Trend Insights
Last updated
Was this helpful?
Last updated
Was this helpful?
Trend Insights provides various charts and statistics offering a comprehensive overview of the system's risk and security status, including the ability to filter data by policy and select specific date ranges for a more detailed analysis.
The Risk Score graph indicates the overall risk level of the Active Directory environment based on scan results, helping to assess and monitor security risks over time.
The Exposure Score graph reflects the level of exposure in the Active Directory environment based on scan findings. It provides insights into potential vulnerabilities and tracks changes in exposure over time.
The Dangerous Path Count displays the number of risky access paths identified within the Active Directory environment, highlighting potential pathways that attackers could exploit to access sensitive assets.
The Vulnerabilities by Severity graph categorizes and tracks vulnerabilities based on severity levels (Critical, High, Medium, Low, and Informational) over time. This visualization helps monitor changes in the severity of vulnerabilities across assessments, providing insights into the effectiveness of security measures and identifying areas that may need more attention.
Critical: The number of Issues with Critical severity.
High: The number of Issues with High severity.
Medium: The number of Issues with Medium severity.
Low: The number of Issues with Low severity.
Info: The number of Issues with Info severity.
The Affected Entity and Total Affected Entity Count graph shows the number of entities impacted at each severity level (Critical, High, Medium, Low, and Informational) across different assessments. This provides a clear view of affected entities over time, helping to measure the impact and effectiveness of remediation efforts in the Active Directory environment.
Statistic
Description
Critical Affected
The number of entities affected at a critical level, showing high risk and requiring immediate action.
High Affected
The number of entities affected at a high risk level.
Medium Affected
The number of entities affected at a medium risk level.
Low Affected
The number of entities affected at a low risk level.
Info Affected
The number of entities affected with informational level issues, typically minor or non-critical.
Total Affected
The total number of affected entities across all risk levels.
The Risky Stealth Admin and Risky Admin Count graph shows trends in the number of high-risk admin accounts over time. It helps track changes in privileged account risks across assessments, aiding in monitoring the impact of security actions.
The Asset Stats graph displays trends in key object types over time, including Admin, Privileged, Local Admin, and Stealth Objects within the Active Directory environment. This helps track changes in the number and distribution of these high-priority assets across assessments, providing insights into shifts in administrative and privileged object management.
Statistic
Description
Admin Object
The number of administrative objects (e.g., accounts with admin privileges) that may carry security risks.
Privileged Object
The number of objects with elevated permissions that could pose a risk if compromised.
Local Admin Object
The number of objects with local administrative rights.
Stealth Object
The number of hidden or unusual objects that could be considered high-risk.
The Risky Asset Stats chart shows changes in asset types with elevated risk across multiple assessments. It tracks the count and percentage changes in Admin Objects, Privileged Objects, Local Admin Objects, and Stealth Objects, helping to monitor trends and shifts in asset risks over time.
Statistic
Description
Risky Admin Object
The number of high-risk admin objects, indicating potential vulnerabilities within admin accounts.
Risky Privileged Object
The number of privileged objects identified as high risk, possibly due to elevated access permissions.
Risky Local Admin Object
The number of high-risk local admin objects, showing potential risks within local administrative access.
Risky Object
The total number of objects considered high risk, encompassing a broader set of risky entities.
The Risk Score By Top 5 Tags graph shows changes in risk levels across the top five categories in the Active Directory environment, including Account Security, Endpoint Security, ADCS Security, Certificate Template Security, and ACL. It helps track trends in these specific risk areas over time.
Tag
Description
Privilege Management
The risk score related to managing access permissions and controls.
ACL
The risk score associated with Access Control Lists, indicating how access permissions are configured.
Anomaly
The risk score related to unusual or unexpected activities, signaling possible anomalies in the system.
Kerberos Security
The risk score concerning Kerberos authentication, reflecting its security level.
Account Security
The risk score linked to account security concerns, including password and access vulnerabilities.
The Risk Score By Top 5 Impacts graph tracks risk trends for the top five potential impacts, such as Credential Theft Attacks, NTLM Relay, Unconstrained Delegation Exploitation, Privilege Escalation with Certificate Template Abuse, and Privilege Escalation with Certificate Authority Abuse. This visualization helps monitor changes in these high-risk impact areas across assessments.
Impact Type
Description
ACL Based Attack Path Exploitation
The risk score for exploitations through access control lists (ACLs).
Resource Based Constrained Delegation Exploitation
The risk score related to exploiting delegated resource access.
Persistence with SID-History Injection
The risk score from SID-history injection techniques.
Persistence with Access Control Entries
The risk from persistence through access control entries.
Credential Theft Attacks
The risk score related to credential theft.
The Share Audit Secret Count metric displays the number of shared audit secrets identified within the Active Directory environment. It provides insight into the potential risks associated with shared credentials and access permissions.
