Unused IAM Group
Removing orphaned and unused IAM groups eliminates the risk that a forgotten group will be used accidentally to allow unauthorized...
Cloud Risks
IAM Groups with Inline Policies
IAM group '{AwsIamGroup}' is using inline policies. Ensure that your IAM groups are using managed policies instead of inline policies...
IAM Policy statement with service wildcard
This control checks whether the IAM identity-based policies that you create have Allow statements that use the * wildcard to...
User with an admin/data owner/data editor access to BigQuery
The user {GcpUser} was granted an access to BigQuery as an Admin or Data Owner or Data Editor. This can...
Internet-Facing Ec2 Instance Has Full Access to EC2
The internet-facing asset {AwsEc2Instance} ({AwsEc2Instance.InstanceId}) was found to have full access to your EC2 resources. Instance Profiles with the AmazonEC2FullAccess...
AKS RBAC disabled
RBAC is not enabled in {AzureAksCluster}. By enabling and configuring RBAC in your Kubernetes cluster you can grant users, groups,...
EC2 Instance with Administrator Privileges
The AWS EC2 Instance was found to have full administrative privileges to your account. Instance Profiles with full administrative privileges...
User with Privilege Escalation Permissions without MFA
User has roles which allows Privilege escalation, while the user does not have multi-factor authentication activated. If the user will...
Azure principal with privilege escalation permissions
Principal has a role assignment that allows privilege escalation. If the principal will be compromised, the entire account can be...