Question

AWS IdC monitoring

  • 28 November 2023
  • 3 replies
  • 209 views

Hi,

 

Is there a way, or is there a roadmap, to monitor IdC users in AWS. The users created in one public cloud sync to AWS IdC. We can imagine that with some high privileges, perhaps, some permissions could be modified. Can Lacework put an eyes on this?

 

Thanks

Agent

Linux 6.6X

Platform

Using Lacework/Operationalizing

Cloud

AWS


3 replies

Userlevel 3
Badge

Hi Darioosh -- thank you for your question and taking advantage of the Lacework Community! 

 

We do support AWS Identity Center today.  Identities are sync’d via SCIM into the Identity Center and should show up in the Identity Explorer within the Lacework platform.  These identities are also monitored via CloudTrail, meaning you can expect User Entity Behavior Analytic (UEBA) alerts to trigger on anomalous behavior performed by these users. 

 

If you are expecting to see existing Identity Center users within Lacework but they are not showing up, please reach out to myself on the Community or contact your Lacework Account team for assistance. 

 

Happy Monday!

Craig Beyer Jr.

Customer Success Architect

Many thanks Craig,

 

I can confirm that identity explorer does not see newly created groups and users from IdP Provider in the AWS IdC.

 

I can see users in Resources\CloudTrial as IdC but I don’t see them in the Identity Explorer. I understand I should see them?

 

Dariusz

Userlevel 3
Badge

Thank you for the follow-up question, Dariusz. 

Could you please respond or email me your Lacework tenant so I can properly investigate? Thank you in advance.

 

Craig.beyerjr@lacework.net

Reply