High-risk tools in Infra Ops
16 of the 92 tools in Infra Ops are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
backup_restore_testExecuteTest restoring a backup by extracting to a temporary location and verifying contents
-
db_mongodb_queryExecuteExecute a MongoDB find query on a collection
-
db_mysql_queryExecuteExecute a read-only MySQL query
-
docker_container_restartExecuteRestart a Docker container
-
docker_container_startExecuteStart a stopped Docker container
-
docker_container_stopExecuteStop a running Docker container
-
iac_ansible_playbook_runExecuteRun an Ansible playbook in check mode (dry-run with diff)
-
iac_terraform_planExecuteRun Terraform plan to preview infrastructure changes
-
k8s_scale_deploymentExecuteScale a Kubernetes deployment to the specified number of replicas
-
monitoring_uptime_checkExecutePerform an HTTP or TCP uptime check on a target
-
network_tracerouteExecuteTrace the route packets take to a destination host
-
remote_fleet_commandExecuteExecute a command across multiple remote hosts via SSH
-
remote_ssh_execExecuteExecute a command on a remote host via SSH
-
security_compliance_checkExecuteRun compliance benchmarks using Trivy configuration scanning
-
security_cve_scanExecuteRun a CVE vulnerability scan on a filesystem path using Trivy
-
system_service_controlExecuteStart, stop, or restart a system service. Requires confirmation. Uses sc on Windows, systemctl on Linux, launchctl on macOS.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.