diff --git a/docs/pages/admin-guides/access-controls/access-monitoring.mdx b/docs/pages/admin-guides/access-controls/access-monitoring.mdx index b2375add9a345..55f3317176e9a 100644 --- a/docs/pages/admin-guides/access-controls/access-monitoring.mdx +++ b/docs/pages/admin-guides/access-controls/access-monitoring.mdx @@ -23,7 +23,7 @@ Users are able to write their own custom access monitoring queries by querying t ## Prerequisites - Teleport v14 or later. -- For self-hosted Teleport the [AWS Athena Backend](../../reference/backends.mdx) is required. +- For self-hosted Teleport the [Amazon Athena Backend](../../reference/backends.mdx) is required. ### Configuration @@ -281,7 +281,8 @@ FROM WHERE identity_user = 'admin-annie' ``` -- Show access requests and their reviews: +- Show Access Requests and their reviews: + ```sql SELECT * @@ -291,7 +292,8 @@ WHERE access_request_create.id = access_request_review.id ``` -- Show details about access request and review: +- Show details about an Access Request and its reviews: + ```sql SELECT request.user, request.reason, request.roles, request.resource_ids, review.reviewer, review.state @@ -324,7 +326,7 @@ The report allows to identify the following weak security events: ### Database sessions with weak security The following query identifies database sessions with weak security -such as as sessions with missing access requests, MFA, impersonation, and trusted device identification. +such as as sessions with missing Access Requests, MFA, impersonation, and trusted device identification. ```sql SELECT @@ -351,12 +353,12 @@ ORDER BY ![privileged access report](../../../img/access-monitoring/privileged_access_report.png) -**Suggestion:** Set up access requests, device trust and per-session MFA. +**Suggestion:** Set up Access Requests, Device Trust and per-session MFA. ### SSH sessions with weak security The following query identifies SSH sessions with weak security, -such as as sessions with missing access requests, MFA, impersonation, and trusted device identification. +such as as sessions with missing Access Requests, MFA, impersonation, and trusted device identification. ```sql SELECT @@ -383,12 +385,12 @@ ORDER BY event_date ``` -**Suggestion:** Set up access requests, device trust and per-session MFA. +**Suggestion:** Set up Access Requests, Device Trust and per-session MFA. ### Kubernetes API calls with weak security The following query identifies Kubernetes sessions with weak security, -such as sessions with missing access requests, MFA, impersonation, and trusted device identification. +such as sessions with missing Access Requests, MFA, impersonation, and trusted device identification. ```sql SELECT @@ -412,7 +414,7 @@ ORDER BY event_date ``` -**Suggestion:** Set up access requests, device trust and per-session MFA. +**Suggestion:** Set up Access Requests, Device Trust and per-session MFA. ### Privileged Postgres sessions