SPM has been refreshed with several enhancements to help SOC teams more easily triage events for review, understand the significance of changes, and coordinate their response.
Portal users now have a way to enforce least privileged access to users and apps without disrupting business processes by auditing their current environment for unused applications that are still integrated with sensitive permissions or user accounts.
To accomplish this, the directory view can be filtered across the following key columns:
Risk Level
Actor
Event Type (added, changed, deleted)
Posture Category
Acknowledged
Additionally, SPM event details now show an explanation for why a change is deemed High Risk, along with suggested next steps for remediation. Portal users who are responding to an SPM notification can:
Pivot directly to the new event.
Quickly understand why Abnormal detected this anomalous or risky change.
Act on Abnormal’s recommended next steps.