Release Notes

Investigate risks

Triage authorization risks, prioritize issues, and take action

Overview

This guide explains how to investigate authorization risks in Veza. The Risks page supports a triage workflow that helps you systematically identify, prioritize, and address security issues across your environment.

Use this workflow to:

  • Identify which risk categories need the most attention

  • Prioritize response efforts based on severity and impact

  • Drill down to specific entities that require action

  • Take action through rules, alerts, access reviews, or exceptions

Before you start

Before investigating risks:

  • Ensure your integrations are configured and extracting data

  • Review the Risk Profile categories to understand how risks are classified

  • Familiarize yourself with your organization's risk tolerance and response policies

Triage risks by category

Start on the Overview tab to understand your overall risk landscape. The Risk Profile cards show where risks are concentrated: MFA Health, Privileged Access, Dormant Access, Blast Radius, Orphaned Access, Access Risk, and Identity Hygiene. An Uncategorized card shows risks without an assigned profile.

  1. Go to Access Intelligence > Risks.

  2. Review the Risk Profiles cards to see the count of open risks in each category.

  3. Review the Risks by Level chart to understand severity distribution.

  4. Check Top Affected Integrations to identify which systems have the most risks.

Click a Risk Profile card to navigate to the All Risks tab filtered by that category.

Filter and prioritize risks

Use the All Risks tab filters to narrow your focus to the most important risks.

  1. On the All Risks tab, apply filters based on your priorities:

    • Status: Select "Open" to see only risks requiring attention

    • Risk Level: Start with "Critical" and "High" severity risks

    • Risk Profiles: Focus on a specific category if you clicked through from Overview

    • Integration Types: Filter to specific systems if needed

  2. Sort the table by Affected Entities to see which queries flag the most entities.

  3. Review query names to understand what each risk detects.

Drill into affected entities

Click the Affected Entities count for a query to see the specific entities flagged by that risk.

  1. Click the entity count in the Affected Entities column.

  2. Review each entity's attributes and understand why it matches the query conditions.

  3. Determine the appropriate action:

    • Fix: Address the underlying issue in the source system

    • Exception: Mark as acceptable if the access is intentional

    • Escalate: Create an access review for stakeholder evaluation

Take action

The Risks page provides different actions depending on whether you're working at the query level or entity level.

Query-level actions

From the All Risks table, click the Actions menu (โ‹ฎ) for a risk query to access:

Action
Description

Open in Query Builder

View and modify the query definition

Create Rule

Create an automation rule with Veza Actions

Create Alert

Set up notifications when query results change

Manage Exceptions

View and manage all exceptions for this query

Manage Risk Details

Update risk level and Risk Profile assignments

Launch Access Review

Create an access review for flagged entities

Entity-level actions

From the Affected Entities tab in query details, click the Actions menu (โ‹ฎ) for an entity to access:

Action
Description

Open in Graph

View the entity and its relationships in Graph view

Open in Query Builder

Open the query with this entity in context

Mark as Exception

Mark the entity as an exception for this risk

Add Risk Assignee

Assign an owner for addressing this risk entity

Add Note

Add contextual notes about this entity

Mark as exception

If the access is intentional and acceptable, mark the entity as an exception:

  1. Navigate to the Affected Entities tab for the risk query.

  2. Click the Actions menu (โ‹ฎ) for the entity.

  3. Click Mark as Exception.

  4. Add a note explaining why the exception is appropriate.

  5. Click Confirm.

For detailed instructions, see Manage risk exceptions.

Create a rule or alert

Set up automated responses for risk conditions:

  1. From the All Risks table, click Actions for the risk query.

  2. Click Create Rule or Create Alert.

  3. Configure the trigger conditions and actions.

  4. Save the rule.

Launch an access review

Escalate to stakeholders for evaluation:

  1. From the All Risks table, click Actions for the risk query.

  2. Click Launch Access Review.

  3. Configure the review scope and reviewers.

  4. Start the review.

For more information, see Create a review. You can also configure On-demand reviews to automatically create reviews when risk conditions are detected.

Track progress

Monitor your risk response efforts over time:

  1. Return to the Overview tab.

  2. Review the Open & Resolved Risks chart to see Open vs. Resolved trends.

  3. Check if risk counts are decreasing in your target Risk Profile categories.

A risk becomes Resolved when all flagged entities have been addressedโ€”either by fixing the underlying issue or by marking them as exceptions.

See also

PreviousRisksNextConfigure risk levels and profiles

Last updated

Was this helpful?