Insights to understand and act on authorization risks and relationships that Veza has discovered.
Last updated
Was this helpful?
Veza's query-driven insights enable organizations to observe, track, and remediate authorization risks using the power of the Authorization Graph. See following sections and related topics to learn more about Reports, Rules and Alerts, Risks, and Analysis.
Getting started
You can quickly get started with Veza Insights by exploring the Dashboard, and clicking Open in Reports to view the associated Queries in detail.
Identify a Saved Query you want to track.
Add that query to a new Report
Add the Report to the Dashboard.
Give the query a Risk Level to flag entities in the results.
Create a Rule to get notifications when the query results meet the specified conditions.
Repeat the process for other Saved Queries.
A Report is a collection of Saved Queries, organized to best meet the needs of a specific organization, team, or user.
Opening a report shows a summary of current results, with the option to view trends, investigate entities and relationships in Graph, or open and change the original search in Query Builder.
Reports can be Veza-built or user-created, and set to private or public visibility. Owners can make customizations by opening a report and clicking Edit.
Adding reports to Dashboard section allows users to customize summaries that appear on the primary Veza Home page for easy access and continuous monitoring. Dashboard tiles show the trending change for the last week or month, and the most recent query results. You can edit these reports and queries to focus on the most important findings.
You can define and monitor security baselines using Rules and Alerts for Saved Queries. A rule consists of a baseline query, thresholds of conditions, and notification settings. Alerts trigger when the Rule's conditions are met.
Rules can trigger when the total number of results change
Rules can also trigger when there are changes in properties for entities in the query results.
Rules can trigger an alert in the form of a service desk ticket, an email, or a custom webhook.
You can track least privilege violations, anomalies, and non-standard configurations by marking a Saved Query as a risk and setting a risk level. You can write your own queries to define potential exploits and access control risks, or use out-of-the-box saved queries.
The results of these queries are highlighted in Graph search when Show Risks is enabled. Active risks be reviewed on the Risks page. For results that can't be acted on or are safe to ignore, you can individually mark the entities as exceptions, or add filters to the original query.
The Analysis page provides utility search interfaces for specific tasks like constructing Segregation of Duty queries and reviewing Group and Role assignments. For example, you can find all users belonging to a group, all users that can assume a role, or review all group/role access for a single user.
Segregation of Duty (SoD) queries enable identification of users with inappropriate combinations of resource permissions, roles, or group memberships. The SoD builder allows for complex combinations of AND/OR statements that are not available in the standard Query Builder.
The Comparison view enables you to compare any user of a given type to another user of that same type.
Comparison is most useful after you have created a baseline profile (such as an engineering_profile Okta User ) with the appropriate level of access. You can then compare other users to the baseline to see how group and resource access varies from the established norm.
