Security Trends
Track security posture over time with AI-powered trend analysis, pattern detection, and automated reporting.
Overview
Security trends analysis provides a continuous view of your infrastructure security posture. By analyzing the knowledge graph over time, the system identifies improving or degrading security patterns, emerging threat indicators, and compliance drift before they become incidents.
Trend analysis
The system tracks security-relevant metrics over time and identifies significant trends:
| Metric | What it tracks |
|---|---|
| Public exposure | Resources with public IPs or open security groups |
| Encryption coverage | Percentage of resources with encryption enabled |
| Tag compliance | Percentage of resources with required security tags |
| Unpatched resources | Resources running outdated software versions |
| IAM hygiene | Over-permissioned roles, unused credentials |
| Network segmentation | Resources in public vs. private subnets |
Security metrics
Security metrics are computed per scope and aggregated globally:
- Security score -- composite score (0-100) based on all tracked metrics
- Trend direction -- improving, stable, or degrading with velocity indicator
- Anomaly detection -- sudden changes in security posture flagged automatically
- Benchmark comparison -- your score compared to industry benchmarks and similar deployments
Pattern detection
The LLM-powered pattern detector identifies security-relevant patterns in the graph:
- Configuration drift -- resources that have drifted from security baselines
- Relationship changes -- new connections between previously isolated resources
- Permission escalation -- IAM role paths that could enable privilege escalation
- Data exfiltration risk -- resources with both data access and network egress capability
- Compliance gap emergence -- new resources that don't meet compliance requirements
Complementary tooling
Security trends analysis complements (but does not replace) dedicated security tools like CSPM, vulnerability scanners, and SIEM systems. Knowledge Tree provides the graph and context layer that makes these tools more effective.
Reporting
Security trend reports are available in multiple formats:
- Weekly digest -- summary of changes, new findings, and score changes
- Monthly report -- detailed analysis with trend charts and recommendations
- Executive dashboard -- high-level security posture view for leadership
- Audit trail -- cryptographic evidence of security state over time
# Query security trends
GET /api/v1/ai/security-trends?scope=production&period=90d
{
"scope": "production",
"period_days": 90,
"current_score": 87,
"trend": "improving",
"velocity": "+2.3/month",
"metrics": {
"public_exposure": { "current": 12, "trend": "decreasing" },
"encryption_coverage": { "current": 94, "trend": "stable" },
"tag_compliance": { "current": 78, "trend": "improving" }
}
}