Supported detections
Identity Security Posture Management can detect these issues in your organization.
|
Issue |
Security impact |
Risk category |
|---|---|---|
| Leaked stale passwords - Accounts without MFA | Critical | Attack Vector (toxic combination) |
| No MFA - Super/Global Admin | Critical | MFA |
| Old Password, No MFA, Unused admins | Critical | Attack Vector (toxic combination) |
| Pending MFA - Global Admin Account | Critical | MFA |
| Console access for service accounts - Admin | High | Least Privilege |
| Emergency Admin In Use | High | Least Privilege |
| Excessive number of super admins | High | Least Privilege |
| Leaked stale passwords - Accounts with MFA | High | Attack Vector (toxic combination) |
| No MFA - Admin | High | MFA |
| Old Password, No MFA, Unused accounts | High | Attack Vector (toxic combination) |
| Old Password, No MFA, Unused service accounts | High | Attack Vector (toxic combination) |
| Old Password - Admin Account | High | Password Hygiene |
| Old Password - Admin Service Account | High | Password Hygiene |
| Old Password - Global Admin Account | High | Password Hygiene |
| Old Password - Global Admin Service Account | High | Password Hygiene |
| Partially Off-boarded user | High | Account Sprawl |
| Pending MFA - Admin Account | High | MFA |
| SSO Bypass - Admin | High | MFA |
| Unused Administrative Roles | High | Least Privilege |
| Unused AWS Administrative Permission Sets | High | Least Privilege |
| Unused Administrative Roles - Service Accounts | High | Least Privilege |
| Unused Admin Account | High | Least Privilege |
| Unused Global Admin | High | Least Privilege |
| Unused Admin Service Account | High | Least Privilege |
| Unused Global Admin Service Account | High | Least Privilege |
| Unrotated Active Access Keys - Admin | High | Least Privilege |
| AWS cross-account privilege escalation | Medium | Least Privilege |
| Console access for service accounts - Account | Medium | Least Privilege |
| No MFA - User Account | Medium | MFA |
| No MFA Enforced - Global Admin Account | Medium | MFA |
| Old Password - Account | Medium | Password Hygiene |
| Old Password - Service Account | Medium | Password Hygiene |
| Pending MFA - Account | Medium | MFA |
| SSO Bypass - Account | Medium | MFA |
| Stale Login Methods | Medium | Least Privilege |
| Unused Account | Medium | Least Privilege |
| Unused Service Account | Medium | Least Privilege |
| Orphan Account | Low | Least Privilege |