Skip to main content

Top Work Items

preview feature

This topic describes functionality that is currently in preview.

Overview

The Top work items page helps you quickly understand the work items that reduce the greatest risk to your cloud environment. The page displays the top risks in each of these categories:

  • Top vulnerable hosts - Hosts that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities
  • Top vulnerable container images - Container images that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities
  • Top paths with secrets - Secrets discovered on hosts that have critical vulnerabilities and are exposed to the internet directly or through another internet-exposed host that has critical vulnerabilities
  • Top exposed data assets - Data assets that are exposed to the internet directly or are accessible by hosts that are exposed to the internet and have critical vulnerabilities

Lacework generates an attack path if critical vulnerabilities are associated with a host instance or container image.

View Attack Paths

Click the View attack path icon (view attack path icon) to view the Path investigation page filtered to specific host name, container image, or asset identifier. The Path investigation page contains the Attack Path Polygraph and contextualized information about individual nodes in the attack path so you can investigate, analyze, and address issues.

Filters

By default, the page displays critical and high severity attack paths for all accounts.

Use filters to display a subset of specific attack paths. Click the filter dropdowns along the top of the page, select your desired matches and then click Show results to make them active. To remove an active filter, deselect the checkbox in the corresponding filter dropdown and then click Show results. You can also click Reset in the filter dropdowns or in the row of filters to reset all filters.

Top Vulnerable Hosts

The available columns are listed below:

ColumnDescription
HostThe name of the vulnerable host.
AccountThe cloud account associated with the asset.
VulnerabilitiesThe number of vulnerabilities detected on the host. Expand this to view the specific vulnerabilities.
Path risk (hidden by default)The attack path risk score. Ranging 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. See Path Severity for details.
Path severityThe severity of the attack path. See Path Severity for details.
ActionThe view attack path icon icon opens the Path investigation page filtered to the specific host name.
The action icon icon contains additional actions.

Top Vulnerable Container Images

The available columns are listed below:

ColumnDescription
Container imageThe name of the vulnerable container image.
Image ID (hidden by default)The image ID of the vulnerable container image.
AccountThe cloud account associated with the asset.
VulnerabilitiesThe number of vulnerabilities detected on the container image. Expand this to view the specific vulnerabilities.
Path risk (hidden by default)The attack path risk score. Ranging 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. See Path Severity for details.
Path severityThe severity of the attack path. See Path Severity for details.
ActionThe view attack path icon icon opens the Path investigation page filtered to the specific container image name.
The action icon icon contains additional actions.

Top Paths with Secrets

The available columns are listed below:

ColumnDescription
Secret typeThe type of secret.
Secret identifierThe identifier of the secret.
HostThe name of the vulnerable host.
AccountThe cloud account associated with the asset.
Path risk (hidden by default)The attack path risk score. Ranging 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. See Path Severity for details.
Path severityThe severity of the attack path. See Path Severity for details.
ActionThe view attack path icon icon opens the Path investigation page filtered to the specific asset identifier.

Top Exposed Data Assets

The available columns are listed below:

ColumnDescription
Crown jewelsThe identifier of the vulnerable asset.
AccountThe cloud account associated with the asset.
Path risk (hidden by default)The attack path risk score. Ranging 0 - 100, a higher score represents higher risk. The path risk is relative to other paths of the same type only. See Path Severity for details.
Path severityThe severity of the attack path. See Path Severity for details.
ActionThe view attack path icon icon opens the Path investigation page filtered to the specific asset identifier.

Path Severity

Attack path risk is a product of the likelihood of compromise and the value of the compromised asset. Attack path risk is categorized into four severity levels:

  • Critical (risk score 90 - 100)
  • High (risk score 80 - 89)
  • Medium (risk score 70 - 79)
  • Low (risk score 69 and under)

The approach to calculating risk continues to evolve as Lacework incorporates additional factors into the modeling framework. Currently, Lacework includes the following factors:

  • Number of critical and high severity vulnerabilities
  • Existence of known public exploits
  • Whether vulnerabilities are present in active code
  • Subjective impact of a successful attack path exploit. This is currently determined by asset type, with RDS acquisition considered more impactful than EC2/container acquisition.