AWS - AccessAnalyzer (beta)
This Integration is part of the AWS - AccessAnalyzer (beta) Pack.#
beta
This is a beta Integration, which lets you implement and test pre-release software. Since the integration is beta, it might contain bugs. Updates to the integration during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the integration to help us identify issues, fix them, and continually improve.
Amazon Web Services IAM Access Analyzer
For detailed instructions about setting up authentication, see: AWS Integrations - Authentication.
Configure AWS - AccessAnalyzer (beta) on Cortex XSOAR#
Navigate to Settings > Integrations > Servers & Services.
Search for AWS - AccessAnalyzer (beta).
Click Add instance to create and configure a new integration instance.
Parameter Description Required AWS Default Region False Role Arn False Role Session Name False Role Session Duration False Fetch incidents False Incident type False Access Key False Secret Key False Trust any certificate (not secure) Trust any certificate (not secure). False Use system proxy settings Use system proxy settings. False Fetch Analyzer ARN (Required for fetching incidents) The ARN to fetch findings for False Click Test to validate the URLs, token, and connection.
Fetch Incidents#
The integration fetches findings, generated by the analyzer specified in the Fetch Analyzer ARN parameter, as incidents.
Commands#
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
aws-access-analyzer-list-analyzers#
Retrieves a list of analyzers.
Base Command#
aws-access-analyzer-list-analyzers
Input#
| Argument Name | Description | Required |
|---|---|---|
| region | The AWS Region, if not specified the default region will be used. | Optional |
| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
| roleSessionName | An identifier for the assumed role session. | Optional |
| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| AWS.AccessAnalyzer.Analyzers.arn | Unknown | List of Analyzers and their details. |
Command Example#
!aws-access-analyzer-list-analyzers
Context Example#
Human Readable Output#
AWS Access Analyzer Analyzers#
arn createdAt lastResourceAnalyzed lastResourceAnalyzedAt name status tags type arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 2021-09-08T17:25:37 arn:aws:iam::120685635585:role/accessadvisor 2021-09-08T17:25:37 ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 ACTIVE ACCOUNT
aws-access-analyzer-list-analyzed-resource#
Retrieves a list of resources that have been analyzed.
Base Command#
aws-access-analyzer-list-analyzed-resource
Input#
| Argument Name | Description | Required |
|---|---|---|
| analyzerArn | The ARN of the analyzer to retrieve a list of analyzed resources from. | Required |
| maxResults | The maximum number of results to return in the response. | Optional |
| resourceType | Filter findings by one of the resource type. Possible values are: AWS::IAM::Role, AWS::KMS::Key, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::S3::Bucket, AWS::SQS::Queue. | Optional |
| region | The AWS Region, if not specified the default region will be used. | Optional |
| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
| roleSessionName | An identifier for the assumed role session. | Optional |
| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| AWS.AccessAnalyzer.Analyzers.Resource | Unknown | List of analyzed resources. |
Command Example#
!aws-access-analyzer-list-analyzed-resource analyzerArn=arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5
Context Example#
Human Readable Output#
AWS Access Analyzer Resource#
analyzerArn resourceArn resourceOwnerAccount resourceType arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 arn:aws:iam::120685635585:role/-TestRole 120685635585 AWS::IAM::Role
aws-access-analyzer-list-findings#
Retrieves a list of findings generated by the specified analyzer.
Base Command#
aws-access-analyzer-list-findings
Input#
| Argument Name | Description | Required |
|---|---|---|
| analyzerArn | The ARN of the analyzer to retrieve findings from. | Required |
| maxResults | The maximum number of results to return in the response. | Optional |
| resourceType | Filter findings by one of the resource type. Possible values are: AWS::IAM::Role, AWS::KMS::Key, AWS::Lambda::Function, AWS::Lambda::LayerVersion, AWS::S3::Bucket, AWS::SQS::Queue. | Optional |
| status | Filter findings by status. Possible values are: ACTIVE, ARCHIVED, RESOLVED. | Optional |
| region | The AWS Region, if not specified the default region will be used. | Optional |
| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
| roleSessionName | An identifier for the assumed role session. | Optional |
| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| AWS.AccessAnalyzer.Findings | Unknown | Access Analyzer findings. |
Command Example#
!aws-access-analyzer-list-findings analyzerArn=arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5
Context Example#
Human Readable Output#
AWS Access Analyzer Findings#
action analyzedAt condition createdAt id isPublic principal resource resourceOwnerAccount resourceType status updatedAt sts:AssumeRole 2021-09-08T17:25:37 2021-09-08T17:25:37 78eb6782-5387-49k0-bpe5-39am61c3baee false AWS: 232015767104 arn:aws:iam::120685635585:role/c7nSecurityAuditRole 120685635585 AWS::IAM::Role ACTIVE 2021-09-08T17:25:37
aws-access-analyzer-get-analyzed-resource#
Retrieves information about an analyzed resource.
