Top Work Items
Overview
The Top work items page helps you quickly understand the work items that reduce the greatest risk to your cloud environment. The page divides your risks into these categories:
Top risky hosts - Hosts that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities. The difference between the top risky hosts and the hosts listed on the Host vulnerabilities page is that Lacework has determined that there is an attack path from the internet to the top risky hosts.
Top risky container images - Container images that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities. The difference between the top risky container images and the images listed on the Container vulnerabilities page is that Lacework has determined that there is an attack path from the internet to the top risky container images.
Top risky paths with exposed secrets - Secrets detected on hosts that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities.
To detect secrets, you must enable Agentless workload scanning. See Attack Path Secrets Detection for information on the types of secrets that are detected by Agentless workload scanning.
Top risky data assets - Data assets that are exposed to the internet directly or are accessible by hosts that are exposed to the internet and have critical vulnerabilities.
Top risky paths with admin privilege role - Admin privilege roles exposed via hosts with critical vulnerabilities.
Lacework generates an attack path if critical vulnerabilities are associated with a host instance or container image.
View Attack Paths
Visit the Top work items page when you want to see the highest priority risks to address.
- Use the filters if you want to display a specific set of attack paths. By default, the top risky tables display all attack paths sorted by path severity in descending order.
- Browse the tables and locate any attack paths that you want to investigate, such as those with critical path severity.
- For risky hosts and container images, the tables include the following additional information:
- The number of vulnerabilities detected on the attack path. Expand the value to see the list of detected vulnerabilities and their details.
- The attack path's vulnerability details in a vulnerabilities context. Click the view vulnerability details icon to open the Host vulnerabilities or Container vulnerabilities page filtered to specific asset.
- Click the attack path icon to (
) to view the Path investigation page filtered to the specific asset identifier. The Path investigation page contains the Exposure Polygraph and contextualized information about individual nodes in the attack path.
When the page displays your desired work items, click Save or Create view in the top right corner. This allows you to access the saved view later. You can also copy the link to a saved view by opening the list of saved views and clicking the Share view icon of the view you want to share. You can then send that link to others so they can see the same view. For more details about saved views, refer to Views Management.
Top Risky Hosts
The available columns are listed below:
| Column | Description |
|---|---|
| Host | The name of the risky host. |
| Account/Project/Subscription | The cloud account/project/subscription associated with the asset. |
| Vulnerabilities | The number of vulnerabilities detected on the host. Expand this to view the specific vulnerabilities. |
| Path risk (hidden by default) | Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity. |
| Path severity | The severity of the attack path. For details about what impacts this, see Path Severity. |
| Action | The attack path icon opens the Path investigation page filtered to the specific host name. The vulnerability details icon opens the Host vulnerabilities page filtered to the host name. |
| Resource type | The type of resource. |
Top Risky Container Images
The available columns are listed below:
| Column | Description |
|---|---|
| Container image | The name of the risky container image. |
| Image ID (hidden by default) | The image ID of the risky container image. |
| Account/Project/Subscription | The cloud account/project/subscription associated with the asset. |
| Vulnerabilities | The number of vulnerabilities detected on the container image. Expand this to view the specific vulnerabilities. |
| Path risk (hidden by default) | Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity. |
| Path severity | The severity of the attack path. For details about what impacts this, see Path Severity. |
| Action | The attack path icon opens the Path investigation page filtered to the specific container image. The vulnerability details icon opens the Container vulnerabilities page filtered to the image ID. |
Top Risky Paths with Exposed Secrets
The available columns are listed below:
| Column | Description |
|---|---|
| Secret type | The type of secret. |
| Secret identifier | The identifier of the secret. |
| Host | The name of the risky host. |
| Account/Project/Subscription | The cloud account/project/subscription associated with the asset. |
| Path risk (hidden by default) | Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity. |
| Path severity | The severity of the attack path. For details about what impacts this, see Path Severity. |
| Action | The attack path icon opens the Path investigation page filtered to the specific identifier. |
| Resource type | The type of resource. |
Top Risky Data Assets
The available columns are listed below:
| Column | Description |
|---|---|
| Data assets | The identifier of the risky asset. |
| ARN (hidden by default) | The ARN of the asset. |
| URN (hidden by default) | The URN of the asset. |
| Resource type | The type of resource. |
| Account/Project/Subscription | The cloud account/project/subscription associated with the asset. |
| Path risk (hidden by default) | Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity. |
| Path severity | The severity of the attack path. For details about what impacts this, see Path Severity. |
| Action | The attack path icon opens the Path investigation page filtered to the specific asset identifier. |
Top Risky Paths with Admin Privilege Role
The available columns are listed below:
| Column | Description |
|---|---|
| Identity name | The name of the identity. |
| Identity type | The type of identity. |
| Path severity | The severity of the attack path. For details about what impacts this, see Path Severity. |
| Action | The attack path icon opens the Path investigation page filtered to the specific identity. The identities icon opens the Explore: Identities tab filtered to the identity. |
| ARN (hidden by default) | The ARN of the identity. |
Path Severity
Attack path risk is categorized into these severity levels:
- Critical (path risk 97 - 100)
- High (path risk 80 - 96)
- Medium (path risk 60 - 79)
- Low (path risk 20 - 59)
- None (path risk 19 and under)
Path risk considers both the likelihood of a security breach and the potential impact of the breach. For details about how Lacework calculates risk, see Attack Path Risk Calculation.