pcsup-updates (#979)

* pcsup-fixes

* graph view components

* table fixes

* tweak

* tweak 2

* IZ feedback

* tweak

* tweak 2

* tweak 3

docs/en/enterprise-edition/content-collections/administration/configure-iam-security/investigate-iam-incidents-on-prisma-cloud.adoc

@@ -56,4 +56,107 @@ To analyze your permissions offline, download the permissions details in a CSV f
 
 . *Save* your query.
 +
-You can choose to save the searches that you have created for investigating incidents in *My Saved Searches* and use the queries to create a custom policy.
+You can choose to save the searches that you have created for investigating incidents in *My Saved Searches* and use the queries to create a custom policy.
+
+=== Graph View Components
+
+Graph View includes three columns—Sources, Granters, and Destination as shown in the image below.
+
+image::administration/iam-graph-view.png[]
+
+Each column includes a container that nests the services or entities that belong to the specific container. You can drill down a logical container to see the list of identities included within. Containers are comprised of the following categories:
+
+* *Sources*—Groups the Service Type logical containers.
++
+The following table lists the standard service types for each Cloud Service Provider. The list is dynamic and varies according to the data available and ingested for your environment.
+
+
+[cols="30%a,70%a"]
+|===
+|*CSP*
+|*Service Types*
+
+
+|*AWS*
+|Lambda +
+ECS +
+Elasticbeanstalk +
+IAM - includes AWS users +
+STS +
+EC2 +
+Azure AD (IDP) +
+Okta (IDP) 
+
+
+|*Azure*
+|Azure Active Directory - Azure users (also includes Okta) +
+
+tt:[NOTE:] The Okta service replicates Okta users into Azure AD, as a resultyou cannot view Okta users separately on Prisma Cloud IAM Security. +
+
+Microsoft.Compute +
+Microsoft.ApiManagement +
+Microsoft.Web +
+Microsoft.Logic +
+
+
+|*GCP*
+|Compute +
+Workspace - GCP users +
+
+tt:[NOTE:] Okta and Azure AD are integrated into Google Workspace, as a result you cannot view those users separately on Prisma Cloud IAM Security. +
+
+App Engine +
+BigQuery +
+Cloud BigQuery +
+Cloud Function +
+Cloud SQL +
+Pub/Sub +
+Cloud Spanner +
+Secret Manager
+
+|===
+
+
+* *Granters*—Groups the Entity Type logical containers.
++
+The following table lists the standard entity types for each cloud service provider. The list is dynamic and varies according to the data available and ingested for your environment.
+
+
+[cols="35%a,65%a"]
+|===
+|*CSP*
+|*Entity Types*
+
+
+|*AWS*
+|Role +
+Group +
+Direct— User +
+Resource—Resource-based permissions (granted by resource-based policies) +
+
+
+|*Azure*
+|Direct— User +
+User Assigned +
+System Assigned +
+Group
+
+
+|*GCP*
+|Direct— User +
+Service Account +
+Group
+
+|===
+
+
+* *Destination*—Groups the Service Type logical containers. Similar to the source, the list of destinations vary based on your environment.
+
+[NOTE]
+====
+Graph View includes the following limitations:
+
+* The RQL attribute *action.lastaccess.days*.
+* The Destinations column is limited to 300 entries. If your query returns more than 300 results for the Destination, filter your results to 300.
+* Queries time out after 1 minute.
+====

docs/en/enterprise-edition/content-collections/search-and-investigate/permissions-queries/permissions-query-attributes.adoc

@@ -81,14 +81,14 @@ config from iam where grantedby.cloud.policy.condition ('aws:sourceIP', 'IpAddre
 
 * *source.cloud.service.name*
 +
-Queries permissions of a specific cloud service such as: IAM, S3, EC2, userinput:[Microsoft.Compute] , or userinput:[Microsoft.Storage] .
+Queries permissions of a specific cloud service such as: IAM, S3, EC2, `Microsoft.Compute`, or `Microsoft.Storage`.
 +
 The following example lists all EC2 permissions in your AWS cloud accounts:
 +
 ----
 config from iam where source.cloud.service.name = 'EC2'
 ----
-The following example lists all userinput:[Microsoft.Compute] permissions in your Azure cloud accounts:
+The following example lists all `Microsoft.Compute` permissions in your Azure cloud accounts:
 +
 ----
 config from iam where source.cloud.service.name = 'Microsoft.Compute'
@@ -238,7 +238,7 @@ config from iam where source.MFAenabled = true
 
 * *source.public*
 +
-Queries all S3 buckets that are publicly accessible. All GCP public resources–with `allUsersuserinput` and/or `allAuthenticatedUsers` Principals.
+Queries all S3 buckets that are publicly accessible. All GCP public resources with `allUsersuserinput` and/or `allAuthenticatedUsers` Principals. This attribute is supported for AWS and GCP only. 
 +
 ----
 config from iam where source.public = true AND dest.cloud.service.name = 'S3' AND dest.cloud.resource.type = 'bucket'