Assess policy set risks

Cloud security conditions change constantly and create environments with potentially new risks. AppViz provides clear and organized insight into your security policies so you can stay abreast and handle risky rules in your environment.

This topic describes how you can easily identify the risky rules detected in your policy sets, review affected assets, and see risk remediation suggestions.

View risks details at the policy level

For AWS, Azure, and Google Cloud

See an aggregated view of the relevant risks associated with each policy.

Do the following:

Click on the risk severity level circles of the desired policy set.

A policy set risk popup appears with information about the policy set and a detailed list of all the risks associated with the policy.

Note: For Google Cloud, toggling Show hierarchical rules on or off affects whether the list of risks includes risks associated with rules that are hierarchical or not. For more details on the toggle, see Policy set details.

The policy risk details include the following information:

Column name Description
Severity The severity of the risk (critical, high, medium, low).
Risk triggers The number of times the risk was triggered by rules in the policy.
Risk ID The ID number assigned to the detected risk.
Risk title The name of the risk as it appears in the risks list panel.
Description Click the icon to view a full explanation of the nature of the risk.
Remediation Click the icon to view a suggested course of action to resolve the risk.

View rule risks & affected assets

For any rule, you can conveniently view the risk description, the risk remediation suggestion, and all its affected assets.

Do this:

  1. Expand the required policy set and click on the risk severity level circle of the required rule.

    The Risks tab of the Rule Risks & Affected Assets popup window is displayed, showing the relevant risks (Outbound or Inbound):

  2. Click on the Affected Assets tab.
    The affected assets are displayed.

    Tip:
    Hover over the:

    • Description icon to view the risk description.

    • Remediation icon to view the remediation suggestion.