AWS - AccessAnalyzer
This Integration is part of the AWS - AccessAnalyzer Pack.#
Amazon Web Services IAM Access Analyzer
For detailed instructions about setting up authentication, see: AWS Integrations - Authentication.
Configure AWS - AccessAnalyzer in Cortex#
| Parameter | Description | Required |
|---|---|---|
| AWS Default Region | False | |
| Role Arn | False | |
| Role Session Name | False | |
| Role Session Duration | False | |
| Fetch incidents | False | |
| Incident type | False | |
| Access Key | False | |
| Secret Key | False | |
| Fetch Analyzer ARN (Required for fetching incidents) | The ARN to fetch findings for | False |
| Trust any certificate (not secure) | Trust any certificate (not secure). | False |
| Use system proxy settings | Use system proxy settings. | False |
| Timeout | The time in seconds till a timeout exception is reached. You can specify just the read timeout (for example 60) or also the connect timeout followed after a comma (for example 60,10). If a connect timeout is not specified, a default of 10 second will be used. | False |
| Retries | The maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time. | False |
Fetch Incidents#
The integration fetches findings, generated by the analyzer specified in the Fetch Analyzer ARN parameter, as incidents.
Commands#
You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
aws-access-analyzer-list-analyzers#
Retrieves a list of analyzers.
Base Command#
aws-access-analyzer-list-analyzers
Input#
| Argument Name | Description | Required |
|---|---|---|
| region | The AWS Region, if not specified the default region will be used. | Optional |
| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
| roleSessionName | An identifier for the assumed role session. | Optional |
| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| AWS.AccessAnalyzer.Analyzers | Unknown | List of Analyzers and their details. |
| AWS.AccessAnalyzer.Analyzers.arn | String | The analyzer ARN. |
Command example#
!aws-access-analyzer-list-analyzers
Context Example#
Human Readable Output#
AWS Access Analyzer Analyzers#
Arn Created At Last Resource Analyzed Last Resource Analyzed At Name Status Tags Type arn:aws:access-analyzer:us-east-2:123456789012:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 2021-09-08T17:25:37 arn:aws:iam::123456789012:role/XSOARCortexXDRReadOnlyRole 2021-09-08T17:25:37 ConsoleAnalyzer-fc3b189d-f88a-48a5-9c2b-f42f9187c898 ACTIVE ACCOUNT
aws-access-analyzer-list-analyzed-resource#
Retrieves a list of resources that have been analyzed.
Base Command#
aws-access-analyzer-list-analyzed-resource
Input#
| Argument Name | Description | Required |
|---|---|---|
| analyzerArn | The ARN of the analyzer to retrieve a list of analyzed resources from. | Required |
| maxResults | The maximum number of results to return in the response. | Optional |
| resourceType | Filter findings by one of the resource type. Possible values are: AWS::IAM::Role, AWS::KMS::Key, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::S3::Bucket, AWS::SQS::Queue. | Optional |
| region | The AWS Region, if not specified the default region will be used. | Optional |
| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
| roleSessionName | An identifier for the assumed role session. | Optional |
| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| AWS.AccessAnalyzer.Resource | Unknown | List of analyzed resources. |
| AWS.AccessAnalyzer.Resource.resourceArn | String | The resource ARN. |
| AWS.AccessAnalyzer.Resource.analyzerArn | String | The analyzer ARN. |
Command example#
!aws-access-analyzer-list-analyzed-resource analyzerArn=arn:aws:access-analyzer:us-east-1:123456789012:analyzer/ConsoleAnalyzer-fc3b189d-f88a-48a5-9c2b-f42f9187c898
Context Example#
Human Readable Output#
AWS Access Analyzer Resources#
Resource Arn Resource Owner Account Resource Type arn:aws:iam::123456789012:role/-TestRole 123456789012 AWS::IAM::Role arn:aws:iam::123456789012:role/BishopFoxPlatformAssumeRole 123456789012 AWS::IAM::Role
aws-access-analyzer-list-findings#
Retrieves a list of findings generated by the specified analyzer.
Base Command#
aws-access-analyzer-list-findings
Input#
| Argument Name | Description | Required |
|---|---|---|
| analyzerArn | The ARN of the analyzer to retrieve findings from. | Required |
| maxResults | The maximum number of results to return in the response. | Optional |
| resourceType | Filter findings by one of the resource type. Possible values are: AWS::IAM::Role, AWS::KMS::Key, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::S3::Bucket, AWS::SQS::Queue. | Optional |
| status | Filter findings by status. Possible values are: ACTIVE, ARCHIVED, RESOLVED. | Optional |
| region | The AWS Region, if not specified the default region will be used. | Optional |
| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
| roleSessionName | An identifier for the assumed role session. | Optional |
| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| AWS.AccessAnalyzer.Finding | Unknown | Access Analyzer findings. |
| AWS.AccessAnalyzer.Finding.id | String | The finding ID. |
| AWS.AccessAnalyzer.Finding.analyzerArn | String | The analyzer ARN. |
Command example#
!aws-access-analyzer-list-findings analyzerArn=arn:aws:access-analyzer:us-east-1:123456789012:analyzer/ConsoleAnalyzer-fc3b189d-f88a-48a5-9c2b-f42f9187c898
Context Example#
Human Readable Output#
AWS Access Analyzer Findings#
Id Resource Principal Condition Updated At Status 03c44171-223c-4615-be8a-bf0b626f0b13 arn:aws:iam::123456789012:role/billing-bot-role Federated: accounts.google.com accounts.google.com:aud: 1234567890123456789012 2023-02-23T10:08:54 ARCHIVED babbbe27-835e-4c34-8cbd-f19dc877fa31 arn:aws:iam::123456789012:role/c7nSecurityAuditRole AWS: 252015767101 2023-02-13T21:28:04 ACTIVE
aws-access-analyzer-get-analyzed-resource#
Retrieves information about an analyzed resource.
