Risk reports overview

This page provides an overview of risk reports (Preview) and the data that is included in them.

Risk reports help you understand the results of the attack path simulations that Security Command Center runs. A risk report starts with a high-level overview, and then the report provides details of sample toxic combinations and associated attack paths.

When to use risk reports

Security Command Center Enterprise and Premium customers can access risk reports in the Google Cloud console. However, you must have a role with specific permissions to download a PDF copy of a risk report. See A risk report is useful if you want to share a high-level view of the security landscape of your environment.

Sections included in risk reports

Risk reports provide a snapshot of data about your environment in the following sections, ordered to match the layout of the generated report:

Risk Engine introduction

This section provides an overview of the results of the attack path simulations, including explanations of high-level concepts and how the Risk Engine works.

High-value resource set: Indicates whether you created resource value configurations.
Valued resources assigned: Summarizes the valued resources assigned in the latest simulation and the number of resources per resource type.
Your risk exposure: Refers to the following:
- The number of successful attack paths.
- The number of exposed resources with a score that is greater than zero.
- A breakdown of exposed valued resources with HIGH, MEDIUM, or LOW ratings. See Priority values for more information.

Entry points and chokepoints

This section summarizes entry points and chokepoints, including suggested mitigations and accompanying descriptions.

Attacker entry points: This diagram represents common entry points across attack paths. An entry point is the starting point of an attack. The width of the nodes in the diagram indicates their frequency. For more information, see Types of nodes.
Entry Point table: The entry point table provides all entry points that exist in the attack path simulations, grouped by types. This table also includes the entry point frequency and a short description.
Attack path chokepoints: This diagram shows the top five chokepoints with the highest score. A chokepoint is a resource or resource group where high-risk attack paths converge. If you address these chokepoints, you can mitigate many attack exposures. This section shows the most frequent chokepoints, their resource type, and the general mitigation information.
Top chokepoints and suggested mitigations: This table provides information about the top four chokepoints with the highest scores and suggested mitigations.

Toxic combination details

This section provides a detailed look into the toxic combination with the highest score.

Toxic combination example: Toxic combinations are a group of security issues that, when they occur together in a particular pattern, create a path to one or more of your high-value resources that a determined attacker could potentially use to compromise those resources.

The diagram in the report shows an example attack path from one toxic combination to visualize how an attacker could reach a high-value resource through a combination of attack paths.
Toxic combination description: This section provides a brief description of the toxic combination in question.
Remediate the above toxic combination: The remediation steps show examples of suggested short-term and long-term remediation steps for the toxic combinations.

Toxic combination across your environment

This section provides an overview of the top toxic combinations. It also provides an overview of the types of attack steps that appear most in the attack paths.

Toxic combination categories with highest scored issues: This section displays the number of toxic combinations identified in multiple categories, including count per toxic combination category and the highest score of the toxic combination in each category. This list helps you focus remediation efforts across categories.
Toxic combinations with the highest exposure scores: Specific toxic combinations and their primary resource name, type, and exposure score.
Attack step method breakdown: Attack steps that are common across all attack paths and how these steps map to the MITRE ATT&CK framework. The Frequency column indicates what percentage of attack paths they appear in.

What's next

For more information about what is presented in the risk reports, see the following documentation:

TMZ Celebrity News – Breaking Stories, Videos & Gossip

Looking for the latest TMZ celebrity news? You've come to the right place. From shocking Hollywood scandals to exclusive videos, TMZ delivers it all in real time.

Whether it’s a red carpet slip-up, a viral paparazzi moment, or a legal drama involving your favorite stars, TMZ news is always first to break the story. Stay in the loop with daily updates, insider tips, and jaw-dropping photos.