📀 Unused User Application Check: New Workflows and Filter Logic

In December, we released a new check for detecting unused user applications and we’re glad to have received some great feedback. From a security and financial point of view, if a user has access to an application and has never used it there’s a good argument to remove the access (Reduce your costs and attack surface). In order to do so, it’s useful to be able to reach out to the manager of the user to confirm if they need access. With this release, you can now direct message the manager (or user) via Slack or Microsoft Teams.

You can already add specific applications to the ignore or include lists, but this release makes it even easier to select the relevant applications. While previously you had to type the name, we now import all applications names for you to select from.

🎫 Tickets Accessible in User Overview

We’re pretty proud of our User 360 pages, which bring together all the context you could possibly need for a user, including their recent activity, authentications, devices, networks, applications, and so on In this release, we’re making it easy for you to see any tickets related to that user, which will be displayed in the main Overview page. So, for those of you that use Jira or ServiceNow, you will be able to quickly see if open tickets exist when investigating a user.

🔧 Identify Google Workspace Service Accounts

A service account is a special type of Google account intended to represent a non-human user that needs to authenticate and be authorized to access data in Google APIs. Therefore, it would be unusual to see a service account logging in like a regular user. To make this clear, we now identify and label the service accounts we see from Google Workspaces. With this context, you can identify logins from service accounts.

Bug Fixes and Minor Improvements

• Telecom MFA Limit Reached: Added further context into the event related to these insights, with the ability to click into the activity and see the event in context.