Risk_Analysis_Reporting.md

graph LR
    Risk_Analysis_Orchestrator["Risk Analysis Orchestrator"]
    Finding_Generator_Dispatcher["Finding Generator Dispatcher"]
    Report_Aggregator["Report Aggregator"]
    Report_Presenter["Report Presenter"]
    Finding_Data_Model["Finding Data Model"]
    MFA_Action_Risk_Detector["MFA Action Risk Detector"]
    Admin_MFA_Compliance_Detector["Admin MFA Compliance Detector"]
    Privilege_Escalation_Detector["Privilege Escalation Detector"]
    Risk_Analysis_Orchestrator -- "calls" --> Report_Aggregator
    Risk_Analysis_Orchestrator -- "calls" --> Report_Presenter
    Finding_Generator_Dispatcher -- "calls" --> MFA_Action_Risk_Detector
    Finding_Generator_Dispatcher -- "calls" --> Admin_MFA_Compliance_Detector
    Finding_Generator_Dispatcher -- "calls" --> Privilege_Escalation_Detector
    Report_Aggregator -- "relies on" --> Finding_Generator_Dispatcher
    Report_Aggregator -- "consumes" --> Finding_Data_Model
    Report_Presenter -- "consumes" --> Finding_Data_Model
    MFA_Action_Risk_Detector -- "creates" --> Finding_Data_Model
    Admin_MFA_Compliance_Detector -- "creates" --> Finding_Data_Model
    Privilege_Escalation_Detector -- "creates" --> Finding_Data_Model

Loading

Details

The Risk Analysis & Reporting subsystem is responsible for identifying common AWS IAM security risks and misconfigurations, leveraging the graph structure and policy simulation capabilities to detect vulnerabilities, and generating structured findings and reports.

Risk Analysis Orchestrator

Serves as the primary entry point for initiating the risk analysis and report generation process. It orchestrates the flow from finding detection to report presentation.

Related Classes/Methods:

• gen_findings_and_print:43-51

Finding Generator Dispatcher

Acts as a central dispatcher, invoking various specialized functions to detect different types of security risks within the IAM graph.

Related Classes/Methods:

• gen_all_findings:67-79

Report Aggregator

Collects and aggregates all identified security findings into a comprehensive report structure.

Related Classes/Methods:

• gen_report:54-64

Report Presenter

Handles the final formatting and display of the generated risk report to the user, typically via the command-line interface.

Related Classes/Methods:

• print_report:519-548

Finding Data Model

Defines the structured data model for individual security findings, encapsulating details such as the type of risk, affected entities, and severity.

Related Classes/Methods:

• finding:19-37

MFA Action Risk Detector

Identifies security risks specifically related to Multi-Factor Authentication (MFA) actions and configurations.

Related Classes/Methods:

• gen_mfa_actions_findings:128-166

Admin MFA Compliance Detector

Detects administrative users within the IAM graph who do not have Multi-Factor Authentication (MFA) enabled, highlighting a common security misconfiguration.

Related Classes/Methods:

• gen_admin_users_without_mfa_finding:410-448

Privilege Escalation Detector

Analyzes the IAM graph to identify potential paths through which an entity could escalate its privileges beyond its intended scope.

Related Classes/Methods:

• gen_privesc_findings:82-125

FAQ