PermissionsAnalytics.Read.OwnedBy
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
PermissionsAnalytics.Read.OwnedBypermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | - | - |
| DisplayText | - | - |
| Description | - | - |
| AdminConsentRequired | - | - |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods |
|---|
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods | |
|---|---|
→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)
| Commands |
|---|
→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)
| Commands | |
|---|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
- awsExternalSystemAccessFinding
- awsExternalSystemAccessRoleFinding
- awsIdentityAccessManagementKeyAgeFinding
- awsIdentityAccessManagementKeyUsageFinding
- encryptedAwsStorageBucketFinding
- encryptedAzureStorageAccountFinding
- encryptedGcpStorageBucketFinding
- externallyAccessibleAwsStorageBucketFinding
- externallyAccessibleAzureBlobContainerFinding
- externallyAccessibleGcpStorageBucketFinding
- inactiveAwsResourceFinding
- inactiveAwsRoleFinding
- inactiveAzureServicePrincipalFinding
- inactiveGcpServiceAccountFinding
- inactiveGroupFinding
- inactiveServerlessFunctionFinding
- inactiveUserFinding
- openAwsSecurityGroupFinding
- openNetworkAzureSecurityGroupFinding
- overprovisionedAwsResourceFinding
- overprovisionedAwsRoleFinding
- overprovisionedAzureServicePrincipalFinding
- overprovisionedGcpServiceAccountFinding
- overprovisionedServerlessFunctionFinding
- overprovisionedUserFinding
- permissionsAnalyticsAggregatedIamKeySummary
- permissionsAnalyticsAggregatedIdentitySummary
- privilegeEscalationAwsResourceFinding
- privilegeEscalationAwsRoleFinding
- privilegeEscalationGcpServiceAccountFinding
- privilegeEscalationUserFinding
- secretInformationAccessAwsResourceFinding
- secretInformationAccessAwsRoleFinding
- secretInformationAccessAwsServerlessFunctionFinding
- secretInformationAccessAwsUserFinding
- securityToolAwsResourceAdministratorFinding
- securityToolAwsRoleAdministratorFinding
- securityToolAwsServerlessFunctionAdministratorFinding
- securityToolAwsUserAdministratorFinding
- superAwsResourceFinding
- superAwsRoleFinding
- superAzureServicePrincipalFinding
- superGcpServiceAccountFinding
- superServerlessFunctionFinding
- superUserFinding
- unenforcedMfaAwsUserFinding
- virtualMachineWithAwsStorageBucketAccessFinding
Graph reference: awsExternalSystemAccessFinding
| Property | Type | Description |
|---|---|---|
| accessMethods | externalSystemAccessMethods | Specifies if the system can be accessed directly, via role chaining, or both. The possible values are: direct, roleChaining, unknownFutureValue. Supports $filter (eq). |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| systemWithAccessId | string | The account ID for the external system that is able to access the given system. |
| systemWithAccess | authorizationSystemInfo | The external system that is able to access the given system. |
| trustedIdentityCount | Int32 | The number of identities in the external system that are trusted, if not all. Supports $orderby. |
| trustsAllIdentities | Boolean | Flag that determines if all identities in the external system are trusted, or only a subset. |
Graph reference: awsExternalSystemAccessRoleFinding
| Property | Type | Description |
|---|---|---|
| accessibleSystemIds | String collection | The IDs of the accounts that this role is able to access. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. |
Graph reference: awsIdentityAccessManagementKeyAgeFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. |
| status | iamStatus | Status of the IAM access Key. The possible values are: active, inactive, disabled, unknownFutureValue. |
Graph reference: awsIdentityAccessManagementKeyUsageFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. |
| status | iamStatus | Status of the IAM Access Key. The possible values are: active, inactive, disabled, unknownFutureValue. |
Graph reference: encryptedAwsStorageBucketFinding
| Property | Type | Description |
|---|---|---|
| accessibility | awsAccessType | Aws resources access type. The possible values are: public, restricted, crossAccount, private, unknownFutureValue. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
Graph reference: encryptedAzureStorageAccountFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| encryptionManagedBy | azureEncryption | Specifies who manages encryption of Azure storage accounts. The possible values are: microsoftStorage, microsoftKeyVault, customer, unknownFutureValue. |
| id | String | Unique identifier for the Finding. Inherited from entity. |
Graph reference: encryptedGcpStorageBucketFinding
| Property | Type | Description |
|---|---|---|
| accessibility | gcpAccessType | GCP resources access type. The possible values are: public, subjectToObjectAcls, private, unknownFutureValue. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| encryptionManagedBy | gcpEncryption | Specifies who manages encryption of GCP storage buckets. The possible values are: google, customer, unknownFutureValue. |
| id | String | Unique identifier for the finding. Inherited from entity. |
Graph reference: externallyAccessibleAwsStorageBucketFinding
| Property | Type | Description |
|---|---|---|
| accessibility | awsAccessType | Aws resources access type.The possible values are: public, restricted, crossAccount, private, unknownFutureValue. |
| accountsWithAccess | accountsWithAccess | Contains information on external Aws accounts that have access to a storage bucket |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
Graph reference: externallyAccessibleAzureBlobContainerFinding
| Property | Type | Description |
|---|---|---|
