Asset Details

Main Details

The top of the screen shows the basic asset details, such as name, type, or ID. These parameters depend on the asset type. For some assets, this part shows information related to the asset's risks: business priority, risk score, or exposure.

Icon	Meaning	Explanation
	Risk score	Read more in Risk Calculation
	IAM Identity and Access Management (IAM) - A web service that customers can use to manage users and user permissions within their organizations. sensitivity	Read more in IAM Exposure
	Business priority	Read more in Business Priority
	External exposure	Read more in Network Exposure and IAM Exposure

Overview

The overview page displays important high-level information on the asset.

Risk Management

For assets supported in Risk Management, the Risk Management section shows the data considered for the calculation of the asset risk score, as well as the Context Graph and top remediation actions to mitigate the asset's risk.

Context Graph

The Context Graph is a graphical representation of the asset exposure to the Internet and to other assets in the network. It is applicable to AWS Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. EC2 Amazon EC2 - A web service for launching and managing Linux/UNIX and Windows Server instances in Amazon data centers. instances, Lambda functions, RDS Relational Database Service (RDS) - A web service that makes it easier to set up, operate, and scale a relational database in the cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks., ECS Amazon Elastic Container Service (ECS) - a fully managed container orchestration service that helps you deploy, manage, and scale Docker containers running applications, services, and batch processes. service, and Azure Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. Virtual Machines.

The Context Graph presents the configuration blocks that determine if the asset is exposed to the Internet or not (see Network Exposure).

When you put the cursor on a graph node, its tooltip shows important high-level information about the asset.

The Context Graph presents the potential impact that the asset exploit can have on the cloud environment, from a network and IAM perspective. The IAM impact is determined by CIEM, which analyzes the permissions granted to the asset. The network impact is based on an analysis of security groups.

The node color on the graph aligns with the risk level. Assets in blue are not supported in Risk Management and therefore do not have a risk score.

The assets with the highest business priority (Business Priority), Crown Jewels, have a little crown symbol.

Open Ports

For AWS EC2 instances, the Context Graph shows the open ports of the security group connected to the instance and their categories, such as Web Server, Database, or Checkpoint Service.

For the port details, put the cursor on the port number to see its tooltip.

Top 5 Remediations

This section shows the top 5 actions that you need to do to reduce the risk score of the asset. Click one of them to open a relevant tab with more details.

Events

This widget shows the number of critical and high-severity security events and posture findings the asset has.

Images

Policy status - Shows if the image meets your organization standards (compliant / non-compliant)
Risk score - Calculated risk score of the image
Vulnerability by severity - Statistics for severity level of Image Assurance findings
Vulnerability by category - Statistics for categories of Image Assurance findings
Workloads - The list of workloads that use this image
- Kubernetes Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts. image shows workloads in the environment that uses it
- Container Registry A collection of repositories used to store and access container images. image shows workloads from all Kubernetes environments
Scan status - Shows the results of scanning the image by CloudGuard agents. For more information, see Image Scan Status.

Vulnerabilities

This page shows the CVEs, threats, and secrets received through the asset scanning. The Remediation Summary page contains information that a specific scanner finds.

Scanner examples:

To search for a specific CVE The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures., click Search CVE and go to the CVE Search page.

Entity Viewer

For more information, see Entity Card.

Permissions

For more information, see Entitlement Map.

Posture Findings

This page presents the part of the Posture Findings related to this asset.

For more information, see Posture Findings and Security Events.

Threat & Security Events

This page presents the part of the Threat & Security Events related to this asset.

For more information, see Posture Findings and Security Events.

Properties

This page shows the asset properties based on the asset type.

Traffic Activity

This page shows part of the traffic logs for the asset.

For more information, see Traffic Explorer.

Account Activity

This page shows part of the account activity logs for the asset.

For more information, see Activity Explorer.