Base Command#
aws-access-analyzer-get-analyzed-resource
Input#
| Argument Name | Description | Required |
|---|---|---|
| analyzerArn | The ARN of the analyzer to retrieve information from. | Required |
| resourceArn | The ARN of the resource to retrieve information about. | Required |
| region | The AWS Region, if not specified the default region will be used. | Optional |
| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
| roleSessionName | An identifier for the assumed role session. | Optional |
| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| AWS.AccessAnalyzer.Resource | Unknown | Analyzed resource detail. |
| AWS.AccessAnalyzer.Resource.id | String | The resource ID. |
| AWS.AccessAnalyzer.Resource.analyzerArn | String | The analyzer ARN. |
Command example#
!aws-access-analyzer-get-analyzed-resource analyzerArn=arn:aws:access-analyzer:us-east-1:123456789012:analyzer/ConsoleAnalyzer-fc3b189d-f88a-48a5-9c2b-f42f9187c898 resourceArn=arn:aws:iam::123456789012:role/-TestRole
Context Example#
Human Readable Output#
AWS Access Analyzer Resource#
Analyzed At Analyzer Arn Is Public Resource Arn Resource Owner Account Resource Type 2023-02-27T10:59:00 arn:aws:access-analyzer:us-east-1:123456789012:analyzer/ConsoleAnalyzer-fc3b189d-f88a-48a5-9c2b-f42f9187c898 false arn:aws:iam::123456789012:role/-TestRole 123456789012 AWS::IAM::Role
aws-access-analyzer-get-finding#
Retrieves information about the specified finding.
Base Command#
aws-access-analyzer-get-finding
Input#
| Argument Name | Description | Required |
|---|---|---|
| analyzerArn | The ARN of the analyzer to retrieve information from. | Required |
| findingId | The ID of the finding to retrieve. | Required |
| region | The AWS Region, if not specified the default region will be used. | Optional |
| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
| roleSessionName | An identifier for the assumed role session. | Optional |
| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| AWS.AccessAnalyzer.Finding | Unknown | Finding details. |
| AWS.AccessAnalyzer.Finding.id | String | The finding ID. |
| AWS.AccessAnalyzer.Finding.analyzerArn | String | The analyzer ARN. |
Command example#
!aws-access-analyzer-get-finding analyzerArn=arn:aws:access-analyzer:us-east-1:123456789012:analyzer/ConsoleAnalyzer-fc3b189d-f88a-48a5-9c2b-f42f9187c898 findingId=03c44171-223c-4615-be8a-bf0b626f0b13
Context Example#
Human Readable Output#
AWS Access Analyzer Finding#
Action Analyzed At Analyzer Arn Condition Created At Id Is Public Principal Resource Resource Owner Account Resource Type Status Updated At sts:AssumeRoleWithWebIdentity 2023-02-28T07:47:01 arn:aws:access-analyzer:us-east-1:123456789012:analyzer/ConsoleAnalyzer-fc3b189d-f88a-48a5-9c2b-f42f9187c898 accounts.google.com:aud: 1234567890123456789012 2023-02-13T21:28:04 03c44171-223c-4615-be8a-bf0b626f0b13 false Federated: accounts.google.com arn:aws:iam::123456789012:role/billing-bot-role 123456789012 AWS::IAM::Role ARCHIVED 2023-02-23T10:08:54
aws-access-analyzer-start-resource-scan#
Starts a scan of the policies applied to the specified resource.
Base Command#
aws-access-analyzer-start-resource-scan
Input#
| Argument Name | Description | Required |
|---|---|---|
| analyzerArn | The ARN of the analyzer to use to scan the policies applied to the specified resource. | Required |
| resourceArn | The ARN of the resource to scan. | Required |
| region | The AWS Region, if not specified the default region will be used. | Optional |
| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
| roleSessionName | An identifier for the assumed role session. | Optional |
| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output#
There is no context output for this command.
Command Example#
!aws-access-analyzer-start-resource-scan analyzerArn=arn:aws:access-analyzer:us-east-2:123456789012:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 resourceArn=arn:aws:iam::123456789012:role/OrganizationAccountAccessRole
Human Readable Output#
Resource scan request sent.
aws-access-analyzer-update-findings#
Updates findings with the new values provided in the request.
Base Command#
aws-access-analyzer-update-findings
Input#
| Argument Name | Description | Required |
|---|---|---|
| analyzerArn | The ARN of the analyzer that generated the findings to update. | Required |
| findingIds | The IDs of the findings to update (comma separated). | Required |
| status | The ARN of the resource to scan. Possible values are: ACTIVE, ARCHIVED. | Required |
| region | The AWS Region, if not specified the default region will be used. | Optional |
| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
| roleSessionName | An identifier for the assumed role session. | Optional |
| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output#
There is no context output for this command.
Command Example#
!aws-access-analyzer-update-findings analyzerArn=arn:aws:access-analyzer:us-east-2:123456789012:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 findingIds=78eb6782-5387-49k0-bpe5-39am61c3baee status=ACTIVE
Human Readable Output#
Findings updated