Summary: Privileged access monitors are a great way to view a snapshot of privileged access to your tools. Use these to better understand your security posture and save potentially dozens of hours in internal and external audits every year. These can also provide valuable input into your regular access reviews.
A privileged access monitor looks similar to other monitors but calls out surfacing privileged users or accounts in the title.
Usage: Similar to other evidence collection monitors all results meeting the criteria are shown. Sometimes we will build a second monitor so that one can drill down into custom roles to better understand permissions granted by them. Otherwise, built-in roles are listed and linked to public facing tool documentation.
Exceptions: Unlike other evidence collection monitors, exclusions with justifications are allowed. Auto-exclusion for Azure (and AWS and GCP) is also supported.
Logic: Privileged access monitors surface up any active users and logins with access to write or perform configuration changes to any tool. This differs for each tool greatly.
