Closed jingkainos closed 2 years ago
Hi there!
PMapper does not continuously monitor the account out-of-the-box. You'll want to create a new graph (pmapper graph create
) which should update what PMapper knows about the users/roles in your account.
Thanks for your response @ncc-erik-steringer. Sorry I wasn't clear with the question. I have run PMapper just now with "pmapper --profile test analysis" but it's showing privilege escalation issues for users that have been previously removed. So I just wanted to check if this is a bug?
Hi @jingkainos ,
This is not a bug. The way PMapper works is that it takes a "snapshot" of the AWS account you graphed. If you have updated that account's IAM Users/Roles/Groups/Policies between when you created the graph and when you ran the analysis, then you'll encounter this sort of behavior.
You'll need to create the graph again (pmapper --profile test graph create
) and then re-run the analysis command. It should no longer report issues for users that have been removed.
thanks @ncc-erik-steringer, that makes sense. I have rerun "pmapper --profile test graph create" but got SSL Error. botocore.exceptions.SSLError: SSL validation failed for https://cloudformation.ap-east-1.amazonaws.com/ [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1076) I do have Zscaler running, so wonder if that's the problem?
If Zscaler prevents you from calling the AWS API like normal (such as via CLI or SDK) then it would do the same to PMapper. I don't know enough details to help you with that unfortunately.
No prob, thanks for your help @ncc-erik-steringer!
Describe the bug
I have run PMapper a few months ago and it had some findings. When I ran it recently for the same account, it picked up previously reported user privilege escalation issues(those users have since been removed).