Results from previous run

[jingkainos]

Describe the bug

I have run PMapper a few months ago and it had some findings. When I ran it recently for the same account, it picked up previously reported user privilege escalation issues(those users have since been removed).

[ncc-erik-steringer]

Hi there!

PMapper does not continuously monitor the account out-of-the-box. You'll want to create a new graph (pmapper graph create) which should update what PMapper knows about the users/roles in your account.

[jingkainos]

Thanks for your response @ncc-erik-steringer. Sorry I wasn't clear with the question. I have run PMapper just now with "pmapper --profile test analysis" but it's showing privilege escalation issues for users that have been previously removed. So I just wanted to check if this is a bug?

[ncc-erik-steringer]

Hi @jingkainos ,

This is not a bug. The way PMapper works is that it takes a "snapshot" of the AWS account you graphed. If you have updated that account's IAM Users/Roles/Groups/Policies between when you created the graph and when you ran the analysis, then you'll encounter this sort of behavior.

You'll need to create the graph again (pmapper --profile test graph create) and then re-run the analysis command. It should no longer report issues for users that have been removed.

[jingkainos]

thanks @ncc-erik-steringer, that makes sense. I have rerun "pmapper --profile test graph create" but got SSL Error. botocore.exceptions.SSLError: SSL validation failed for https://cloudformation.ap-east-1.amazonaws.com/ [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1076) I do have Zscaler running, so wonder if that's the problem?

[ncc-erik-steringer]

If Zscaler prevents you from calling the AWS API like normal (such as via CLI or SDK) then it would do the same to PMapper. I don't know enough details to help you with that unfortunately.

[jingkainos]

No prob, thanks for your help @ncc-erik-steringer!