Track Remediation Progress
A workflow guide for tracking your remediation progress and path changes.
Last updated
A workflow guide for tracking your remediation progress and path changes.
Last updated
Tracking a remediation in progress can be accomplished in multiple areas. In this workflow example we'll focus on two areas: the Dashboard and the Risk Explorer. For this Epiphany-specific process we'll use the following workflow:
View a dashboard in Epiphany.
Check the Status and Modified information on the dashboard components.
Confirm the change within the attack path.
Epiphany's dashboards include multiple components that track changes in the environment. The most common one is the Attack Path component called Top Recommendations. This component is the easiest way to track changes to attack paths as they represent the relationships that are causing the most risk to your organization.
The Top Recommendations component will adjust over time depending on what happens to the relationship as your environment changes. The key statistics you will want to observe are:
Modified. This is when a change last occurred to this relationship across your organization. With identities this can be more frequent than a patch being applied to a vulnerability.
Status. This is the ticketed status of the recommendation. By default a status of Open is used to indicate that it is an open issue waiting resolution or acceptance.
Paths Broken. This represents the current number of paths that can be broken by taking this action. This number can change each time Epiphany ingests data.
Footholds Resolved. This only appears if this change is the last recommendation to completely remove a device from exposure. For example, the last vulnerability exploitable by an attacker on a device or a change to a firewall rule that breaks access to the device completely.
In the Risk Explorer, you can track changes to both the recommendations as well as the relationships within the specific attack path. The best location is in the Top Recommendations component on the path canvas.
Like the dashboard component, the path-based recommendation engine tracks changes to relationships. The only difference is that these changes are focused solely on this specific attack path.
The last place you can confirm a change to your attack paths is by looking at the output of your latest Threat Check report. On its Executive Summary, you can look at your key metrics to see the changes from the last time the report was generated.
