Occurrence Widgets
Epiphany's dashboard includes widgets to show the top or most common data points for the day.
Last updated
Epiphany's dashboard includes widgets to show the top or most common data points for the day.
Last updated
Epiphany's occurrence widgets identify your most common risk, target, foothold, identity, and top vulnerability. You can also drill into detail to see other common vulnerabilities, based on their prevalence.
Occurrence widgets show the top or most common data point for the day for each particular widget. These widgets show information in a similar way.
The top line identifies the data point. You can click on it to drill into the data.
The second line states what type of occurrence it is (risk, target, foothold, or vulnerability)
The number in the middle is the number of occurrences found, or, in the case of Most Common Risk, it’s the name of the most common risk.
The tiny circles represent dates. Click on one of these circles to see the date change at the bottom of the widget, and the number in the circle as well as the colors change to represent that date.
The circle for the selected date is shown in yellow.
There is a bar graph directly above the date. It shows change over time for that date.
Most Common Identity shows the identity that appears the most across all attack paths. The presence of many attack paths associated with an identity can usually indicate one of the following:
The identity is a target.
The identity is many attack paths.
The identity is most likely to give the attacker the greatest advantage (such as an administrative account).
Click on the identity at the top of the widget to display information about other common identities: the Names of other common identities (sorted by the number of devices they are found on), the number of devices each identity is Found On, the number of devices each identity has Admin rights To, the number of Paths the identity is on, and the number of Prizes in those paths.
Most Common Risk shows the risk that appears the most across all attack paths. It can be a vulnerability or a configuration-related issue that is causing an exposure. The most common risk is often associated with the attack surface (how an attacker gets in) or a pivot device (how the attack moves across the environment).
Click on the risk at the top of the widget to display information about other common risks, sorted by the number of paths each risk is on: the common vulnerabilities and exposures (CVE) identification number, its Name, Risk Type, the number of Paths it’s on, and the Date it was reported.
Most Common Target shows the target that appears the most across all attack paths. Targets in Epiphany contain prizes and are most often devices that host high value applications or are used by high value users (such as administrators) and are often the termination point of attack paths.
Click on the target at the top of the widget to display information about other common targets, sorted by the number of paths each risk is on: the Name of the risk, the type of device it’s on (Device Type), the highest risk score of all its entry points (High Risk Entry Point), the number of Paths it’s on, the number of Prizes it contains, and, and the Date it was reported.
Most Common Foothold shows the device that starts the highest number of potential attack paths across your entire environment. The device that’s most often the most common foothold is the device that has the potential to generate many attack paths. This can be caused by high value users on those devices, or it can be due to their position within the environment (for example, on the same network as devices with exploitable remote code vulnerabilities).
Click on the foothold at the top of the widget to display information about other common footholds, sorted by the risk score of the entry point: the Name of the foothold, the type of device it’s on (Device Type), the highest risk score of all its entry points (Highest Risk Entry Point), and the number of Paths it’s on.
Top Vulnerabilities shows the vulnerabilities that occur in the highest number of potential attack paths across your entire environment. The vulnerabilities that are usually in the largest number of attack paths are the ones that create common leverage points for attackers at the foothold or at a potential pivot device into an otherwise restricted environment.
Click on the vulnerability at the top of the widget to display information about other common footholds, sorted by the number of devices each vulnerability is found on: the Name of the vulnerability, its Risk Level (critical, high, medium, or low), the number of devices it’s Found On, and the number of Paths to the vulnerability.
