The Risk section in the Security Operations console helps you to manage the highest profile risks in your cloud environment. To view the Risk section, go to the Overview page:
https://CUSTOMER_SUBDOMAIN.backstory.chronicle.security/security-command-center/overview
Replace CUSTOMER_SUBDOMAIN with your customer-specific
identifier.
The Overview page serves as your first contact security dashboard, highlighting the highest priority risks in your cloud environments. You can view multiple domains in Overview by selecting one of the following views:
All risk dashboard
The All risk dashboard surfaces the following high priority security risks across your cloud environments:
- Riskiest issues, which shows at-a-glance information for your top issues, including simplified attack paths or evidence diagrams.
- Recent critical threats that are active in your cloud environments.
- High impact, exploitable vulnerabilities, prioritized by the resources impacted by them.
The dashboard also displays your progress in the following areas:
- Compliance against common industry benchmarks, like NIST, HIPAA, PCI-DSS, and CIS, reported as a percentage of how many controls are passing.
- Issue resolution for toxic combinations, which charts open versus closed toxic combintion issues in a specified time range, up to 180 days in the past.
In most cases you can interact with individual high priority risks for a brief summary, continue on to a more detailed view of each risk, or view all risks of a specific type.
Vulnerabilities dashboard
The Vulnerabilities dashboard gives insights into virtual machines and containers with exploitable vulnerabilities across your cloud environments. The dashboard displays the following information:
Top common vulnerabilities and exploits. Displays a clickable quadrant heatmap to help you filter vulnerabilities by exploitability and impact (risk rating). The number of unique resources affected, and the findings related to those resources are shown in a table after the heatmap. There can be multiple findings for each unique resource.
To reset the heatmap, click a heatmap cell a second time.
Most common critical exploitable vulnerabilities. A list of highly exploitable vulnerabilities found in your cloud environments, prioritized by the total number of unique resources impacted by them.
Expand a CVE section to view its descriptions, which are findings related to the CVE and the resources they affect. Because different findings can affect the same resource, the sum of all resource counts in the expanded description might be greater than the unique resource count in the heading row.
Containers with exploitable vulnerabilities. A list of containers with exploitable vulnerabilities, where the vulnerability exploitation activity rating is
available,confirmed, orwideand the risk rating iscritical, based on the assessment of Google Threat Intelligence. The list is ordered by attack exposure score, then by largest number of impacted resources.Latest compute vulnerabilities with known exploits. A list of Compute Engine virtual machine instances with exploitable vulnerabilities whose findings belong to the
OS_VULNERABILITYorSOFTWARE_VULNERABILITYcategories.From here you can check the following:
- The attack exposure score of the exploit. Click the score to see the attack paths to your exposed high-value resources.
- How many
configured high-value resources
have been exposed due to the vulnerability, that have a
priority
of
HIGH,MEDIUM, orLOW. - The Exploit release date, which is when the vulnerability was announced.
- The First available date, which is when an exploit was first seen in the wild.
- The level of exploitability of the vulnerability.
Code dashboard
The Code dashboard shows code vulnerabilities in your cloud environments found by Snyk. To use it, you first need to set up the Snyk integration.
You can also view code vulnerabilities in the Google Cloud console.