Entity Risk Scores

{
  "data": [
    {
      "attributes": {
        "configRisks": {
          "hasIdentityRisk": false,
          "hasMisconfiguration": true,
          "hasPrivilegedRole": true,
          "isPrivileged": false,
          "isProduction": true,
          "isPubliclyAccessible": true
        },
        "entityID": "arn:aws:iam::123456789012:user/john.doe",
        "entityMetadata": {
          "accountID": "123456789012",
          "environments": [
            "production",
            "us-east-1"
          ],
          "mitreTactics": [
            "Credential Access",
            "Privilege Escalation"
          ],
          "mitreTechniques": [
            "T1078",
            "T1098"
          ],
          "projectID": "my-gcp-project",
          "services": [
            "api-gateway",
            "lambda"
          ],
          "sources": [
            "cloudtrail",
            "cloud-security-posture-management"
          ],
          "subscriptionID": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
        },
        "entityName": "john.doe",
        "entityProviders": [
          "aws"
        ],
        "entityRoles": [
          "Admin",
          "Developer"
        ],
        "entityType": "aws_iam_user",
        "firstDetected": 1704067200000,
        "lastActivityTitle": "Suspicious API call detected",
        "lastDetected": 1705276800000,
        "riskScore": 85.5,
        "riskScoreEvolution": 12.3,
        "severity": "critical",
        "signalsDetected": 15
      },
      "id": "arn:aws:iam::123456789012:user/john.doe",
      "type": "security_entity_risk_score"
    }
  ],
  "meta": {
    "pageNumber": 1,
    "pageSize": 10,
    "queryId": "abc123def456",
    "totalRowCount": 150
  }
}