List all Cloud Permissions of a Compromised User
Exposure Management Cloud Permissions User
Query
// Cloud Permissions Compromised User
let UserName = "Bert-Jan Pals";
ExposureGraphEdges
| where EdgeLabel == "has permissions to"
| where SourceNodeName == UserName
| extend Type = extract(@'"name":"(.*?)"', 1, tostring(EdgeProperties))
| project SourceNodeName, EdgeLabel, Type, TargetNodeName, TargetNodeLabel, EdgeProperties
| sort by Type, TargetNodeLabel, TargetNodeNameAbout this query
List all Cloud Permissions of a Compromised User
Sentinel
Explanation
This query is designed to list all the cloud permissions associated with a specific user, "Bert-Jan Pals," who is considered compromised. Here's a simple breakdown of what the query does:
-
Define the User: It sets the variable
UserNameto "Bert-Jan Pals," which is the user whose permissions we want to investigate. -
Filter Data: It looks into a dataset called
ExposureGraphEdgesto find records where the relationship (or "edge") is labeled as "has permissions to." This means we're interested in connections that indicate permissions. -
Focus on the User: It further filters these records to only include those where "Bert-Jan Pals" is the source, meaning he is the one who has the permissions.
-
Extract Permission Type: The query extracts the type of permission from a field called
EdgePropertiesusing a regular expression. This helps in identifying what kind of permission is granted. -
Select and Organize Data: It selects specific columns to display: the source user name, the type of permission, the target resource name, and other related properties.
-
Sort the Results: Finally, it sorts the results by the type of permission, the label of the target resource, and the name of the target resource for easier analysis.
In summary, this query retrieves and organizes information about all the cloud permissions that "Bert-Jan Pals" has, helping to assess potential security risks associated with his account.
Details

Bert-Jan Pals
Released: December 1, 2024
Tables
Keywords
Operators