Fleet Risk Dashboard

Finova · 247 monitored endpoints · Mar 10 – Apr 21, 2025 · Week 6 post-deployment

Endpoints Monitored
247
↑ +3 this week · 92% MacBook Pro
Last updated: 2m ago
Apps with Unknown Provenance
83
↑ +4 vs last week · was 79
Last updated: 2m ago
Apps Accessing Sensitive Paths
31
↓ −8 vs last week · was 39
credentials, browser data, system dirs
Blast Radius Reductions
1,247
credential + SSH + browser data paths blocked
↑ +312 vs last week · 6 weeks running
sensitive paths blocked from app access this week
Software Risk Distribution
247 apps across fleet
Critical 8
High 19
Medium 47
Low 89
Unscored 84
CVE Exposure Trend
Total unpatched CVEs across fleet — last 30 days
Top Apps by Blast Radius Exposure
Sensitive paths this process has accessed
New Unknown Binaries Discovered
Discovery cadence — last 7 days

Needs Attention

5 5 items requiring review
cursor-agent-v0.4.2
Unknown publisher, accesses .aws/credentials on 47 endpoints
github-download
npm: lightllm
Supply chain indicator flagged — outbound traffic to unknown IPs
npm
Docker Desktop 4.28.0
3 unpatched CVEs (CVSS 9.1, 8.7, 7.4)
manually-installed
12 apps
Zero trust file control not yet applied — elevated blast radius
Homebrew 4.2.1
Accesses system PATH and 47 other system directories
brew

Risk by Team

5 teams View all endpoints →
Team Avg Risk Score Endpoints Unknown Apps Flagged
Engineering
68
142
61
9
Security
32
18
4
0
Finance
24
31
7
1
Design
29
28
9
0
Marketing
19
28
2
0

Engineering drives 73% of total fleet risk. Prioritize remediation there for maximum impact.