[Webinar] What Insider Threats Actually Look Like - A Lesson From the Rippling Lawsuit 

[WATCH NOW]

Announcing Permiso Discover - A free identity inventory & visibility for human, non-human and AI

[Join the Waitlist]

Our Integrations

Covering More of the Cloud's Attack Surface

Modern threat actors are compromising identity providers, and moving across environments through cloud service providers, SaaS apps, and CI/CD pipelines. Permiso's library of integrations tracks activity across cloud environments. 

 

 

Integration Vendor
Layer
Category
okta-detections

Okta

Monitor when multiple MFA verifications were denied, factors were reset or deactivated, as well as Okta detections such as threat suspected, suspicious sessions, high risk session API tokens created and more

Ping Identity

Ping Identity

Detect bucket versioning being disabled, MFADelete disabled, Workmail Mailbox Exported Public, Public access and more.

google-cloud-icon

Google

Google Cloud Platform

Detect suspicious activity in Google Cloud Platform such as Compute, Storage, App Engine, Secrets Manager, Logging, Network, SSO and IAM.

aws-s3-detections

AWS

S3

Detect bucket versioning being disabled, MFADelete disabled, Workmail Mailbox Exported Public, Public access and more.

ec2-detection

AWS

S3

Detect bucket versioning being disabled, MFADelete disabled, Workmail Mailbox Exported Public, Public access and more.

aws-iam-detections-1

AWS

IAM

Monitor Root passwords or email changes, activity of potentially compromised secrets, mass mailer scripts, roles that allow for external access and more.

aws-config-detections-1

AWS

Config

Monitor if Amazon Config has been disabled in any of your environments, a common tactic by threat actors.

aws-ECS-detections

AWS

ECS

Detects when an Elastic Container Service (ECS) Task Definition has been modified and run.

aws-Cloudwatch-detections

AWS

Cloudwatch

Detect when a CloudWatch alarm has been deleted, this may be an attempt to evade detection.

aws-api-gateway-detections

AWS

APIGateway

Detect when an AWS API Gateway key was created. These keys grant access to an API, often for development purposes.

amazon-workmail

AWS

Workmail

Detect when a workmail mailbox has been exported, exported public or if a suspicious user has been created.

amazon-ssm-detections

AWS

SSM

Detect SSM remote code execution and suspected malicious script execution.

amazon-guardduty-detections

AWS

GuardDuty

Monitor when IPSet Lists have changed, threat lists of changed or status has been altered.

amazon-rds-detections

AWS

RDS

Monitor RDS Snapshot sharing with vendors, given or restored public access, as well as deletion protection disabled and master password resets.

amazon-cloudtrail-detections

AWS

Cloudtrail

Get notified when CloudTrail logging has been stopped or deleted, a common tactic employed by threat actors.

amazon-route53-detections

AWS

Route53

Monitor Route53 domain transfer activity as well as those created with public zone selected.

amazon-codebuild-detections

AWS

CodeBuild

Detect any AWS CodeBuild projects that have been made public.

amazon-resources-access-manager-detections

AWS

Resource Access Manager (RAM)

Learn when AWS Resource Access Manager (RAM) settings were modified

amazon-ses-detections

AWS

SES

SES Access key activity such as enable sending, request production status, list identities verified, verify sending status, key abuse, key list identities and more.

amazon-ebs-detections

AWS

Elastic Block Storage (EBS)

Monitor when Amazon Elastic Block Store (EBS) encryption has been disabled for a particular region.

amazon-sts-detections

AWS

STS

Learn when federation tokens are created that have overly permissive policies that allows all actions.

aws-secrets-manager-detections-3

AWS

Secrets Manager

Detect when an identity has successfully retrieved a key from AWS Secrets Manager via the GetSecretValue action.

azure-cloud-detections-logo

Microsoft

Azure Compute

Learn when an azure virtual machine (VM) has had commands executed against it, which may execute as System.

storage-blob

Microsoft

Azure Blob Storage

Detect when Azure blob storage has had permissions modified that could lead to data exposure.

azure-key-vault

Microsoft

Azure Key Vault

Monitor when an Azure Key Vault was either created or updated in order to secure certificates, connection strings, encryption keys and passwords.

microsoft-azure-automation-detections

Microsoft

Azure Automation

Discover when Automation Runbooks have been created or deleted, webhooks have been created or code has changed, as well as when accounts were created or deleted.

microsoft-defender

Microsoft

Defender

Know when an Azure Defender for Cloud alert has been suppressed, a common tactic by threat actors.

azure-network-detections

Microsoft

Azure Network

Monitor when Azure Network watchers are created, updated or deleted, packet capture was created or updated or network taps are created or updated.

azure-backup-vault-detections

Microsoft

Azure Backup Vault

Learn when Azure Backup Vaults are created or disabled, signs of ransomware or similar attacks.

azure-rbac-detections-1

Microsoft

Azure Role-based Access Control

Learn when Azure Backup Vaults are created or disabled, signs of ransomware or similar attacks.

microsoft-entra-id-detections

Microsoft

Entra ID

Learn when service principle creates certificates or secrets, PIM identity denied role as well as when alerts are fired or disabled, as well as tenants or resources offboarded. Monitor when general admin or high risk admin, privileged admin, medium risk admin and global admin role memberships are added.

