Identity Security Insights 25.10

We’ve replaced the previous default dashboard with a redesigned experience that’s faster to act on and richer in context.

The new dashboard brings together 20 tiles that unify attack‑path analysis, identity graph insights, and risk signals in one place. Each tile is interactive – click any segment or bar to drill into filtered lists, detailed reports, or related pages.

Use this dashboard to:

• Visualize escalation risk with True Privilege and Paths to Privilege (including cross‑domain pivots) to see how access can be reached or abused.
• Survey your identity and access surface across human and non‑human accounts, AI agents, secrets, and entitlements, with connector health baked in.
• Prioritize unresolved risk with findings grouped by severity and aligned to MITRE ATT&CK® for clearer triage and reporting.
• Track detections and recommendations using month‑to‑date, severity, and all‑time views to focus work where it matters.
• Focus on a provider to route remediation to the right team, and reduce exposure by cleaning up dormant accounts and inactive entitlements.

📘

For more information, see Home and dashboards.

Insights is now available in a FedRAMP‑authorized environment running in AWS GovCloud (US). This deployment implements FedRAMP Moderate controls and provides a secure option for U.S. government customers.

What to select under Configured cloud environment:

• Azure: choose Commercial, DoD, GCC, or GCC High when you add the connector.
• Google: choose Commercial, FedRAMP Moderate, or FedRAMP High during setup.
• AWS: differs by edition – Commercial uses AWS Commercial; FedRAMP uses AWS GovCloud (US) only.

All other existing Insights connectors remain available and work in the FedRAMP deployment.

❗️

Commercial Insights can technically connect to Azure and GCP government environments, but doing so may create data‑residency issues and break compliance.

The FedRAMP deployment enforces strict boundary controls: all data is processed and stored inside AWS GovCloud (US) with no data flows between Commercial and GovCloud environments.

ℹ️

For more information, see Google Cloud platform and Microsoft Azure.

The Identities, Accounts, and Entitlements pages have a new layout with interactive side panels and shared Controls for faster triage and investigation.

Each page highlights key metrics and charts so you can quickly spot trends like risky identities, privilege levels, or escalation paths without navigating away.

What’s changed in these pages

• Get the complete picture: Scan the tiles for quick context, use the grid to explore, and click a row to open the side panel for full details
• Better filtering: Use the filter dropdown to quickly apply filters and create your own advanced, custom filters
• New Controls: Name, Privilege, Provider, and more – to speed up triage and surface relevant results fast
• Customize your view: Add bookmarks to save your most-used filters and adjust page size
• Share Insights data: Export to Excel or CSV from the grid menu, or Print or Generate a PDF from Controls

📘

For more information, see Identities, Accounts, Entitlements.

We’ve updated the AWS CloudFormation template to support CloudTrail retrieval from specific AWS accounts within your organization. Previously, CloudTrail data was collected only from the main Organization trail. Now, the EnableCloudTrail field includes an option to use existing CloudTrails across multiple accounts, with a new input field to specify the account numbers.

Not all organizations use a centralized Organization trail. This update supports setups where teams rely on account-level CloudTrails tailored to their specific needs, offering more flexibility and easier integration with existing logging configurations.

📘

For more information, see AWS Connector.

• Darker Dark Mode: Richer tones for a sleek, contemporary feel.
• Enhanced Light Mode: Brighter, cleaner visuals for improved clarity.
• Refined Elements: Updated accents and UI components for a cohesive, polished interface.