzer-get-analyzed-resourceRetrieves information about an analyzed resource.
#
Base Commandaws-access-analyzer-get-analyzed-resource
#
InputArgument Name | Description | Required |
---|---|---|
analyzerArn | The ARN of the analyzer to retrieve information from. | Required |
resourceArn | The ARN of the resource to retrieve information about. | Required |
region | The AWS Region, if not specified the default region will be used. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.AccessAnalyzer.Analyzers.Resource | Unknown | Analyzed resource detail. |
#
Command Example!aws-access-analyzer-get-analyzed-resource analyzerArn=arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 region=us-east-2 resourceArn=arn:aws:iam::120685635585:role/OrganizationAccountAccessRole
#
Context Example#
Human Readable Output#
AWS Access Analyzer Resource
actions analyzedAt analyzerArn createdAt isPublic resourceArn resourceOwnerAccount resourceType status updatedAt sts:AssumeRole 2021-09-08T17:25:37 arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 2021-09-08T17:25:37 false arn:aws:iam::120685635585:role/OrganizationAccountAccessRole 120685635585 AWS::IAM::Role ACTIVE 2021-09-08T17:25:37
#
aws-access-analyzer-get-findingRetrieves information about the specified finding.
#
Base Commandaws-access-analyzer-get-finding
#
InputArgument Name | Description | Required |
---|---|---|
analyzerArn | The ARN of the analyzer to retrieve information from. | Required |
findingId | The ID of the finding to retrieve. | Required |
region | The AWS Region, if not specified the default region will be used. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.AccessAnalyzer.Analyzers.Finding | Unknown | Finding details. |
#
Command Example!aws-access-analyzer-get-finding analyzerArn=arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 findingId=78eb6782-5387-49k0-bpe5-39am61c3baee
#
Context Example#
Human Readable Output#
AWS Access Analyzer Resource
action analyzedAt analyzerArn condition createdAt id isPublic principal resource resourceOwnerAccount resourceType status updatedAt sts:AssumeRole 2021-09-08T17:25:37 arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 2021-09-08T17:25:37 78eb6782-5387-49k0-bpe5-39am61c3baee false AWS: 232015767104 arn:aws:iam::120685635585:role/c7nSecurityAuditRole 120685635585 AWS::IAM::Role ACTIVE 2021-09-08T17:25:37
#
aws-access-analyzer-start-resource-scanStarts a scan of the policies applied to the specified resource.
#
Base Commandaws-access-analyzer-start-resource-scan
#
InputArgument Name | Description | Required |
---|---|---|
analyzerArn | The ARN of the analyzer to use to scan the policies applied to the specified resource. | Required |
resourceArn | The ARN of the resource to scan. | Required |
region | The AWS Region, if not specified the default region will be used. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!aws-access-analyzer-start-resource-scan analyzerArn=arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 resourceArn=arn:aws:iam::120685635585:role/OrganizationAccountAccessRole
#
Human Readable OutputResource scan request sent.
#
aws-access-analyzer-update-findingsUpdates findings with the new values provided in the request.
#
Base Commandaws-access-analyzer-update-findings
#
InputArgument Name | Description | Required |
---|---|---|
analyzerArn | The ARN of the analyzer that generated the findings to update. | Required |
findingIds | The IDs of the findings to update (comma separated). | Required |
status | The ARN of the resource to scan. Possible values are: ACTIVE, ARCHIVED. | Required |
region | The AWS Region, if not specified the default region will be used. | Optional |
roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
roleSessionName | An identifier for the assumed role session. | Optional |
roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!aws-access-analyzer-update-findings analyzerArn=arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 findingIds=78eb6782-5387-49k0-bpe5-39am61c3baee status=ACTIVE
#
Human Readable OutputFindings updated