microsoft-entra-id-detections

Microsoft

Entra ID IAM

Learn when password reset verification is blocked, registered app certificates created as well as suspicious MFA activity such as factor deletion or rotation by both user and Admins.

google workspace logo

Google

Applications

Detect suspicious gmail activity such as deep scan disabled, routing rules modified or delayed delivery disabled, in addition to password reuse enabled or strong enforcement disabled.

google workspace logo

Google

IAM

Monitor when accounts are disabled, passwords have leaked, MFA disabled, admin role assignment and suspicious login behavior.

google workspace logo

Google

Account

Learn when domains have been added or removed to the trusted list for the account.

google workspace logo

Google

Drive

Detect when an identity has performed a mass deletion or download of files and folders.

microsoft-exchange-detections-1

Microsoft

Exchange

Detect transport rules and inbox rules that redirect or forward to external domains, when identities give full access to another mailbox or forwarded to an external domain.

microsoft-sharepoint-detections

Microsoft

Sharepoint

Detect when an identity has performed a mass deletion or download of files and folders, as well as malware detections via Microsoft 365 virus detection.

microsoft-onedrive-detections

Microsoft

OneDrive

Detect when an identity has performed a mass deletion or download of files and folders, as well as malware detections via Microsoft 365 virus detection.

github-detections-1

Github

Monitor when Github repositories have been transferred outside the organization or updated to public.

jira-detections

Atlassian

Jira

Monitor when a Jira Service has been deleted, mail queue flushed, monitor JMX disabled, global permissions added and more.

atlassian logo

Atlassian

Confluence

Detection for your company's wiki when support Zip is created or downloaded, data is exported, or global settings are edited.

one-password

1Password

Threat detection for 1Password's password management system.

github-detections-1-1

Snowflake

Detect anomalous access, compromised credentials and malicious data access, credential leakage in Snowflake.

Slack icon

Slack

Detect when EKM keys are added, user anomaly exfiltration, reconnaissance and other suspicious behavior in a slack instance.

Salesforce Icon

Salesforce

CRM

Detect anomalous access and activity into your salesforce account, exporting of data and more

Terraform

Terraform

Hashicorp

Inventory all of your users in Terraform, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

Zoom

Zoom

Inventory all of your users in Zoom monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

Notion

Notion

Inventory all of your users in Notion, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

miro-detections

Miro

Inventory all of your users in Miro, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

gitlab-detections

Gitlab

Gitlab Cloud

Inventory all of your users in Gitlab Cloud, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

postman-detections

Postman

Inventory all of your users in Postman, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

open-ai-detections

Open AI

Inventory all of your users in Open AI, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

vanta-detections

Vanta

Inventory all of your users in Vanta, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

grafana-labs-detections

Grafana Labs

Inventory all of your users in Grafana Labs, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

frontegg-detections

FrontEgg

Inventory all of your users in FrontEgg, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

Anthropic-detections

Anthropic

Inventory all of your users in Anthropic, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

docusign-detections

Docusign

Inventory all of your users in Docusign, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

semgrep-detections

Semgrep

Inventory all of your users in Semgrep, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

calendly-detections

Calendly

Inventory all of your users in Calendly, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

sentry-detections

Sentry

Inventory all of your users in Sentry, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

bitbucket-detections

Atlassian

BitBucket

Inventory all of your users in BitBucket, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

tableau-detections

Tableau

Inventory all of your users in Tableau, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

deel-logo

Deel

Inventory all of your users in Deel, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

trello-logo

Trello

Inventory all of your users in Trello monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

dropbox-detections

Dropbox

Inventory all of your users in Dropbox, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

hubspot detections

Hubspot

Inventory all of your users in Hubspot, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

duo-security-detections

Duo Security

Inventory all of your users in Duo Security, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

smartsheet-logo

Smartsheet

Inventory all of your users in Smartsheet, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

zoho-crm-detections

Zoho

Inventory all of your users in Zoho CRM, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

zendesk-detections

Zendesk

Inventory all of your users in Zendesk, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

xero-detections

Xero

Inventory all of your users in Xero, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

apollo detections

Apollo io

Inventory all of your users in Apollo, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

asana detections

Asana

Inventory all of your users in Asana, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

automox detections

Automox

Inventory all of your users in Automox, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

bamboo hr detections

BambooHR

Inventory all of your users in BambooHR, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

cisco meraki detections

Cisco Meraki

Inventory all of your users in Cisco Meraki, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

cloudflare detections

Cloudflare

Inventory all of your users in Cloudflare, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

databricks detections

Databricks

Inventory all of your users in Databricks, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

dynatrace detections

Dynatrace

Inventory all of your users in Dynatrace, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

jfrog artifactory

JFrog

Artifactory

Inventory all of your users in JFrog Artifactory, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

mailchimp detections

Mailchimp

Inventory all of your users in Mailchimp, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

monday detections

Monday

Inventory all of your users in Monday, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

servicenow detections

ServiceNow

Inventory all of your users in ServiceNow, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

webex detections

Webex

Inventory all of your users in Webex, monitor their posture and corresponding risk to help reduce the attack surface and maintain least privilege.

illustration-easter-egg-donut
cloud
bricks

Hear Ye, Hear Ye

Subscribe to Cloud Chronicles for the latest in cloud security!