AgentSkillsCN

Cyber Risk Exposure

网络风险敞口

SKILL.md

Cyber Risk Exposure Management

Analyze attack surface exposure, vulnerabilities, and risk posture using Trend Micro Vision One's Cyber Risk Exposure Management capabilities. This comprehensive skill provides visibility into internet-facing assets, CVE exposure, domain risks, and account compromise indicators.

Instructions

  1. When the user asks about attack surface, external exposure, vulnerabilities, or risk posture, use this skill to query exposure data.

  2. Assess overall risk: Start with get_attack_surface_risk_overview to understand the organization's risk posture and exposure levels.

  3. Analyze internet-facing assets: Use list_internet_facing_assets to identify externally accessible systems and their risk levels.

  4. CVE analysis: Use list_cves and get_cve_details to identify vulnerable systems and prioritize patching based on exploitability and exposure.

  5. Domain security: Check domain risks with list_domain_accounts_with_weak_credentials, get_domain_risk_overview, and related tools.

  6. Account compromise: Use list_accounts_with_compromised_credentials to identify accounts requiring immediate password resets.

  7. Device risk: Query list_devices and get_global_device_risk_indicators to understand endpoint risk distribution.

  8. Regional exposure: Use geographic queries to understand exposure by region when relevant.

  9. Prioritize findings: Always present findings ordered by risk score or severity, with actionable remediation steps.

Tools

This skill uses the following Vision One MCP tools (all read-only):

ToolPurpose
get_attack_surface_risk_overviewOverall attack surface risk summary
list_internet_facing_assetsInternet-exposed assets and services
list_cvesCVEs affecting the environment
get_cve_detailsDetailed CVE information and affected systems
list_accounts_with_compromised_credentialsAccounts with leaked credentials
list_domain_accounts_with_weak_credentialsDomain accounts with weak passwords
get_domain_risk_overviewDomain-level risk assessment
list_domainsManaged domains inventory
list_devicesDevice inventory with risk scores
get_global_device_risk_indicatorsDevice risk indicator trends
get_regional_exposure_index_listExposure by geographic region
get_account_compromise_summarySummary of compromised account indicators
get_attack_surface_device_operation_systemsOS distribution across attack surface
list_vulnerable_devicesDevices with known vulnerabilities
get_exposure_overviewHigh-level exposure metrics

Common Workflows

Attack Surface Assessment

  1. Get attack surface risk overview
  2. List internet-facing assets sorted by risk
  3. Identify high-risk services (RDP, SSH, databases exposed)
  4. List CVEs affecting exposed systems
  5. Provide prioritized remediation recommendations

Vulnerability Management

  1. List CVEs sorted by severity and exploitability
  2. Get details on critical CVEs
  3. List vulnerable devices for each priority CVE
  4. Cross-reference with internet-facing assets
  5. Generate patching priority list

Credential Risk Assessment

  1. Get account compromise summary
  2. List accounts with compromised credentials
  3. List domain accounts with weak credentials
  4. Correlate with privileged account lists
  5. Recommend immediate password resets

Executive Risk Report

  1. Get exposure overview and risk metrics
  2. Summarize internet-facing asset exposure
  3. Highlight critical vulnerabilities
  4. Show credential risk statistics
  5. Provide trend analysis if available

Output Format

Risk Overview

code
## Attack Surface Risk Summary

**Overall Risk Score**: [Score]/100
**Risk Level**: [Critical/High/Medium/Low]

### Exposure Metrics
- Internet-facing assets: [count]
- Critical CVEs: [count]
- Compromised credentials: [count]

### Top Risks
1. [Risk description] - Score: [X]
2. [Risk description] - Score: [X]

CVE Report

code
## Vulnerability: [CVE-ID]

**CVSS Score**: [Score]
**Exploitability**: [High/Medium/Low]
**Affected Devices**: [count]

### Description
[CVE description]

### Affected Systems
- [hostname/IP] - [risk context]

### Remediation
[Patch information and mitigation steps]

Compromised Credentials

code
## Credential Exposure Alert

**Account**: [username/email]
**Exposure Source**: [breach name/date if available]
**Risk Level**: [Critical/High]

### Recommended Actions
1. Force password reset immediately
2. Enable MFA if not enabled
3. Review recent account activity
4. Check for lateral movement indicators

Security Considerations

  • This skill provides read-only access to sensitive risk data
  • Vulnerability and credential information is highly sensitive
  • Do not share CVE details or compromised credential lists externally
  • Use findings to prioritize remediation, not for compliance reporting without proper context
  • Credential exposure data should trigger immediate security response