Top Work Items
Overview
The Top work items page helps you quickly understand the work items that reduce the greatest risk to your cloud environment. The page displays the top risks in each of these categories:
- Top risky hosts - Hosts that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities
- Top risky container images - Container images that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities
- Top risky paths with exposed secrets - Secrets discovered on hosts that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities
- Top risky data assets - Data assets that are exposed to the internet directly or are accessible by hosts that are exposed to the internet and have critical vulnerabilities
Lacework generates an attack path if critical vulnerabilities are associated with a host instance or container image.
View Attack Paths
Click the View attack path icon (
) to view the Path investigation page filtered to specific host name, container image, or asset identifier. The Path investigation page contains the Attack Path Polygraph and contextualized information about individual nodes in the attack path so you can investigate, analyze, and address issues.
Filters
By default, the page displays critical and high severity attack paths for all accounts.
Use filters to display a subset of specific attack paths. Click the filter dropdowns along the top of the page, select your desired matches and then click Show results to make them active. To remove an active filter, deselect the checkbox in the corresponding filter dropdown and then click Show results. You can also click Reset in the filter dropdowns or in the row of filters to reset all filters.
Top Risky Hosts
The available columns are listed below:
| Column | Description |
|---|---|
| Host | The name of the risky host. |
| Account | The cloud account associated with the asset. |
| Vulnerabilities | The number of vulnerabilities detected on the host. Expand this to view the specific vulnerabilities. |
| Path risk (hidden by default) | Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity. |
| Path severity | The severity of the attack path. For details about what impacts this, see Path Severity. |
| Action | The icon opens the Path investigation page filtered to the specific host name. The  icon contains additional actions. |
Top Risky Container Images
The available columns are listed below:
| Column | Description |
|---|---|
| Container image | The name of the risky container image. |
| Image ID (hidden by default) | The image ID of the risky container image. |
| Account | The cloud account associated with the asset. |
| Vulnerabilities | The number of vulnerabilities detected on the container image. Expand this to view the specific vulnerabilities. |
| Path risk (hidden by default) | Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity. |
| Path severity | The severity of the attack path. For details about what impacts this, see Path Severity. |
| Action | The icon opens the Path investigation page filtered to the specific container image name. The icon contains additional actions. |
Top Risky Paths with Exposed Secrets
The available columns are listed below:
| Column | Description |
|---|---|
| Secret type | The type of secret. |
| Secret identifier | The identifier of the secret. |
| Host | The name of the risky host. |
| Account | The cloud account associated with the asset. |
| Path risk (hidden by default) | Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity. |
| Path severity | The severity of the attack path. For details about what impacts this, see Path Severity. |
| Action | The icon opens the Path investigation page filtered to the specific asset identifier. |
Top Risky Data Assets
The available columns are listed below:
| Column | Description |
|---|---|
| Data assets | The identifier of the risky asset. |
| Resource type | The type of resource. |
| Account | The cloud account associated with the asset. |
| Path risk (hidden by default) | The attack path risk score. Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity. |
| Resource risk | The severity of the resource risk. For details about what impacts resource risk, see Resource Scoring. |
| Action | The icon opens the Path investigation page filtered to the specific asset identifier. |
Path Severity
Attack path risk is a product of the likelihood of compromise and the value of the compromised asset. Attack path risk is categorized into four severity levels:
- Critical (risk score 90 - 100)
- High (risk score 80 - 89)
- Medium (risk score 70 - 79)
- Low (risk score 69 and under)
The approach to calculating risk continues to evolve as Lacework incorporates additional factors into the modeling framework. Currently, Lacework includes the following factors:
- Number of critical and high severity vulnerabilities
- Existence of known public exploits
- Whether vulnerabilities are present in active code
- Subjective impact of a successful attack path exploit. This is currently determined by asset type, with RDS acquisition considered more impactful than EC2/container acquisition.