Base Command#
aws-access-analyzer-get-analyzed-resource
Input#
| Argument Name | Description | Required |
|---|---|---|
| analyzerArn | The ARN of the analyzer to retrieve information from. | Required |
| resourceArn | The ARN of the resource to retrieve information about. | Required |
| region | The AWS Region, if not specified the default region will be used. | Optional |
| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
| roleSessionName | An identifier for the assumed role session. | Optional |
| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| AWS.AccessAnalyzer.Analyzers.Resource | Unknown | Analyzed resource detail. |
Command Example#
!aws-access-analyzer-get-analyzed-resource analyzerArn=arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 region=us-east-2 resourceArn=arn:aws:iam::120685635585:role/OrganizationAccountAccessRole
Context Example#
Human Readable Output#
AWS Access Analyzer Resource#
actions analyzedAt analyzerArn createdAt isPublic resourceArn resourceOwnerAccount resourceType status updatedAt sts:AssumeRole 2021-09-08T17:25:37 arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 2021-09-08T17:25:37 false arn:aws:iam::120685635585:role/OrganizationAccountAccessRole 120685635585 AWS::IAM::Role ACTIVE 2021-09-08T17:25:37
aws-access-analyzer-get-finding#
Retrieves information about the specified finding.
Base Command#
aws-access-analyzer-get-finding
Input#
| Argument Name | Description | Required |
|---|---|---|
| analyzerArn | The ARN of the analyzer to retrieve information from. | Required |
| findingId | The ID of the finding to retrieve. | Required |
| region | The AWS Region, if not specified the default region will be used. | Optional |
| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
| roleSessionName | An identifier for the assumed role session. | Optional |
| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output#
| Path | Type | Description |
|---|---|---|
| AWS.AccessAnalyzer.Analyzers.Finding | Unknown | Finding details. |
Command Example#
!aws-access-analyzer-get-finding analyzerArn=arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 findingId=78eb6782-5387-49k0-bpe5-39am61c3baee
Context Example#
Human Readable Output#
AWS Access Analyzer Resource#
action analyzedAt analyzerArn condition createdAt id isPublic principal resource resourceOwnerAccount resourceType status updatedAt sts:AssumeRole 2021-09-08T17:25:37 arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 2021-09-08T17:25:37 78eb6782-5387-49k0-bpe5-39am61c3baee false AWS: 232015767104 arn:aws:iam::120685635585:role/c7nSecurityAuditRole 120685635585 AWS::IAM::Role ACTIVE 2021-09-08T17:25:37
aws-access-analyzer-start-resource-scan#
Starts a scan of the policies applied to the specified resource.
Base Command#
aws-access-analyzer-start-resource-scan
Input#
| Argument Name | Description | Required |
|---|---|---|
| analyzerArn | The ARN of the analyzer to use to scan the policies applied to the specified resource. | Required |
| resourceArn | The ARN of the resource to scan. | Required |
| region | The AWS Region, if not specified the default region will be used. | Optional |
| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
| roleSessionName | An identifier for the assumed role session. | Optional |
| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output#
There is no context output for this command.
Command Example#
!aws-access-analyzer-start-resource-scan analyzerArn=arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 resourceArn=arn:aws:iam::120685635585:role/OrganizationAccountAccessRole
Human Readable Output#
Resource scan request sent.
aws-access-analyzer-update-findings#
Updates findings with the new values provided in the request.
Base Command#
aws-access-analyzer-update-findings
Input#
| Argument Name | Description | Required |
|---|---|---|
| analyzerArn | The ARN of the analyzer that generated the findings to update. | Required |
| findingIds | The IDs of the findings to update (comma separated). | Required |
| status | The ARN of the resource to scan. Possible values are: ACTIVE, ARCHIVED. | Required |
| region | The AWS Region, if not specified the default region will be used. | Optional |
| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional |
| roleSessionName | An identifier for the assumed role session. | Optional |
| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional |
Context Output#
There is no context output for this command.
Command Example#
!aws-access-analyzer-update-findings analyzerArn=arn:aws:access-analyzer:us-east-2:120685635585:analyzer/ConsoleAnalyzer-k80aff71-2468-47l7-b24c-p8992b3f10d5 findingIds=78eb6782-5387-49k0-bpe5-39am61c3baee status=ACTIVE
Human Readable Output#
Findings updated