Rubrik Retrieve User Access Information - Rubrik Polaris

This playbook retrieves User Intelligence information for the provided username or email, which includes the user's risk level and the types of analyzer hits.

Rubrik Security Cloud · 16 tasks · 4 inputs · 31 outputs

Inputs

  • user_name — The name of the user to search for.
  • user_email — The email or the UPN of the user to search for.
  • search_time_period — Specify the search time period to look for user access.
  • risk_levels — The comma-separated list of risk levels. Supported values are: UNKNOWN_RISK, HIGH_RISK, MEDIUM_RISK, LOW_RISK, NO_RISK. Note: For any other values, whether the obtained result is filtered or not, is not confirmed.

Outputs

  • RubrikPolaris.UserAccess.principalId — The ID of the user.
  • RubrikPolaris.UserAccess.fullName — The full name of the user.
  • RubrikPolaris.UserAccess.upn — The user principal name.
  • RubrikPolaris.UserAccess.riskLevel — The risk level of the user.
  • RubrikPolaris.UserAccess.sensitiveFiles.highRiskFileCount.totalCount — The total number of high-risk files.
  • RubrikPolaris.UserAccess.sensitiveFiles.highRiskFileCount.violatedCount — The number of high-risk files that violate policies.
  • RubrikPolaris.UserAccess.sensitiveFiles.highRiskFileCount.__typename — The high-risk file count field type.
  • RubrikPolaris.UserAccess.sensitiveFiles.mediumRiskFileCount.totalCount — Total number of medium-risk files.
  • RubrikPolaris.UserAccess.sensitiveFiles.mediumRiskFileCount.violatedCount — The number of medium-risk files that violate policies.
  • RubrikPolaris.UserAccess.sensitiveFiles.mediumRiskFileCount.__typename — The type of the medium risk file count field.
  • RubrikPolaris.UserAccess.sensitiveFiles.lowRiskFileCount.totalCount — The total number of low-risk files.
  • RubrikPolaris.UserAccess.sensitiveFiles.lowRiskFileCount.violatedCount — The number of low-risk files that violate policies.
  • RubrikPolaris.UserAccess.sensitiveFiles.lowRiskFileCount.__typename — The type of the low-risk file count field.
  • RubrikPolaris.UserAccess.sensitiveFiles.__typename — The type of the sensitive files field.
  • RubrikPolaris.UserAccess.totalSensitiveHits.totalHits — The total number of sensitive hits.
  • RubrikPolaris.UserAccess.totalSensitiveHits.violatedHits — The number of sensitive hits that violate policies.
  • RubrikPolaris.UserAccess.totalSensitiveHits.__typename — The type of the total sensitive hits field.
  • RubrikPolaris.UserAccess.sensitiveObjectCount.totalCount — The total number of sensitive objects.
  • RubrikPolaris.UserAccess.sensitiveObjectCount.violatedCount — The Number of sensitive objects that violate policies.
  • RubrikPolaris.UserAccess.sensitiveObjectCount.__typename — The type of the sensitive object count field.
  • RubrikPolaris.UserAccess.numDescendants — The number of descendant users associated with this user.
  • RubrikPolaris.UserAccess.domainName — The domain name associated with this user.
  • RubrikPolaris.UserAccess.__typename — The type of the User Access field.
  • RubrikPolaris.PageToken.UserAccess.name — Name of the command.
  • RubrikPolaris.PageToken.UserAccess.startCursor — The start cursor for the current page.
  • RubrikPolaris.PageToken.UserAccess.endCursor — The end cursor for the current page.
  • RubrikPolaris.PageToken.UserAccess.hasNextPage — Whether the result has the next page or not.
  • RubrikPolaris.PageToken.UserAccess.hasPreviousPage — Whether the result has the previous page or not.
  • RubrikPolaris.PageToken.UserAccess.next_upn_page_number — The next UPN page number.
  • RubrikPolaris.PageToken.UserAccess.has_next_upn_page — Whether the result has the next UPN page or not.
  • user_risk_levels — List of user risk levels retrieved by the command.

Commands used

rubrik-sonar-user-access-list

Flowchart

yes yes yes yes Start Start Done Done Is Rubrik Polaris integration enabled? Is Rubrik Polaris integra... Retrieve user access information from RSC using the playbook input and the next UPN page number. - rubrik-sonar-user-access-list Retrieve user access info... rubrik-sonar-user-access-list Retrieve user access information from RSC using the playbook input and the next page token. - rubrik-sonar-user-access-list Retrieve user access info... rubrik-sonar-user-access-list Check if the next UPN page is available or not. Check if the next UPN pag... Set the end cursor for the next set of pages. - SetAndHandleEmpty Set the end cursor for th... SetAndHandleEmpty Delete context for the previous page token information for the sub-playbook. - DeleteContext Delete context for the pr... DeleteContext Check if the next iteration is not required. Check if the next iterati... Delete context for the specified keys. - DeleteContext Delete context for the sp... DeleteContext Set the final user risk levels. - SetAndHandleEmpty Set the final user risk l... SetAndHandleEmpty Delete the sub-playbook user risk levels. - DeleteContext Delete the sub-playbook u... DeleteContext Delete context for the previous page token information. - DeleteContext Delete context for the pr... DeleteContext Check if the final user risk level is set. Check if the final user r... Delete the previous user risk levels. - DeleteContext Delete the previous user ... DeleteContext Set the delete keys. - SetAndHandleEmpty Set the delete keys. SetAndHandleEmpty