Security Finding Categories
The Evidence Room organizes security findings into five main categories:- CVEs - Container and software vulnerabilities with severity ratings and exploitability scores
- Cloud Misconfigs - Cloud infrastructure misconfigurations and compliance violations
- Kubernetes Misconfigs - Kubernetes cluster misconfigurations and policy violations
- Runtime Threats - Real-time threats detected in your running applications and services
- Identity Misconfigs - Identity and access management misconfigurations and policy violations
Key Features
π Advanced Filtering
π Advanced Filtering
Filter findings by severity, exploitability, fix status, and impact. Use EPSS scores to prioritize the most likely to be exploited vulnerabilities.
π Impact Analysis
π Impact Analysis
See exactly which workloads, clusters, and images are affected by each finding. Understand the blast radius of potential security issues.
π― Prioritization
π― Prioritization
Known Exploited Vulnerabilities (KEV) are automatically flagged. EPSS scores help identify vulnerabilities most likely to be exploited in the wild.
π Correlation
π Correlation
RAD correlates findings across all your data sources to provide context and reduce false positives. Related findings are grouped together for easier investigation.
Finding Types
Container & Software Vulnerabilities (CVEs)
Track vulnerabilities in your container images and software dependencies:- CVE/GHSA IDs - Standard vulnerability identifiers
- Severity Ratings - Critical, High, Medium, Low classifications
- EPSS Scores - Exploit Prediction Scoring System for prioritization
- Fix Status - Whether patches are available and applied
- Impact Scope - Which workloads and images are affected
Cloud Misconfigurations
Identify security gaps in your cloud infrastructure:- Compliance Violations - CIS, NIST, SOC2 framework violations
- Resource Misconfigurations - Public buckets, overly permissive policies
- Network Security - Open ports, insecure protocols
- Identity & Access - Excessive permissions, unused credentials
Kubernetes Misconfigurations
Detect security issues in your Kubernetes clusters based on CIS Kubernetes Benchmark:- CIS Benchmark Violations - Security misconfigurations identified against the CIS Kubernetes Benchmark with direct references to the affected manifest resources
- Pod Security - Privileged containers, host network access, and other pod security policy violations with manifest details
- RBAC Violations - Overly permissive service accounts, roles, and role bindings with specific resource references
- Resource Limits - Missing CPU/memory constraints and resource quota violations with impacted workload manifests
Runtime Threats
Monitor active threats in your running applications:- Malicious Processes - Suspicious binary execution
- Network Anomalies - Unusual traffic patterns
- File System Changes - Unauthorized modifications
- Container Escapes - Privilege escalation attempts
Identity Misconfigurations
Track Kubernetes identity and access management issues:- Kubernetes Identity Issues - Over-privileged service accounts, roles, and cluster roles with specific resource references
- Kubernetes Audit Log Anomalies - Suspicious access patterns, privilege escalations, and unauthorized actions detected in Kubernetes audit logs
Pro Tip: Use the Evidence Room to get a complete picture of your security posture. Start with high-severity findings and work your way down, focusing on items that are actively being exploited in the wild.