Preview

This feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of theService Specific Terms. Pre-GA features are available "as is" and might have limited support. For more information, see thelaunch stage descriptions.

Premium and Enterpriseservice tiers (requiresorganization-level activation)

This page provides an overview of risk reports and the data that is included inthem.

Risk reports help you understand the results of the attack path simulations thatSecurity Command Center runs. A risk report starts with a high-level overview, andthen the report provides details of sample toxic combinations and associatedattack paths.

When to use risk reports

You can access risk reports in theGoogle Cloud console. However, you must havea role with specific permissions to download a PDF copyof a risk report. A risk report is useful if you want to share a high-levelview of the security landscape of your environment.

Note: Risk reports only display data for resources in Google Cloud.

Sections included in risk reports

Risk reports provide a snapshot of data about your environment in the followingsections, ordered to match the layout of the generated report:

Risk Engine introduction

This section provides an overview of the results of the attack path simulations,including explanations of high-level concepts and how theRisk Engineworks.

• High-value resource set: Indicates whether you created resource valueconfigurations.
• Valued resources assigned: Summarizes the valued resources assigned inthe latest simulation and the number of resources per resource type.
• Your risk exposure: Refers to the following:
  • The number of successful attack paths.
  • The number of exposed resources with a score that is greater than zero.
  • A breakdown of exposed valued resources withHIGH,MEDIUM, orLOWratings. SeePriorityvaluesfor more information.

Entry points and chokepoints

This section summarizes entry points and chokepoints, including suggestedmitigations and accompanying descriptions.

• Attacker entry points: This diagram represents common entry pointsacross attack paths. An entry point is the starting point of an attack. Thewidth of the nodes in the diagram indicates their frequency. For moreinformation, seeTypes ofnodes.
• Entry Point table: The entry point table provides all entry points thatexist in the attack path simulations, grouped by types. This table alsoincludes the entry point frequency and a short description.
• Attack path chokepoints: This diagram shows the top five chokepointswith the highest score. A chokepoint is a resource or resource group wherehigh-risk attack paths converge. If you address these chokepoints, you canmitigate many attack exposures. This section shows the most frequentchokepoints, their resource type, and the general mitigation information.
• Top chokepoints and suggested mitigations: This table providesinformation about the top four chokepoints with the highest scores andsuggested mitigations.

Toxic combination details

This section provides a detailed look into the toxic combination with thehighest score.

• Toxic combination example: Toxic combinations are a group of securityissues that, when they occur together in a particular pattern, create a pathto one or more of your high-value resources that a determined attacker couldpotentially use to compromise those resources.

  The diagram in the report shows an example attack path from one toxiccombination to visualize how an attacker could reach a high-value resourcethrough a combination of attack paths.

• Toxic combination description: This section provides a brief descriptionof the toxic combination in question.

• Remediate the above toxic combination: The remediation steps showexamples of suggested short-term and long-term remediation steps for thetoxic combinations.

Toxic combination across your environment

This section provides an overview of the top toxic combinations. It alsoprovides an overview of the types of attack steps that appear most in the attackpaths.

• Toxic combination categories with highest scored issues: This sectiondisplays the number of toxic combinations identified in multiple categories,including count per toxic combination category and the highest score of thetoxic combination in each category. This list helps you focus remediationefforts across categories.
• Toxic combinations with the highest exposure scores: Specific toxiccombinations and their primary resource name, type, and exposure score.
• Attack step method breakdown: Attack steps that are common across allattack paths and how these steps map to theMITRE ATT&CKframework. TheFrequency column indicates what percentage of attack paths they appearin.

System attack exposure

This section summarizes your organization's exposure score and the percentage ofyour exposed resources over time. You can see how risk is distributed overprojects and which projects and resources have the highest exposure scores.

What's next

For more information about what is presented in the risk reports, see thefollowing documentation:

• Download risk reports
• Risk Engine feature support
• Toxic combinations and chokepoints overview
• Attack exposure scores and attack paths