Custom Remediation

Security teams often have custom priorities as they order systems and groups to reach least privilege. Using custom remediation, you can define strategies to clean up access to sensitive resources, using flexible filters and bulk access updates. This builds on the least privilege cleanup suggestions Opal already provides.

Requirements

To use custom remediation, you must be an Opal Admin.

Filter groups and resources to remediate

Go to the Risk Center, then select the Custom Remediation button to the right of Top Suggested Remediations.

On the Custom Remediation page, you can filter by entity to enable the multi-selection of groups or resources, and filter by entity type to display specific group or resource types.

After you apply filters, the results populate a table with information about the relationship between the Principal—the user or group that has access to the entity—and the entity it can access. From this table, you can apply additional filters for the principal name, type of principal, and what risks Opal has identified for the access grant.

The table also shows:

• When the entity was last used
• The level of privileges
• When the grant expires
• Any additional access paths between this principal and entity
• Whether the access grant has risk associated with it (unused, permanent, outside access)

This information can be used to decide whether to remediate the access grant.

Apply remediation actions

If the access needs to be cleaned up, the access can be revoked altogether or converted to a time-bound grant that automatically expires at a later date.

Once the remediation action is taken, the Action column of the affected principals changes to reflect that the remediation has been executed.

From here, you can continue your journey to reaching least privilege by setting new filters or go back to the Risk Center to remediate Opal suggestions.