Enrichment Rules
Use enrichment rules to identify non-human identities, privileged access, and critical resources.
Overview
Enrichment rules allow you to automatically identify and categorize important entities in your environment, such as privileged roles, critical resources, and non-human identities. After configuring an enrichment rule, matching entities are updated with special attributes. Using these attributes to define filters and conditions enables rules, access reviews, and other capabilities for these special entities.
To create an enrichment rule, you first need to use the Query Builder to save a query identifying the entities to enrich. The criteria can be based on various factors, such as:
An attribute (e.g., a naming convention or another property that identifies non-human service accounts)
Permissions granted by a role
Other distinguishing relationship between entities.
Enrichment Rule Types
Veza currently supports three types of enrichment rules:
Non-Human Identities (NHI): Automatically label users with the
identity type
attribute by setting the value toHUMAN
orNONHUMAN
.Privileged Access: Roles that meet the query condition will have the
is privileged
attribute set toTRUE
.Critical Resources: Resources in the query results will have the
criticality level
attribute set toLOW
,MEDIUM
,HIGH
, orCRITICAL
.
When extracting metadata from an integration, Veza will check for matching enrichment rules and update entities that meet the conditions specified by the saved query. For example, an enrichment rule could label roles that grant access to specific permissions or resources as "privileged," mark identities as non-human based on a naming convention, or set a criticality level for resources based on existing tags or attributes.
Create an Enrichment Rule
Administrators can use the Integrations > Enrichment page to manage and create rules. To create a rule, you must specify:
The enrichment rule type.
The integrations, data sources, and entity type the rule applies to.
Rule options, such as the criticality level for critical resources.
To define an enrichment rule:
Navigate to the Enrichment Page:
Go to Integrations > Enrichment.
Click Add Enrichment Rule.
Name the Rule:
Enter an identifiable name in the Rule Name field.
Select the Enrichment Rule Type:
Choose one of the following options:
Non-Human Identities (NHI): For matching users, set the
identity type
attribute value (HUMAN
orNONHUMAN
).Privileged Access: For matching roles, set the
is privileged
attribute toTRUE
.Critical Resources: For matching resources, set the
criticality level
attribute (LOW
,MEDIUM
,HIGH
, orCRITICAL
).
Choose Integrations:
Use the Integrations dropdown to select the specific integrations the rule will apply to.
Select Entity Type:
Choose a supported Entity Type (e.g., users, roles, resources) from those data sources.
Pick a Saved Query:
Select a saved query that identifies the entities to enrich.
Save the Rule:
Click Save to apply the changes.
Veza will apply the enrichment rules the next time data sources are extracted. You can trigger this manually by clicking Start Extraction on the Integrations > All Data Sources page.
Manage Enrichment Rules
Use the Integrations > Enrichment page to view all rules and edit or delete individual rules:
Access the Enrichment Page:
Go to Integrations > Enrichment.
View Rules by Type:
Choose a tab to view rules by type:
Non-Human Identities (NHI)
Privileged Access
Critical Resources
Edit or Delete Rules:
Click Edit to update a rule or Delete to remove it.
Enable / Disable Rules:
Toggle the switch in the Enabled column to activate or deactivate a rule.
Disabling a rule removes its enrichment metadata from existing entities upon the next data source extraction.
Last updated