Explorer module
The Explorer is the escape hatch for advanced users. When the rule library does not cover a question you have, the Explorer lets you ask the graph directly.
What it gives you
A library of pre-defined investigations grouped by intent:
- Exposure: show me all public-facing resources, what can the Internet reach in a given region.
- Privilege: all identities with admin, all roles with broad access.
- Data leak chains: any path from the Internet to a database with sensitive data.
- Drift: resources that exist in the cloud but not in your IaC repo.
- Inventory: all VMs by region, biggest databases, dormant resources.
Pick a template, set a few parameters, run.
Result views
| View | When to use |
|---|---|
| Graph | Path investigations, attack-chain stories |
| Table | Bulk listing with sorting and CSV export |
| Scorecard | Aggregated counts you want as a dashboard tile |
Saved investigations
Save a run for re-use. Saved investigations show in the templates list for everyone in the project, and carry their parameters (severity, region, cluster, ...).
Tips
- Start from a template, then refine. Most ad-hoc questions are close to one of the built-ins.
- Use the table view first to confirm the results match your expectation, then switch to the graph view for visual context.