Teleport Launches Beams — Trusted Agent Runtimes For Infrastructure
Learn More
Support
LOG IN
Teleport logoGet a Demo
Try for FreeContact Sales
Support
LOG IN

Identity Behavior & Context

CLI for Agents & Advanced Insights

Query identity behavior like a database.

Query identity behavior directly from the terminal — who can reach what, what changed, what did this agent touch. Live results. No custom SIEM rules. No waiting for a report. Improved agility.      
 

Contact SalesStart Free Trial

WHY IDENTITY INVESTIGATION IS SLOWER THAN IT SHOULD BE

CUSTOM SIEM RULESHIDDEN LATERAL MOVEMENT PATHSPRIVILEGE CHAINS HARD TO TRACEINEFFECTIVE DASHBOARDSAGENT BEHAVIOR NOT TRACED

Liberate identity investigation from log, data, and dashboard wrangling.

Security and platform teams need to answer targeted questions about identity behavior at speed, e.g. who/what can reach this database, what lateral movement paths exist from this service account, what did this AI agent touch yesterday. Getting those answers with SIEM queries, custom rules, or manual correlation mires investigations in data handling. The tsh access-graph CLI makes answers instant and brings agility to your security teams.

Capability

Without Teleport

Query method

tsh access-graph CLI over live identity-to-resource relationships — instant answers

Custom SIEM rules, log searches, manual correlation across systems

Lateral movement

CLI traversal of every identity-to-resource relationship — paths returned in seconds

No automated path analysis — manual trace through logs

Agent behavior

Agent behavior queryable alongside human and machine identity data

AI agent actions invisible or unstructured — no unified view

Crown jewels

Crown Jewels designation — priority alerting when access paths change

No automated monitoring of sensitive resource access paths

Investigation speed

Seconds to minutes — CLI query returns live results

Hours to days for complex identity questions

Background image

OUTCOMES

Faster investigations. Earlier detection.

Accelerate Investigation

Minutes

to answer complex identity questions that previously required hours of SIEM work and custom rule writing

0

custom rules required to trace lateral movement or privilege escalation

Detect Earlier

50+

identity vulnerability types monitored continuously — alerts fire in real time, not after a weekly review

0

blind spots in identity-to-resource relationships across your infrastructure

Govern AI Behavior

100%

of AI agent and MCP endpoint activity queryable in the same CLI as human identity data

0

separate tooling required to investigate agentic access behavior

CLI INTERFACE OVER LIVE IDENTITY DATA

Ask any question about identity and access. From the terminal. 

The tsh access-graph CLI gives security and platform engineers a direct query interface over real-time identity-to-resource relationships. No SIEM report to wait for. No custom rules to write. Ask complex questions about lateral movement, privilege chains, or over-permissioned accounts — and get live results in seconds.

  • CLI-native — query live roles, groups, permissions, and access paths from the terminal

  • Real-time results — queries run against current state, not yesterday's log export

  • Human, machine, and AI agent identities all queryable in one place

  • No dashboard required — engineers work in the tools they already use

GRAPH EXPLORER FOR VISUAL INVESTIGATION

See every path from every identity to every resource. Instantly. 

The Graph Explorer visualizes identity-to-resource relationships as a traversable graph — tracing lateral movement paths, surfacing hidden access chains, and highlighting routes from a compromised identity to your most sensitive systems. Crown Jewels designation focuses monitoring on your highest-priority resources.

  • Visual graph traversal of identity-to-resource relationships across your infrastructure

  • Lateral movement path analysis — see every possible route from a compromised identity

  • Crown Jewels designation for priority monitoring on critical resources

  • Alert on access path changes to designated Crown Jewels — real time, not on next review

AI AGENT AND MCP BEHAVIOR ANALYSIS

Agent behavior is just another identity query. 

Every AI agent, MCP server, and agentic pipeline in Teleport appears in the CLI alongside human and machine identities. Query what agents can reach, what they accessed, and what privilege chains they operate within — using the same tsh access-graph commands used for human identity investigation. No separate tooling. No blind spots.

  • AI agent and MCP endpoint behavior queryable via tsh access-graph audit

  • Agent access paths analyzed for lateral movement risk alongside human identities

  • Anomalous agent behavior surfaced by the same detection engine covering human access

  • Full identity chain from principal through agent to resource — traceable in one command

Ready to Teleport?

Contact SalesStart Free Trial

DIVE DEEPER

DOCS

Getting started with Identity Security and tsh access-graph 
Read Docs

REPORT

2026 Infrastructure Identity Report: State of AI 
Read Report

BLOG

See exactly what every identity did — and why it matters 
Read Blog