Access Intelligence

Veza's query-driven insights enable organizations to observe, track, and remediate authorization risks using the power of the Authorization Graph. See following sections and related topics to learn more about Reports, Rules and Alerts, Risks, and Analyze.

Getting started

You can quickly get started with Veza Insights by exploring the Dashboard, and clicking Open in Reports to view the associated Queries in detail.

1. Identify a Saved Query you want to track.

2. Add that query to a new Report

3. Add the Report to the Dashboard.

4. Give the query a Risk Level to flag entities in the results.

5. Create a Rule to get notifications when the query results meet the specified conditions.

6. Repeat the process for other Saved Queries.

Reports

A Report is a collection of Saved Queries, organized to best meet the needs of a specific organization, team, or user.

Opening a report shows a summary of current results, with the option to view trends, investigate entities and relationships in Graph, or open and change the original search in Query Builder.

Reports can be Veza-built or user-created, and set to private or public visibility. Owners can make customizations by opening a report and clicking Edit.

Dashboards

Adding reports to Dashboard section allows users to customize summaries that appear on the primary Veza Home page for easy access and continuous monitoring. Dashboard tiles show the trending change for the last week or month, and the most recent query results. You can edit these reports and queries to focus on the most important findings.

Rules and alerts

You can define and monitor security baselines using Rules and Alerts for Saved Queries. A rule consists of a baseline query, thresholds of conditions, and notification settings. Alerts trigger when the Rule's conditions are met.

• Rules can trigger when the total number of results change

• Rules can also trigger when there are changes in properties for entities in the query results.

• Rules can trigger an alert in the form of a service desk ticket, an email, or a custom webhook.

Risks

You can track least privilege violations, anomalies, and non-standard configurations by marking a Saved Query as a risk and setting a risk level. You can write your own queries to define potential exploits and access control risks, or use out-of-the-box saved queries.

The results of these queries are highlighted in Graph search when Show Risks is enabled. Active risks be reviewed on the Risks page. For results that can't be acted on or are safe to ignore, you can individually mark the entities as exceptions, or add filters to the original query.

Analyze and Compare

The Analyze page provides utility search interfaces for specific tasks like reviewing Group and Role assignments. For example, you can find all users belonging to a group, all users that can assume a role, or review all group/role access for a single user.

The Compare feature allows security and identity teams to perform side-by-side comparative analysis of permissions between users or between roles. This functionality helps identify access differences, potential privilege violations, and supports access governance initiatives. See Compare for more details.

Compare offers two main functionalities:

1. User Comparison - Compare two users of the same type

2. Role Comparison - Compare two roles of the same type

Comparison is most useful after you have created baseline profiles (such as an engineering_profile Okta User or a standardized AWS IAM Role) with the appropriate level of access. You can then compare other users or roles to the baseline to see how group and resource access varies from the established norm.

For more advanced Segregation of Duty (SoD) capabilities, Veza offers a dedicated SoD feature that enables comprehensive identification and management of toxic access combinations across your organization.