Abstract: Detection of unknown applications is disclosed, including: detecting an event associated with accessing an application; determining target information associated with the event; and identifying the application from the target information.

Abstract: Dynamic evaluation of data store access store permissions is disclosed: obtaining a set of record identifiers (IDs) associated with a selected data store associated with an external system; determining record-level access permissions associated with a user for records in the selected data store associated with the set of record IDs; inferring one or more data store-level access permissions associated with the user for the selected data store based at least in part on the record-level access permissions associated with the user for the records in the selected data store; and presenting the inferred one or more data store-level access permissions associated with the user at a user interface.

Abstract: Normalizing external application data is disclosed, including: receiving external application data associated with an external application; determining normalized metadata based at least in part on inferring from the external application data; and using the normalized metadata to monitor activities at the external application.

Abstract: Normalizing external application data is disclosed, including: receiving external application data associated with an external application; determining normalized metadata based at least in part on inferring from the external application data; and using the normalized metadata to monitor activities at the external application.

Abstract: Classification management is disclosed, including: obtaining, via a user interface, mappings of stored elements to a plurality of classifications, wherein the mappings include prescribed security attributes corresponding to the plurality of classifications; obtaining, via the user interface, a policy that includes identifying information associated with a set of actors and a specified at least portion of the plurality of classifications; comparing a set of configured security attributes associated with the set of actors to at least a portion of the prescribed security attributes corresponding to the specified at least portion of the plurality of classifications; and outputting information pertaining to a set of discrepancies determined based at least in part on the comparison.

Abstract: Remediation of detected configuration violations is disclosed, including: detecting a violation associated with a configuration at a data source server; providing a remediation corresponding to the violation; and storing an audit log that includes one or more events associated with the remediation corresponding to the violation.

Abstract: Classification management is disclosed, including: obtaining, via a user interface, mappings of stored elements to a plurality of classifications, wherein the mappings include prescribed security attributes corresponding to the plurality of classifications; obtaining, via the user interface, a policy that includes identifying information associated with a set of actors and a specified at least portion of the plurality of classifications; comparing a set of configured security attributes associated with the set of actors to at least a portion of the prescribed security attributes corresponding to the specified at least portion of the plurality of classifications; and outputting information pertaining to a set of discrepancies determined based at least in part on the comparison.

Abstract: A computer system analyzes the state of a computer system to determine whether that state violates one or more security goals from a particular perspective, such as a particular user account or role. The system takes into account a combination of access rights, permissions, and entitlements to determine whether the state of the computer system violates any of the security goals. In response to determining that at least one of the security goals is violated, the computer system may change the state of the computer system so that it no longer violates the security goals, or prevent the computer system from being put into that state.