View Recommendations

The View Recommendations page lists open and completed recommendations, in grid displays that can be customized, sorted, and filtered.

To view the page, click Menu at the top of the left navigation bar, and click Recommendations.

Open Recommendations Tab

Cloud Privilege Broker display of Recommendations. One has been selected to ignore or view details.

The grid under this tab shows all open recommendations, and details about each one, including:

  • Principal Name
  • Principal Type
  • Risk Level
  • Recommendation
  • Cloud Service
  • Cloud Connector Name

View Recommendations

There are several types of recommendations. These include:

  • Enable MFA: This recommendation identifies accounts without multi-factor identification (MFA), and provides a link to documentation on using MFA.
  • Review Permissions: This recommendation identifies accounts where there is no activity detected. A recommendation is made to review the account and establish if it is misconfigured or no longer required in the system.
    • For AWS principals, Cloud Privilege Broker analyzes AWS IAM and CloudTrail, and determines accounts with one or more AWS permissions where none of the permissions have been used in the past 90 days.
    • For Azure principals, Cloud Privilege Broker analyzes Azure AD and Azure Log Analytics, and determines accounts with one or more Azure permissions where none of the permissions has been used in the past 90 days.
  • Remove Permissions: This recommendation identifies accounts where some permissions have not been used. A recommendation is made to remove excess permissions and apply a new policy generated by Cloud Privilege Broker that contains only permissions in active use.
    • For AWS principals, Cloud Privilege Broker analyzes AWS IAM and CloudTrail, and determines accounts with multiple AWS permissions where one or more have not been used in the past 90 days. The unused permissions are recommended for removal.
    • For Azure principals, Cloud Privilege Broker analyzes Azure AD and Azure Log Analytics, and determines accounts with multiple Azure permissions where one or more have not been used in the past 90 days. The unused permissions are recommended for removal.

To view additional details about recommendations, click the vertical ellipsis at the right end of the row, and click View Recommendation Details.

The details for some recommendations include a Get Steps button for additional information on how to complete the recommendation. Information here may include a more detailed explanation, a link to the appropriate cloud service documentation, and an option to view and copy a policy in JSON format. Large policies may be divided into multiple tabs.

 

A recommendation can be flagged as ignored, to remove it from the displayed list without completing it. To ignore a recommendation, click the vertical ellipsis at the right end of the row, and click Ignore Recommendation. A message box confirms the request. You can ignore multiple recommendations by selecting the recommendations and clicking Ignore Recommendation above the grid.

Ignored recommendations are still open, and can be viewed by using the filter. Select Ignored as the Filter by option, and then select Ignored from the dropdown list of filter choices.

Data for recommendations may not be updated until the next scan.

Completed Recommendations Tab

The grid under this tab shows all completed recommendations, and details about each one.

For more information about customizing, sorting, filtering, and selecting displayed records, please see Change and Filter the Record Display.