This page describes Cloud Security metrics that are available for your business transactions. Business transactions represent an end-to-end, multi-service processing path used to fulfill a business-important request provided by your application.

Navigate Business Transactions 

On the Business Transaction page, you can view these details:

  • Monitored business transactions: The total number of monitored business transactions. 
  • Business transactions by business risk score: A chart that displays the total number of business risks with Normal, Warning, and Critical levels. 
  • Business risk score histogram: A chart that displays the severity risk score, and the date and time of those scores. 
  • Name: The name of your business transaction. 
  • Business risk score: The three statuses of a Business Risk: Normal 0-330, Warning 340-660, and Critical 670-1000. The higher the value, the higher the risk for the application vulnerability. 
  • Service name: The name of the service that has vulnerabilities. 

Overview UI Screenshot

Business Transactions Details 

When you click on a specific Business Transaction Name, details regarding the business transaction appear. There, you can view:

  • Business risk score: This algorithm is calculated based on the likelihood of vulnerability exploitation and the impact of the potential exploitation in a business transaction. These are the three statuses for a Business Risk: Normal 0-330, Warning 340-660, and Critical 670-1000. The higher the value, the higher the risk for the application vulnerability. 
  • Risk factors: 
    • Business importance: The level of risk in the business transaction. 
    • Active vulnerabilities: The number of vulnerabilities that are linked to your business transaction. 
    • Pods with security risk: The number of pods that have a security risk. 
    • Logs with sensitive data: The number of logs that have a sensitive data at risk. 
  • Business risk score trend: A graph that visualizes the risks. 
  • Security metrics for Pods, Vulnerabilities, and Logs

Overview UI Screenshot

Pods

The Pods tab displays these metrics: 

Metric 

Description 

Security risk

These are the three statuses for a Business Risk: Normal 0-330, Warning 340-660, and Critical 670-1000.

Name

The name of the business transaction. 

Misconfigurations found

If misconfigurations are found, or not. 

Active vulnerabilities

The total number of vulnerabilities detected, which is based on their severity. 

Vulnerabilities

The Vulnerabilities tab displays these metrics:

Metric 

Description 

CVE ID

The Common Vulnerabilities and Exposure (CVE) identifier.

Package name

The name of the package that is affected by vulnerabilities. 

Affected version

The version that has vulnerabilities. 

Fix version

The recommended version that can remediate the vulnerability. 

Cisco Security Risk Score

The Cisco Security Risk Score provides an estimate of exploitation based on real-time events. These are the three statuses: Green 0-33, Amber 34-66, Red 67-100. 

CVSS score

This score is based on the Common Vulnerability Scoring System (CVSS) with five severities: None 0-0, Low 0.1-3.9, Medium4.0-6.9, High 7.0-8.9, Critical 9.0-10.0. 

Logs 

The Logs tab displays these metrics:

Metric 

Description 
Severity 

The severity level of the log: Critical, High, Medium, Low

You can also filter logs by severity. 

Timestamp The time that the event is detected.
Log message The message of the log. 

Click on a specific log to view other detailed information such as: Container image, Container image tag, Host name, Cluster, Kubernetes namespace and more.