Explorer

KScope Explorer: Navigating the Security Graph with Clarity and Precision

KScope’s Explorer is a powerful, intuitive interface built on the KAORTEX knowledge graph, purpose-built for cybersecurity practitioners and product teams to perform rapid, contextual exploration and analysis of cloud-native security data. Whether you're navigating sprawling cloud infrastructures or tracing the blast radius of a security incident, Explorer provides a dynamic, graph-powered experience for uncovering and interpreting complex relationships across your environment.

Explorer enables users to query, visualize, and interact with interconnected entities—such as users, resources, policies, vulnerabilities, and network paths—using advanced filtering, semantic search, and multiple visualization formats. It transforms raw graph data into actionable security intelligence.

Operational Use Cases Enhanced by Explorer

🔍 Security Impact Analysis

When an incident occurs—such as the compromise of a user account or critical resource—Explorer becomes instrumental in mapping out the full scope of potential impact.

  • Compromised User Account: Using Explorer, a security analyst can trace all resource relationships linked to the compromised identity. For example, if a developer’s IAM role is compromised, Explorer can surface all EC2 instances, S3 buckets, RDS databases, and other critical assets the role can access—directly or transitively—across accounts and services. This enables precise blast radius assessment and prioritized containment.

  • Compromised EC2 Instance: If a vulnerability exploit is detected on a production EC2 instance, Explorer reveals all downstream and lateral connections from that node. This includes resources accessible via IAM roles, open security groups, shared network interfaces, or IAM session policies. Such visibility helps identify whether critical data stores (e.g., S3, DynamoDB) or control plane components are at risk.

🔎 Root Cause Analysis

Explorer excels at contextual investigations during incident response and post-mortems.

  • Example: A high-privilege role was used to spin up a Bitcoin mining cluster. Using Explorer, the IR team can backtrack from the compromised resource, identify the IAM entity that launched the instance, trace the permission path, and correlate with recent changes in access policies or CI/CD pipelines. This visual path reconstruction surfaces the root cause—perhaps an over-permissive policy attached to a CI runner—which might have otherwise gone unnoticed in logs alone.

🌐 Understanding the Attack Surface

Security and cloud operations teams use Explorer proactively to map and reduce their attack surface.

  • Example: A security engineer wants to audit all externally exposed EC2 instances that also have access to internal databases. By combining filters on resource exposure (e.g., public IP or internet gateway access) with resource relationships (e.g., role trust policies or VPC peering), Explorer highlights misconfigured nodes with high lateral movement risk. This empowers teams to close gaps before adversaries exploit them.

Why It Matters

Traditional security tools show isolated signals. Explorer connects the dots.

By visualizing the security context—users, privileges, vulnerabilities, network paths, and workloads—Explorer enables:

  • Faster triage during alerts

  • Deeper insights during threat hunts

  • Smarter prioritization for remediation

Explorer isn’t just a UI—it’s a decision-making accelerator powered by the KAORTEX graph.

Layout

The Explorer Page consists of the following key components:

  • Search Bar: Allows users to search for artifacts (node types).

  • Node Limit: Enables users to set the maximum number of nodes to display in the graph.

  • Refresh Button: Clears the search bar and resets the graph.

  • Graph Section: Displays the resultant graph based on the search query and visualization options.

  • Add to Sightline: Allows users to save the graph to a custom analyzer for future reference.

Searching for Artifacts

  • Single Artifact Search: Users can enter the name or type of a single artifact in the search bar to retrieve related nodes.

  • Multiple Artifacts Search: Users can search for multiple artifacts at once by separating the terms with commas. This allows users to explore relationships across different node types.

Drilldown Menu

  • The Drilldown Menu includes all available node types fetched from all accounts across all Blueprints. It allows users to select specific node types or refine their search results to focus on particular artifacts.

Resultant Graph Visualizations

Once the search is complete, the Explorer Page provides three different visualization options to display the results:

  • Network Form: This format represents nodes and their connections in a graph-like structure, making it easy to see how nodes are related.

  • Hierarchical Form: This visualization presents a layered, tree-like representation of node relationships, allowing users to understand the hierarchy of nodes.

  • Tabular Form: A spreadsheet-like view that displays nodes and their associated data in a structured, easy-to-read format. This option is useful for detailed analysis of node properties.

Node Limit

The Node Limit feature allows users to refine their search results by restricting the number of nodes displayed in the graph.

  • Minimum Limit: 10 nodes

  • Maximum Limit: 200 nodes

This feature helps users manage the size of the graph and focus on a more manageable set of results.

Refresh Functionality

  • The Refresh button clears the search bar and resets the graph to its default state.

  • This feature is helpful when users want to start a new search or reset the page to remove any previous results.

Saving Graphs

Users can save the resultant graph into a Custom Analyzer by creating a Sightline. This allows for easy access to the graph in future sessions, enabling users to revisit or share the graph with others.

To Save a Graph:

  1. Complete your search and adjust the visualization as needed.

  2. Click on the Add to Sightline button.

  3. Follow the prompts to create a new Sightline or add the graph to an existing one.

Filtering Options

Account Filter

  • The Account Filter enables users to filter nodes based on the accounts associated with the Blueprints. This feature is especially useful when working with multiple accounts and wanting to focus on nodes from a specific account or set of accounts.

Practical Examples

Practical Examples

Example 1: Searching for Artifacts

  • Input: Enter multiple artifact names in the search bar.

  • Node Limit: Apply a node limit of 50.

  • Visualization: Visualize the resultant graph in Network Form.

Example 2: Filtering Results

  • Account Filter: Use the Account Filter to narrow down nodes to a specific account.

  • Visualization: Switch to Tabular Form to explore relationships.

Example 3: Saving a Graph

  • Search: Perform a search for "aws.ecs.Cluster".

  • Saving: Save the graph as a Sightline for future analysis.

Accessibility and Support

For any issues with the Explorer Page or further assistance, please refer to Kaleidoscope's supporrt team. We aim to provide a seamless experience, and our support team is available to address any questions or concerns.

PreviousEventsNextInventory

Last updated

Was this helpful?