# Trend Insights Trend Insights provides various charts and statistics offering a comprehensive overview of the system's risk and security status, including the ability to filter data by policy and select specific date ranges for a more detailed analysis.

## Risk Score The Risk Score graph indicates the overall risk level of the Active Directory environment based on scan results, helping to assess and monitor security risks over time.

## **Exposure Score** The Exposure Score graph reflects the level of exposure in the Active Directory environment based on scan findings. It provides insights into potential vulnerabilities and tracks changes in exposure over time.

## **Dangerous Path Count** The Dangerous Path Count displays the number of risky access paths identified within the Active Directory environment, highlighting potential pathways that attackers could exploit to access sensitive assets.

## **Vulnerabilities by Severity** The Vulnerabilities by Severity graph categorizes and tracks vulnerabilities based on severity levels (Critical, High, Medium, Low, and Informational) over time. This visualization helps monitor changes in the severity of vulnerabilities across assessments, providing insights into the effectiveness of security measures and identifying areas that may need more attention.

**Critical**: The number of Issues with Critical severity. **High**: The number of Issues with High severity. **Medium**: The number of Issues with Medium severity. **Low**: The number of Issues with Low severity. **Info**: The number of Issues with Info severity. ## **Affected Entity and Total Affected Entity Count** The Affected Entity and Total Affected Entity Count graph shows the number of entities impacted at each severity level (Critical, High, Medium, Low, and Informational) across different assessments. This provides a clear view of affected entities over time, helping to measure the impact and effectiveness of remediation efforts in the Active Directory environment.

Affected Entity and Total Affected Entity Count

| **Statistic** | **Description** | | ----------------- | ------------------------------------------------------------------------------------------------------ | | Critical Affected | The number of entities affected at a critical level, showing high risk and requiring immediate action. | | High Affected | The number of entities affected at a high risk level. | | Medium Affected | The number of entities affected at a medium risk level. | | Low Affected | The number of entities affected at a low risk level. | | Info Affected | The number of entities affected with informational level issues, typically minor or non-critical. | | Total Affected | The total number of affected entities across all risk levels. | ## **Risky Shadow Admin and Risky Admin Count** The Risky Shadow Admin and Risky Admin Count graph shows trends in the number of high-risk admin accounts over time. It helps track changes in privileged account risks across assessments, aiding in monitoring the impact of security actions.

Risky Shadow Admin and Risky Admin Count

## **Asset Stats** The Asset Stats graph displays trends in key object types over time, including Admin, Privileged, Local Admin, and Shadow Objects within the Active Directory environment. This helps track changes in the number and distribution of these high-priority assets across assessments, providing insights into shifts in administrative and privileged object management.

| **Statistic** | **Description** | | ---------------------- | ---------------------------------------------------------------------------------------------------------- | | **Admin Object** | The number of administrative objects (e.g., accounts with admin privileges) that may carry security risks. | | **Privileged Object** | The number of objects with elevated permissions that could pose a risk if compromised. | | **Local Admin Object** | The number of objects with local administrative rights. | | **Shadow Object** | The number of hidden or unusual objects that could be considered high-risk. | ## **Risky Asset Stats** The Risky Asset Stats chart shows changes in asset types with elevated risk across multiple assessments. It tracks the count and percentage changes in Admin Objects, Privileged Objects, Local Admin Objects, and Shadow Objects, helping to monitor trends and shifts in asset risks over time.

| **Statistic** | **Description** | | ---------------------------- | -------------------------------------------------------------------------------------------------------- | | **Risky Admin Object** | The number of high-risk admin objects, indicating potential vulnerabilities within admin accounts. | | **Risky Privileged Object** | The number of privileged objects identified as high risk, possibly due to elevated access permissions. | | **Risky Local Admin Object** | The number of high-risk local admin objects, showing potential risks within local administrative access. | | **Risky Object** | The total number of objects considered high risk, encompassing a broader set of risky entities. | ## Risk Score By Top 5 Tags The Risk Score By Top 5 Tags graph shows changes in risk levels across the top five categories in the Active Directory environment, including Account Security, Endpoint Security, ADCS Security, Certificate Template Security, and ACL. It helps track trends in these specific risk areas over time.

| **Tag** | **Description** | | ------------------------ | ------------------------------------------------------------------------------------------------------- | | **Privilege Management** | The risk score related to managing access permissions and controls. | | **ACL** | The risk score associated with Access Control Lists, indicating how access permissions are configured. | | **Anomaly** | The risk score related to unusual or unexpected activities, signaling possible anomalies in the system. | | **Kerberos Security** | The risk score concerning Kerberos authentication, reflecting its security level. | | **Account Security** | The risk score linked to account security concerns, including password and access vulnerabilities. | ## **Risk Score By Top 5 Impacts** The Risk Score By Top 5 Impacts graph tracks risk trends for the top five potential impacts, such as Credential Theft Attacks, NTLM Relay, Unconstrained Delegation Exploitation, Privilege Escalation with Certificate Template Abuse, and Privilege Escalation with Certificate Authority Abuse. This visualization helps monitor changes in these high-risk impact areas across assessments.

| **Impact Type** | **Description** | | ------------------------------------------------------ | --------------------------------------------------------------------- | | **ACL Based Attack Path Exploitation** | The risk score for exploitations through access control lists (ACLs). | | **Resource Based Constrained Delegation Exploitation** | The risk score related to exploiting delegated resource access. | | **Persistence with SID-History Injection** | The risk score from SID-history injection techniques. | | **Persistence with Access Control Entries** | The risk from persistence through access control entries. | | **Credential Theft Attacks** | The risk score related to credential theft. | ## **Share Audit Secret Count** The Share Audit Secret Count metric displays the number of shared audit secrets identified within the Active Directory environment. It provides insight into the potential risks associated with shared credentials and access permissions.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/trend-insights.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.