Enrichment Rules

Overview

Enrichment rules allow you to automatically identify and categorize important entities in your environment, such as privileged roles, critical resources, and non-human identities. After configuring an enrichment rule, matching entities are updated with special attributes. Using these attributes to define filters and conditions enables rules, access reviews, and other capabilities for these special entities.

To create an enrichment rule, you first need to use the Query Builder to save a query identifying the entities to enrich. The criteria can be based on various factors, such as:

• An attribute (e.g., a naming convention or another property that identifies non-human service accounts)

• Permissions granted by a role

• Other distinguishing relationship between entities.

Enrichment Rule Types

Veza currently supports three types of enrichment rules:

• Non-Human Identities (NHI): Automatically label users with the identity type attribute by setting the value to HUMAN or NONHUMAN.

• Privileged Access: Roles that meet the query condition will have the is privileged attribute set to TRUE.

• Critical Resources: Resources in the query results will have the criticality level attribute set to LOW, MEDIUM, HIGH, or CRITICAL.

When extracting metadata from an integration, Veza will check for matching enrichment rules and update entities that meet the conditions specified by the saved query. For example, an enrichment rule could label roles that grant access to specific permissions or resources as "privileged," mark identities as non-human based on a naming convention, or set a criticality level for resources based on existing tags or attributes.

Create an Enrichment Rule

Administrators can use the Integrations > Enrichment page to manage and create rules. To create a rule, you must specify:

• The enrichment rule type.

• The integrations, data sources, and entity type the rule applies to.

• Rule options, such as the criticality level for critical resources.

To define an enrichment rule:

1. Navigate to the Enrichment Page:

   • Go to Integrations > Enrichment.

   • Click Add Enrichment Rule.

2. Name the Rule:

   • Enter an identifiable name in the Rule Name field.

3. Select the Enrichment Rule Type:

   • Choose one of the following options:

     • Non-Human Identities (NHI): For matching users, set the identity type attribute value (HUMAN or NONHUMAN).

     • Privileged Access: For matching roles, set the is privileged attribute to TRUE.

     • Critical Resources: For matching resources, set the criticality level attribute (LOW, MEDIUM, HIGH, or CRITICAL).

4. Choose Integrations:

   • Use the Integrations dropdown to select the specific integrations the rule will apply to.

5. Select Entity Type:

   • Choose a supported Entity Type (e.g., users, roles, resources) from those data sources.

6. Pick a Saved Query:

   • Select a saved query that identifies the entities to enrich.

7. Save the Rule:

   • Click Save to apply the changes.

Veza will apply the enrichment rules the next time data sources are extracted. You can trigger this manually by clicking Start Extraction on the Integrations > All Data Sources page.

Manage Enrichment Rules

Use the Integrations > Enrichment page to view all rules and edit or delete individual rules:

1. Access the Enrichment Page:

   • Go to Integrations > Enrichment.

2. View Rules by Type:

   • Choose a tab to view rules by type:

     • Non-Human Identities (NHI)

     • Privileged Access

     • Critical Resources

3. Edit or Delete Rules:

   • Click Edit to update a rule or Delete to remove it.

4. Enable / Disable Rules:

   • Toggle the switch in the Enabled column to activate or deactivate a rule.

   • Disabling a rule removes its enrichment metadata from existing entities upon the next data source extraction.