Top Work Items
preview feature
This topic describes functionality that is currently in preview.
Overview
The Top work items page helps you quickly understand the work items that reduce the greatest risk to your cloud environment. The page displays the top risks in each of these categories:
- Top vulnerable hosts - Hosts that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities
- Top vulnerable container images - Container images that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities
- Top paths with secrets - Secrets discovered on hosts that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities
- Top exposed data assets - Data assets that are exposed to the internet directly or are accessible by hosts that are exposed to the internet and have critical vulnerabilities
Lacework generates an attack path if critical vulnerabilities are associated with a host instance or container image.
View Attack Paths
Click the View attack path icon (
) to view the Path investigation page filtered to specific host name, container image, or asset identifier. The Path investigation page contains the Attack Path Polygraph and contextualized information about individual nodes in the attack path so you can investigate, analyze, and address issues.
Filters
By default, the page displays critical and high severity attack paths for all accounts.
Use filters to display a subset of specific attack paths. Click the filter dropdowns along the top of the page, select your desired matches and then click Show results to make them active. To remove an active filter, deselect the checkbox in the corresponding filter dropdown and then click Show results. You can also click Reset in the filter dropdowns or in the row of filters to reset all filters.
Top Vulnerable Hosts
The available columns are listed below:
| Column | Description |
|---|---|
| Host | The name of the vulnerable host. |
| Account | The cloud account associated with the asset. |
| Vulnerabilities | The number of vulnerabilities detected on the host. Expand this to view the specific vulnerabilities. |
| Path risk (hidden by default) | The attack path risk score. Ranging 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. See Path Severity for details. |
| Path severity | The severity of the attack path. See Path Severity for details. |
| Action | The icon opens the Path investigation page filtered to the specific host name. The  icon contains additional actions. |
Top Vulnerable Container Images
The available columns are listed below:
| Column | Description |
|---|---|
| Container image | The name of the vulnerable container image. |
| Image ID (hidden by default) | The image ID of the vulnerable container image. |
| Account | The cloud account associated with the asset. |
| Vulnerabilities | The number of vulnerabilities detected on the container image. Expand this to view the specific vulnerabilities. |
| Path risk (hidden by default) | The attack path risk score. Ranging 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. See Path Severity for details. |
| Path severity | The severity of the attack path. See Path Severity for details. |
| Action | The icon opens the Path investigation page filtered to the specific container image name. The icon contains additional actions. |
Top Paths with Secrets
The available columns are listed below:
| Column | Description |
|---|---|
| Secret type | The type of secret. |
| Secret identifier | The identifier of the secret. |
| Host | The name of the vulnerable host. |
| Account | The cloud account associated with the asset. |
| Path risk (hidden by default) | The attack path risk score. Ranging 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. See Path Severity for details. |
| Path severity | The severity of the attack path. See Path Severity for details. |
| Action | The icon opens the Path investigation page filtered to the specific asset identifier. |
Top Exposed Data Assets
The available columns are listed below:
| Column | Description |
|---|---|
| Crown jewels | The identifier of the vulnerable asset. |
| Account | The cloud account associated with the asset. |
| Path risk (hidden by default) | The attack path risk score. Ranging 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. See Path Severity for details. |
| Path severity | The severity of the attack path. See Path Severity for details. |
| Action | The icon opens the Path investigation page filtered to the specific asset identifier. |
Path Severity
Attack path risk is a product of the likelihood of compromise and the value of the compromised asset. Attack path risk is categorized into four severity levels:
- Critical (risk score 90 - 100)
- High (risk score 80 - 89)
- Medium (risk score 70 - 79)
- Low (risk score 69 and under)
The approach to calculating risk continues to evolve as Lacework incorporates additional factors into the modeling framework. Currently, Lacework includes the following factors:
- Number of critical and high severity vulnerabilities
- Existence of known public exploits
- Whether vulnerabilities are present in active code
- Subjective impact of a successful attack path exploit. This is currently determined by asset type, with RDS acquisition considered more impactful than EC2/container acquisition.