| accessibility | azureAccessType | resources access type.The possible values are: public, private, unknownFutureValue. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| encryptionManagedBy | azureEncryption | Specifies who manages encryption of Azure storage accounts.The possible values are: microsoftStorage, microsoftKeyVault, customer, unknownFutureValue. |
| id | String | Unique identifier for the finding. Inherited from entity. |
Graph reference: externallyAccessibleGcpStorageBucketFinding
| Property | Type | Description |
|---|---|---|
| accessibility | gcpAccessType | GCP resources access type. The possible values are: public, subjectToObjectAcls, private, unknownFutureValue. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| encryptionManagedBy | gcpEncryption | Specifies who manages encryption of GCP storage buckets.The possible values are: google, customer, unknownFutureValue. |
| id | String | Unique identifier for the finding. Inherited from entity. |
Graph reference: inactiveAwsResourceFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: inactiveAwsRoleFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and may not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: inactiveAzureServicePrincipalFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
Graph reference: inactiveGcpServiceAccountFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and may not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: inactiveGroupFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to this group identity and actions executed by this group identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and may not reflect the current values for the group identity. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. |
Graph reference: inactiveServerlessFunctionFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: inactiveUserFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and may not reflect the current values for the identity. Supports $select. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: openAwsSecurityGroupFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| inboundPorts | inboundPorts | Contains information on inbound ports related to an open security group. Supports $filter (eq) $select. |
| totalStorageBucketCount | Int32 | The number of storage buckets accessed by the assigned compute instances. |
Graph reference: openNetworkAzureSecurityGroupFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| inboundPorts | inboundPorts | Contains information on inbound ports related to an open security group. |
Graph reference: overprovisionedAwsResourceFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: overprovisionedAwsRoleFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: overprovisionedAzureServicePrincipalFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: overprovisionedGcpServiceAccountFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and may not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: overprovisionedServerlessFunctionFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the Finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: overprovisionedUserFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: permissionsAnalyticsAggregatedIamKeySummary
| Property | Type | Description |
|---|---|---|
| findingsCountOverLimit | Int32 | The total number of identities of a specific kind that has a specific finding type. |
| totalCount | Int32 | The total number of identities in an authorization system that Permissions Management checked for a specific finding. |
Graph reference: permissionsAnalyticsAggregatedIdentitySummary
| Property | Type | Description |
|---|---|---|
| findingsCount | Int32 | The total number of identities of a specific kind that has a specific finding type. |
| totalCount | Int32 | The total number of identities in an authorization system that Permissions Management checked for a specific finding. |
Graph reference: privilegeEscalationAwsResourceFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from privilegeEscalationFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from privilegeEscalationFinding. |
Graph reference: privilegeEscalationAwsRoleFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from privilegeEscalationFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from privilegeEscalationFinding. |
Graph reference: privilegeEscalationGcpServiceAccountFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from privilegeEscalationFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from privilegeEscalationFinding. |
Graph reference: privilegeEscalationUserFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from privilegeEscalationFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from privilegeEscalationFinding. |
Graph reference: secretInformationAccessAwsResourceFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| lastActiveDateTime | DateTimeOffset | Defines the last time the identity in this finding executed an authorization system action. Inherited from awsSecretInformationAccessFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from awsSecretInformationAccessFinding. |
| secretInformationWebServices | awsSecretInformationWebServices | AWS secret stores which can be accessed by the user, role, resource or serverless function Inherited from awsSecretInformationAccessFinding.The possible values are: secretsManager, certificateAuthority, cloudHsm, certificateManager, unknownFutureValue. |
Graph reference: secretInformationAccessAwsRoleFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| lastActiveDateTime | DateTimeOffset | Defines the last time the identity in this finding executed an authorization system action. Inherited from awsSecretInformationAccessFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from awsSecretInformationAccessFinding. |
