Skip to content

Latest commit

 

History

History
16 lines (12 loc) · 456 Bytes

ExposureManagement - CloudPermissionsUser.md

File metadata and controls

16 lines (12 loc) · 456 Bytes

List all Cloud Permissions of a Compromised User

Sentinel

// Cloud Permissions Compromised User
let UserName = "Bert-Jan Pals";
ExposureGraphEdges
| where EdgeLabel == "has permissions to"
| where SourceNodeName == UserName
| extend Type = extract(@'"name":"(.*?)"', 1, tostring(EdgeProperties))
| project SourceNodeName, EdgeLabel, Type, TargetNodeName, TargetNodeLabel, EdgeProperties
| sort by Type, TargetNodeLabel, TargetNodeName