Skip to main content

Top Work Items

preview feature

Attack paths for Google Cloud and identities are currently in preview.

Overview

The Top work items page helps you quickly understand the work items that reduce the greatest risk to your cloud environment. The page divides your risks into these categories:

  • Top risky hosts - Hosts that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities. The difference between the top risky hosts and the hosts listed on the Host vulnerabilities page is that Lacework has determined that there is an attack path from the internet to the top risky hosts.
  • Top risky container images - Container images that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities. The difference between the top risky container images and the images listed on the Container vulnerabilities page is that Lacework has determined that there is an attack path from the internet to the top risky container images.
  • Top risky paths with exposed secrets - Secrets discovered on hosts that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities.
  • Top risky data assets - Data assets that are exposed to the internet directly or are accessible by hosts that are exposed to the internet and have critical vulnerabilities.
  • Top risky paths with admin privilege role - Admin privilege roles exposed via hosts with critical vulnerabilities.

Lacework generates an attack path if critical vulnerabilities are associated with a host instance or container image.

View Attack Paths

Visit the Top work items page when you want to see the highest priority risks to address.

  1. Use the filters if you want to display a specific set of attack paths. By default, the top risky tables display all attack paths sorted by path severity in descending order.
  2. Browse the tables and locate any attack paths that you want to investigate, such as those with critical path severity.
  3. For risky hosts and container images, the tables include the following additional information:
    • The number of vulnerabilities detected on the attack path. Expand the value to see the list of detected vulnerabilities and their details.
    • The attack path's vulnerability details in a vulnerabilities context. Click the view vulnerability details icon to open the Host vulnerabilities or Container vulnerabilities page filtered to specific asset.
  4. Click the view attack path icon to (view attack path icon) to view the Path investigation page filtered to the specific asset identifier. The Path investigation page contains the Exposure Polygraph and contextualized information about individual nodes in the attack path.

Top Risky Hosts

The available columns are listed below:

ColumnDescription
HostThe name of the risky host.
Account/ProjectThe cloud account/project associated with the asset.
VulnerabilitiesThe number of vulnerabilities detected on the host. Expand this to view the specific vulnerabilities.
Path risk (hidden by default)Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity.
Path severityThe severity of the attack path. For details about what impacts this, see Path Severity.
ActionThe view attack path icon view attack path icon opens the Path investigation page filtered to the specific host name.
The view vulnerability details icon view vulnerability details icon opens the Host vulnerabilities page filtered to the host name.

Top Risky Container Images

The available columns are listed below:

ColumnDescription
Container imageThe name of the risky container image.
Image ID (hidden by default)The image ID of the risky container image.
Account/ProjectThe cloud account/project associated with the asset.
VulnerabilitiesThe number of vulnerabilities detected on the container image. Expand this to view the specific vulnerabilities.
Path risk (hidden by default)Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity.
Path severityThe severity of the attack path. For details about what impacts this, see Path Severity.
ActionThe view attack path icon view attack path icon opens the Path investigation page filtered to the specific container image.
The view vulnerability details icon view vulnerability details icon opens the Container vulnerabilities page filtered to the image ID.

Top Risky Paths with Exposed Secrets

The available columns are listed below:

ColumnDescription
Secret typeThe type of secret.
Secret identifierThe identifier of the secret.
HostThe name of the risky host.
Account/ProjectThe cloud account/project associated with the asset.
Path risk (hidden by default)Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity.
Path severityThe severity of the attack path. For details about what impacts this, see Path Severity.
ActionThe view attack path icon view attack path icon opens the Path investigation page filtered to the specific identifier.

Top Risky Data Assets

The available columns are listed below:

ColumnDescription
Data assetsThe identifier of the risky asset.
ARNThe ARN of the asset.
Resource typeThe type of resource.
AccountThe cloud account associated with the asset.
Path risk (hidden by default)The attack path risk score. Ranging from 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. For details about what impacts path risk, see Path Severity.
Path severityThe severity of the attack path. For details about what impacts this, see Path Severity.
ActionThe view attack path icon view attack path icon opens the Path investigation page filtered to the specific asset identifier.

Top Risky Paths with Admin Privilege Role

preview feature

Attack paths for identities are currently in preview.

The available columns are listed below:

ColumnDescription
Identity nameThe name of the identity.
Identity typeThe type of identity.
Path severityThe severity of the attack path. For details about what impacts this, see Path Severity.
ActionThe view attack path icon view attack path icon opens the Path investigation page filtered to the specific identity.
The view identity details icon view identity details icon opens the Entitlements management page filtered to the identity.
ARNThe ARN of the identity.

Path Severity

Attack path risk is a product of the likelihood of compromise and the value of the compromised asset. Attack path risk is categorized into four severity levels:

  • Critical (risk score 90 - 100)
  • High (risk score 80 - 89)
  • Medium (risk score 70 - 79)
  • Low (risk score 69 and under)

For details about how Lacework calculates risk, see Attack Path Risk Calculation.