What-If Simulator
Preview the impact of fixing a finding before you change anything. The simulator recalculates the health score, attack chains, and risk exposure as if the finding were resolved.
Usage
Multi-Fix
Simulate fixing multiple checks at once:
From a Saved Report
Run against a previous scan result instead of re-scanning:
Output
Current State:
Score: 42/100 Chains: 8 Risk: $725K - $7.3M
After fixing aws-vpc-002:
Score: 68/100 (+26) Chains: 3 (-5) Risk: $180K - $1.8M
Chains broken:
AC-01 Internet-Exposed Admin Instance
AC-02 SSRF to Credential Theft
AC-13 Wide Open and Unmonitored Network
AC-29 Unpatched Instance Exposed to Internet
AC-31 Internet-Exposed Without WAF or Flow Logs
Risk reduction: $545K - $5.5M
Recommended next fix: aws-ct-001 (would break 2 more chains)
The output shows:
- Before/after score - health score change if the fix were applied
- Chains broken - which attack chains would be eliminated
- Risk reduction - estimated dollar impact based on breach cost model
- Next fix recommendation - the highest-impact fix to apply next
Exit Codes
| Code | Meaning |
|---|---|
| 0 | Simulation completed successfully |
| 1 | Check ID not found in scan results |
| 2 | Error (bad report file, invalid check ID) |