synapse/queries at main · Leapfrog-DevOps/synapse · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
DASHBOARD: Risk Overview

Panel 1 — Top Risks (Table):
  MATCH (a)-[r:HAS_VULNERABILITY]->(v)
  WHERE r.contextual_risk_score IS NOT NULL
  RETURN a.id AS Asset, v.cve_id AS CVE,
         v.severity AS Severity,
         r.contextual_risk_score AS Risk_Score,
         r.risk_exposure AS Exposure,
         r.risk_blast_radius AS Blast_Radius,
         v.in_cisa_kev AS Actively_Exploited,
         r.risk_confidence AS Confidence
  ORDER BY Risk_Score DESC LIMIT 20

Panel 2 — Total Vulns (Stat):
  MATCH (v:Vulnerability) RETURN count(v) AS total

Panel 3 — Actively Exploited Count (Stat):
  MATCH (v:Vulnerability)
  WHERE v.in_cisa_kev = true
  RETURN count(v) AS kev_count

Panel 4 — Coverage (Gauge):
  MATCH (bs:BlindSpots {id:'current'})
  RETURN bs.coverage_pct AS coverage

Panel 5 — Attack Paths (Table):
  MATCH (ap:AttackPath)
  RETURN ap.entry_point AS Entry,
         ap.vulnerability AS CVE,
         ap.severity AS Severity,
         ap.path AS Attack_Path,
         ap.target AS Target,
         ap.hops AS Hops,
         ap.actively_exploited AS Exploited
  ORDER BY ap.hops ASC LIMIT 10

Panel 6 — Unscanned Assets (Table):
  MATCH (a)
  WHERE (a:EC2Instance OR a:S3Bucket OR a:RDSInstance)
    AND NOT exists((a)-[:HAS_VULNERABILITY]->())
  RETURN labels(a)[0] AS Type, a.id AS Asset_ID
  LIMIT 20