| secretInformationWebServices | awsSecretInformationWebServices | AWS secret stores that a user, role, resource, or serverless function can access. Inherited from awsSecretInformationAccessFinding. The possible values are: secretsManager, certificateAuthority, cloudHsm, certificateManager, unknownFutureValue. |
Graph reference: secretInformationAccessAwsServerlessFunctionFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| lastActiveDateTime | DateTimeOffset | Defines the last time the identity in this finding executed an authorization system action. Inherited from awsSecretInformationAccessFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from awsSecretInformationAccessFinding. |
| secretInformationWebServices | awsSecretInformationWebServices | *W |
Graph reference: secretInformationAccessAwsUserFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| lastActiveDateTime | DateTimeOffset | Defines the last time the identity in this finding executed an authorization system action. Inherited from awsSecretInformationAccessFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from awsSecretInformationAccessFinding. |
| secretInformationWebServices | awsSecretInformationWebServices | *W |
Graph reference: securityToolAwsResourceAdministratorFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| lastActiveDateTime | DateTimeOffset | Defines the last time the identity in this finding executed an authorization system action. Inherited from awsSecurityToolAdministrationFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from awsSecurityToolAdministrationFinding. |
| securityTools | awsSecurityToolWebServices | AWS security tools which can be administered by the user, role, resource or serverless functionInherited from awsSecurityToolAdministrationFinding.The possible values are: macie, wafShield, cloudTrail, inspector, securityHub, detective, guardDuty, unknownFutureValue. |
Graph reference: securityToolAwsRoleAdministratorFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| lastActiveDateTime | DateTimeOffset | Defines the last time the identity in this finding executed an authorization system action. Inherited from awsSecurityToolAdministrationFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from awsSecurityToolAdministrationFinding. |
| securityTools | awsSecurityToolWebServices | AWS security tools which can be administered by the user, role, resource or serverless function. Inherited from awsSecurityToolAdministrationFinding.The possible values are: macie, wafShield, cloudTrail, inspector, securityHub, detective, guardDuty, unknownFutureValue. |
Graph reference: securityToolAwsServerlessFunctionAdministratorFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| securityTools | awsSecurityToolWebServices | AWS security tools which can be administered by the user, role, resource or serverless function. Inherited from awsSecurityToolAdministrationFinding.The possible values are: macie, wafShield, cloudTrail, inspector, securityHub, detective, guardDuty, unknownFutureValue. |
Graph reference: securityToolAwsUserAdministratorFinding
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| lastActiveDateTime | DateTimeOffset | Defines the last time the identity in this finding executed an authorization system action. Inherited from awsSecurityToolAdministrationFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from awsSecurityToolAdministrationFinding. |
| securityTools | awsSecurityToolWebServices | AWS security tools which can be administered by the user, role, resource or serverless functionInherited from awsSecurityToolAdministrationFinding.The possible values are: macie, wafShield, cloudTrail, inspector, securityHub, detective, guardDuty, unknownFutureValue. |
Graph reference: superAwsResourceFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: superAwsRoleFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: superAzureServicePrincipalFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: superGcpServiceAccountFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: superServerlessFunctionFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: superUserFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: unenforcedMfaAwsUserFinding
| Property | Type | Description |
|---|---|---|
| actionSummary | actionSummary | Contains information on authorization system actions granted to an identity and actions executed by this identity in the last 90 days. This property and its values are a snapshot as of when the finding was created and might not reflect the current values for the identity. Inherited from identityFinding. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Unique identifier for the finding. Inherited from entity. |
| identityDetails | identityDetails | An identity's information details. Inherited from identityFinding. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. Inherited from identityFinding. |
Graph reference: virtualMachineWithAwsStorageBucketAccessFinding
| Property | Type | Description |
|---|---|---|
| accessibleCount | Int32 | The total number of storage buckets that the EC2 instance can access using the role. |
| bucketCount | Int32 | The total number of storage buckets in the authorization system that hosts the EC2 instance. |
| createdDateTime | DateTimeOffset | Defines when the finding was created. Inherited from finding. |
| id | String | Identifier for the finding. Inherited from entity. |
| permissionsCreepIndex | permissionsCreepIndex | A score for an identity's excessive permissions that is classified into three buckets: 0-33: low, 34-66: medium, 67-100: high. This property and its values are a snapshot as of when the finding was created and might not reflect the current score for the identity. Supports $filter (gt) and $orderby. |