Create custom queries and convert them to risk signatures
Query Builder is one of the most powerful features that is available on the DSPM platform. It gives the users the ability to create custom search criterion based business or functional requirements and use those to retrieve targeted results.
Results can be downloaded to review the data and build out reports for any accounts that are onboarded. This can be used to review the configurations and inventory details on the actual account for further review of the overall security landscape.
Every entity, resource, or asset that is discovered from the Onboarded cloud accounts is stored along with the relationship information that it has to the other objects in that environment. These relationship details are used to build the structure on the DSPM platform that is eventually used for searching of these resources.
Any resources created on the cloud accounts are tagged as a resource and these are linked with the account ID of the cloud provider. This can be used for building out an inventory report for a resource on per account basis.
For example: to look up all the EC2 instances that are created under a specific AWS Account, users can run the following query:
MATCH (A:AWSAccount)-[R1:RESOURCE]->(B:EC2Instance) WHERE A.id = '100083560078' RETURN A.id as AWSAccountId, B.arn as EC2InstanceArnWhere <id> in A.id is the account-id of the AWS account for which the EC2 instances are to be searched and <RESOURCE> in R1.RESOURCE is the relationship between the Account and the Resource viz EC2Instance.
The relationship between resources and entities can be further extended up to the point where the final results are to be captured.
Additional columns for display for the final relationship entity can be selected from the selection box on the right hand corner by typing for the values which would then display the most closely matched set of available columns.