From eb502fcfc006cc6c8d43c301f1d7395cb6c3adb9 Mon Sep 17 00:00:00 2001 From: jenjoe22 Date: Fri, 13 Dec 2024 10:21:59 -0600 Subject: [PATCH] tweak --- .../permissions-queries/permissions-query-attributes.adoc | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/docs/en/enterprise-edition/content-collections/search-and-investigate/permissions-queries/permissions-query-attributes.adoc b/docs/en/enterprise-edition/content-collections/search-and-investigate/permissions-queries/permissions-query-attributes.adoc index 9069d439a..ea22a3662 100644 --- a/docs/en/enterprise-edition/content-collections/search-and-investigate/permissions-queries/permissions-query-attributes.adoc +++ b/docs/en/enterprise-edition/content-collections/search-and-investigate/permissions-queries/permissions-query-attributes.adoc @@ -36,7 +36,7 @@ This query retrieves all permissions granted to known vendors in the environment config from iam where source.cloud.account.isvendor = true ---- + -The following example retrieves all vendor accounts that do not start with Red. +The following sample query retrieves all vendor accounts that do not start with Red. + ---- config from iam where source.cloud.account DOES NOT START WITH 'Red' and source.cloud.account.isvendor = true @@ -282,10 +282,6 @@ config from iam where grantedby.cloud.policy.id = 'arn:aws:iam::aws:policy/Admin * *grantedby.cloud.policy.isExcessive* -* true - -* false - Identifies excessive access in IAM policies (AWS IAM Policies/Azure Roles/GCP Roles) when including “*” in the action or scope sections. * *grantedby.cloud.policy.name*