Visibility and investigation built on your real AWS topology and CloudTrail history — no agents to install, read-only access, evidence behind every finding.
Security Advisor
A read-only posture view across your connected AWS account — exposure, identity, and encryption findings in one place, each tied to the real resource it came from.
Internet-exposure analysis
See exactly which resources are reachable from an Internet Gateway, traced through your relationship graph — not guessed from a config flag.
IAM trust & admin paths
Surface cross-account trust relationships and admin-capable identities from your account’s configuration — so you can see who can reach what.
Encryption & key hygiene
KMS coverage at a glance: unused keys, and resources with no encryption relationship in the graph — the gaps that usually go unnoticed.
Activity queries (CloudTrail)
Search 90 days of management-event history — who changed what, and when. Filter by resource, user, service, or source IP. Read-only audit, no setup.
Evidence-backed investigations
One-click presets — internet-exposed, cross-account trust, public databases, unused keys, stale resources — each result showing the evidence behind it.