Account Reviews

Introduction

Now that you have a functional feed and set up the accounts for the reviewers of your system, we can create one or more account reviews for that target system.

Review Types

Remember that for every target system (the application to which you want to review accounts) you will need at least one account review, but you could combine multiple as well.

For example, you could for AWS Accounts review:

• Every two days account changes using a Differential type of review
• Every day Exit reviews

The setup above would require two feeds: List of Accounts, List of Employees and two Account Reviews (one for each type). 

Creating Account Review

To create an Account Review go to Security Operations / Accounts Reviews / Add and complete the form, pay particular attention to the following fields:

• Assets: you can create an Asset in eramba at Asset Management / Asset Identification and link it to your Account Reviews. This is purely informative.
• Frequency: how often you want the review to happen, 1 means every day, 2 every second day, Etc.
• Owner: will be someone on the GRC team that has an interest in this review taking place
• Reviewer: will be someone that knows what accounts should be on the target system and can vet them.
• Feed: select the source feed, this will change based on the type of review you are creating. Your feeds should have been already created (previous episodes) and tested.

Status

Your newly created Account Reviews will show the "Stop" status, this means there won't be any Pull actions on them until they are "Started". After you "Start" your Account Review you need to wait until the "Frequency" timeline is met (minimum of one night for daily account reviews).

Note: If you choose a "Differential" type of review, the first run will require a full account review (as there is nothing previous to compare to). Subsequent reviews will only show differences.