Top Work Items
preview feature
Attack paths for Google Cloud and identities are currently in preview.
Overview
The Top work items page helps you quickly understand the work items that reduce the greatest risk to your cloud environment. The page divides your risks into these categories:
- Top risky hosts - Hosts that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities. The difference between the top risky hosts and the hosts listed on the Host vulnerabilities page is that Lacework has determined that there is an attack path from the internet to the top risky hosts.
- Top risky container images - Container images that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities. The difference between the top risky container images and the images listed on the Container vulnerabilities page is that Lacework has determined that there is an attack path from the internet to the top risky container images.
- Top risky paths with exposed secrets - Secrets discovered on hosts that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities.
- Top risky data assets - Data assets that are exposed to the internet directly or are accessible by hosts that are exposed to the internet and have critical vulnerabilities.
- Top risky paths with admin privilege role - Admin privilege roles exposed via hosts with critical vulnerabilities.
Lacework generates an attack path if critical vulnerabilities are associated with a host instance or container image.
View Attack Paths
Visit the Top work items page when you want to see the highest priority risks to address.
- Use the filters if you want to display a specific set of attack paths. By default, the top risky tables display all attack paths sorted by path severity in descending order.
- Browse the tables and locate any attack paths that you want to investigate, such as those with critical path severity.
- For risky hosts and container images, the tables include the following additional information:
- The number of vulnerabilities detected on the attack path. Expand the value to see the list of detected vulnerabilities and their details.
- The attack path's vulnerability details in a vulnerabilities context. Click the view vulnerability details icon to open the Host vulnerabilities or Container vulnerabilities page filtered to specific asset.
- Click the view attack path icon to (
) to view the Path investigation page filtered to the specific asset identifier. The Path investigation page contains the Exposure Polygraph and contextualized information about individual nodes in the attack path.
Top Risky Hosts
The available columns are listed below:
| Column | Description |
|---|---|
| Host | The name of the risky host. |
| Account/Project | The cloud account/project associated with the asset. |
| Vulnerabilities | The number of vulnerabilities detected on the host. Expand this to view the specific vulnerabilities. |
| Path risk (hidden by default) | Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity. |
| Path severity | The severity of the attack path. For details about what impacts this, see Path Severity. |
| Action | The view attack path icon opens the Path investigation page filtered to the specific host name. The view vulnerability details icon  opens the Host vulnerabilities page filtered to the host name. |
Top Risky Container Images
The available columns are listed below:
| Column | Description |
|---|---|
| Container image | The name of the risky container image. |
| Image ID (hidden by default) | The image ID of the risky container image. |
| Account/Project | The cloud account/project associated with the asset. |
| Vulnerabilities | The number of vulnerabilities detected on the container image. Expand this to view the specific vulnerabilities. |
| Path risk (hidden by default) | Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity. |
| Path severity | The severity of the attack path. For details about what impacts this, see Path Severity. |
| Action | The view attack path icon opens the Path investigation page filtered to the specific container image. The view vulnerability details icon opens the Container vulnerabilities page filtered to the image ID. |
Top Risky Paths with Exposed Secrets
The available columns are listed below:
| Column | Description |
|---|---|
| Secret type | The type of secret. |
| Secret identifier | The identifier of the secret. |
| Host | The name of the risky host. |
| Account/Project | The cloud account/project associated with the asset. |
| Path risk (hidden by default) | Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity. |
| Path severity | The severity of the attack path. For details about what impacts this, see Path Severity. |
| Action | The view attack path icon opens the Path investigation page filtered to the specific identifier. |
Top Risky Data Assets
The available columns are listed below:
| Column | Description |
|---|---|
| Data assets | The identifier of the risky asset. |
| ARN | The ARN of the asset. |
| Resource type | The type of resource. |
| Account | The cloud account associated with the asset. |
| Path risk (hidden by default) | The attack path risk score. Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity. |
| Path severity | The severity of the attack path. For details about what impacts this, see Path Severity. |
| Action | The view attack path icon opens the Path investigation page filtered to the specific asset identifier. |
Top Risky Paths with Admin Privilege Role
preview feature
Attack paths for identities are currently in preview.
The available columns are listed below:
| Column | Description |
|---|---|
| Identity name | The name of the identity. |
| Identity type | The type of identity. |
| Path severity | The severity of the attack path. For details about what impacts this, see Path Severity. |
| Action | The view attack path icon opens the Path investigation page filtered to the specific identity. The view identity details icon opens the Entitlements management page filtered to the identity. |
| ARN | The ARN of the identity. |
Path Severity
Attack path risk is a product of the likelihood of compromise and the value of the compromised asset. Attack path risk is categorized into four severity levels:
- Critical (risk score 90 - 100)
- High (risk score 80 - 89)
- Medium (risk score 70 - 79)
- Low (risk score 69 and under)
For details about how Lacework calculates risk, see Attack Path Risk Calculation.