Risk Trend (30 Days)
Risk Distribution
Top 5 Risk-Driving Endpoints
| Rank | Hostname | Score | Primary Driver |
|---|
Remediation Impact
CASE Savings
Risk Scores are AI-computed composite rankings for every endpoint. The score combines node risk (local vulns), choke score (network centrality), local risk (CVE severity), and proximity to crown jewels. Higher = more dangerous.
All Endpoint Risk Scores
| Rank | Hostname | Composite | Node Risk | Choke | Local Risk | Proximity | Tier |
|---|
Attack Graph shows how an attacker can traverse your network from internet-facing entry points to crown-jewel assets. Drag nodes to rearrange. Edges show adjacency β thicker = higher traversal probability. Crown jewels have a 👑 icon.
Attack Path Visualization
Crown Jewel
High Risk
Internet-Facing
Internal
Low Risk
Attack Paths to Crown Jewels
| Source | Target | Hops | Probability | Path |
|---|
Risk Heatmap provides a bird's-eye view of all endpoints as colored tiles. Red = Critical (≥75), Orange = High (≥50), Yellow = Medium (≥25), Green = Low. Filter by tier using the dropdown. Click a cell for details.
Risk Heatmap
Alert Rationalization uses the attack graph to prioritize alerts by crown-jewel impact. Alerts on endpoints that sit on attack paths to critical assets are ranked higher. Low-impact alerts are auto-suppressed β reducing noise up to 80%.
Rationalized Alerts
Assets are the network endpoints in your environment. Click "+ Add Asset" to register servers, VMs, containers, or network devices. Include the hostname, IP, OS info, and sensitivity label. The graph engine uses assets to compute attack paths.
Asset Inventory
| Hostname | IP Address | Type | OS | Sensitivity | EDR | Credential | Actions |
|---|
Vulnerabilities are CVE findings from your scanner tools (Qualys, Nessus, etc.). Click "+ Add Vulnerability" and link each CVE to an asset. Include CVSS base score, EPSS probability, severity, and exploit/patch status. These feed directly into the risk scoring engine.
Vulnerability Findings
| CVE ID | Asset | CVSS | EPSS | Severity | Exploit | Patch | Scanner | Actions |
|---|
Identities are the user accounts, service accounts, and managed identities in your environment. These feed the Identity Surface (IDSurf) score β a key factor in attack path probability. Privileged accounts without MFA create high-risk pivot vectors.
Identity Inventory
| Principal Name | Display Name | Type | Privileged | MFA | Risk Level | Actions |
|---|
What-If Simulator lets you test remediation actions before deploying them. Add actions like patch_vulnerability, add_segmentation, isolate_endpoint etc., then hit Run Simulation. Compare before/after risk scores and ROI to prioritize budget.
What-If Remediation Simulator
SOAR Playbooks auto-generate incident response runbooks for any compromised endpoint. Select an asset, generate the playbook, then export to XSOAR, Splunk SOAR, or Microsoft Sentinel.
Generate Containment Playbook
Integrations let you connect your existing security scanners to GuardiaGraph. Just pick a scanner name β we handle the rest. Data from your scanners feeds directly into the ML-powered risk scoring engine.
π
CSV Export
Risk scores, paths, choke points
π
JSON Export
Full structured data
π
PDF Report
Executive summary report