Appearance
Understand Toxic Combinations
Toxic Combinations detect dangerous clusters of individually low-risk conditions that together create a critical security risk. A single misconfiguration might be acceptable on its own, but when it coexists with other conditions on the same resource or connected resources, the combination becomes exploitable.
What Is a Toxic Combination
A toxic combination is a pattern where multiple conditions align to create a risk that is greater than the sum of its parts.
Example: A virtual machine that is:
- Internet-facing (public IP with open ports) -- low risk alone, many services need this
- Running an unpatched critical CVE -- medium risk, but patching is scheduled
- Has stored SSH credentials for a database server -- low risk, the credential is needed for backups
Each condition on its own might be within your risk tolerance. But together, they form a direct path from the internet to your database: exploit the CVE to gain access to the VM, then use the stored credentials to reach the database. That combination is Critical.
WARNING
Toxic combinations are particularly dangerous because they are invisible to tools that evaluate findings individually. A vulnerability scanner reports the CVE, a posture management tool flags the public IP, and a credential scanner finds the stored key -- but none of them connect the dots. The Attack Graph does.
Toxic Combination Rules
AttackLens evaluates 15 toxic combination rules. Each rule defines a pattern of conditions that, when found together, produce a toxic combination.
Internet Exposure Patterns
| Rule | Components | Why It Is Toxic |
|---|---|---|
| InternetExposedCveCredential | Internet-facing + Critical CVE + Stored credentials | Direct exploit-to-credential chain from the internet |
| PublicIpNoNsgCriticalService | Public IP + No network security group + Critical service running | Unfiltered internet access to a critical service |
| EolOsDisabledFirewallOpenRdp | End-of-life OS + Firewall disabled + RDP open | Unpatched, unprotected, remotely accessible system |
Identity and Access Patterns
| Rule | Components | Why It Is Toxic |
|---|---|---|
| AdminNoMfaOldCredential | Admin account + No MFA + Credential older than 90 days | Admin takeover via credential stuffing or phishing |
| OverprivilegedRoleNoLogging | Admin-level IAM role + No audit logging | Stealthy abuse of overprivileged access |
| CrossAccountTrustHighPriv | Cross-account trust relationship + High-privilege role | Lateral movement between cloud accounts with elevated access |
Data Exposure Patterns
| Rule | Components | Why It Is Toxic |
|---|---|---|
| PublicStorageSensitiveData | Public storage bucket + Sensitive data classification | Direct data exposure to the internet |
| DatabasePublicNoEncryption | Public-facing database + No encryption at rest | Unprotected data accessible from outside |
| SshKeyLateralDb | SSH key on one host + Lateral reachability to a database host | Credential chain leading to a data store |
Credential and Persistence Patterns
| Rule | Components | Why It Is Toxic |
|---|---|---|
| ServiceAccountDomainAdminScheduledTask | Service account + Domain Admin privileges + Scheduled task | Persistent, high-privilege automated execution |
| SecretStoreNoRotation | Secret store (Key Vault, Secrets Manager) + No rotation policy | Long-lived secrets increase exposure window |
Cloud and Container Patterns
| Rule | Components | Why It Is Toxic |
|---|---|---|
| CloudVmManagedIdentityContributor | Cloud VM + Managed identity + Contributor role | VM compromise grants cloud resource modification |
| ContainerClusterDefaultServiceAccount | Container cluster + Default Kubernetes service account | Containers can escape to cluster-level access |
| KerberosUnconstrainedDelegationDc | Unconstrained Kerberos delegation + Near domain controller | Ticket theft leads to full domain compromise |
Monitoring Gap Patterns
| Rule | Components | Why It Is Toxic |
|---|---|---|
| UnmonitoredCrownJewel | Crown jewel asset + No monitoring (no EDR, no SIEM, no alerts) | Critical asset with no detection capability |
Toxic Combinations List
The Toxic tab in the Attack Graph Explorer shows all detected toxic combinations.
Columns
| Column | Description |
|---|---|
| Rule | The name of the toxic combination rule that matched |
| Severity | The combined risk level (Critical, High, Medium) |
| Components | The individual conditions that form the combination |
| Affected Assets | Number of resources where this combination exists |
| First Detected | When this combination was first identified |
Severity Levels
Toxic combination severity is determined by the rule definition, not by aggregating component severities:
| Severity | Meaning |
|---|---|
| Critical | Directly exploitable combination with a clear attack path to data or domain compromise |
| High | Highly exploitable combination that significantly increases risk |
| Medium | Combination that creates meaningful risk but may require additional conditions to exploit |
Toxic Combination Detail
Click a row to expand the detail view:
Pattern Description
A human-readable explanation of why this combination is dangerous and how an attacker would exploit it.
Matching Nodes
The specific resources where the combination was found. Each node entry shows:
- Node label: Click to open Node Details
- Node type: Resource type (CloudVM, Host, Identity, etc.)
- Provider: AWS, Azure, GCP, or On-Premises
- Which conditions this node satisfies: Shows which parts of the rule this specific node matches
Component Conditions
A breakdown of each individual condition in the combination:
| Component | Status | Evidence |
|---|---|---|
| Internet-facing | Present | Public IP 203.0.113.45 attached, ports 22, 443 open |
| Critical CVE | Present | CVE-2024-38063 (CVSS 9.8, EPSS 0.91, CISA KEV) |
| Stored credentials | Present | SSH key found for db-master-01 |
Remediation Suggestions
Each toxic combination includes guidance on which component is easiest or most impactful to fix:
Breaking the Pattern
You do not need to fix every component to eliminate a toxic combination. Breaking any single component dissolves the pattern. The suggested remediation targets the component that is:
- Easiest to fix (lowest effort)
- Most broadly impactful (appears in other toxic combinations too)
Example remediation options:
| Action | Effort | Impact |
|---|---|---|
| Patch CVE-2024-38063 | Medium | Breaks this combination and removes a Critical vulnerability |
| Restrict SSH key storage | Low | Breaks this combination; the credential is no longer on this host |
| Move service behind WAF / remove public IP | High | Breaks this combination and reduces internet exposure |
Toxic Combinations vs. Individual Findings
| Aspect | Individual Finding | Toxic Combination |
|---|---|---|
| Scope | Single misconfiguration or vulnerability | Multiple conditions on one or more connected resources |
| Risk assessment | Based on the finding's own severity | Based on the combined exploitability of all components |
| Detection | Standard policy rules and vulnerability scans | Graph-aware analysis that correlates across resources |
| Remediation | Fix the individual issue | Break any one component to dissolve the pattern |
INFO
Toxic combinations are computed during Step 5 (Attack Analysis) of the graph pipeline. They are re-evaluated every time the graph is recomputed, so new combinations appear as your environment changes and existing ones disappear when conditions are remediated.
Next Steps
- Prioritize Remediation -- Toxic combinations are factored into the priority ranking
- Understand Chokepoints -- Some toxic combination nodes are also chokepoints
- Node Details -- Drill into an affected node