Data Requirements for Attack Path Analysis

Important: The following feature is only available for customers using the Ratio-Based Tenable One or Tenable One Advanced licensing packages. For more information, see Tenable One Foundation / Tenable One Advanced Licensing in the Tenable Licensing Quick Reference Guide.

Attack Path Analysis (APA) within Tenable Exposure Management is an advanced analytics engine that predicts attacker strategies by mapping potential infiltration routes through your network. Because APA functions by connecting individual "hops" (for example, a user accessing a server) into end-to-end kill chains, the accuracy and depth of its findings depend on the resolution of the telemetry it receives.

To eliminate blind spots and ensure a high-fidelity attack graph, you must provide the engine with comprehensive data across assets, configurations, and identities.

Configure Products for Use with Attack Path Analysis

To get the most out of your data within APA, Tenable recommends you configure all of your platform products:

  • Configure Tenable OT Security to view OT/IoT data.

  • Configure Tenable Attack Surface Management and configure the application for use with Tenable Vulnerability Management. This ensures that usable data gets pulled into Tenable Exposure Management.

  • Configure Tenable AI Exposure to gain visibility into your AI attack surface. Tenable AI Exposure ingests data from ChatGPT Enterprise and Microsoft Copilot Studio and maps it to specific assets and findings in Tenable Exposure Management.

  • For cloud-heavy environments, Tenable Cloud Security serves as the primary telemetry source for APA. However, you must enable specific modules to use the full potential of the analysis.

Integrate Tenable Cloud Security with Attack Path Analysis

For cloud-heavy environments, Tenable Cloud Security serves as the primary telemetry source for APA. However, you must enable specific modules to use the full potential of the analysis:

  • Cloud Security Posture Management (CSPM): This is a foundational requirement. CSPM provides the posture and configuration data APA requires to identify exploitable entry points and vulnerabilities.

  • Cloud Infrastructure Entitlement Management (CIEM): This module is critical for lateral movement analysis. Without CIEM, APA can map network-based paths but cannot identify privilege escalation. CIEM provides the permission-based telemetry that allows APA to simulate how an attacker might move between different cloud services, such as Amazon Web Services (AWS), Oracle Cloud Infrastructure (OCI), and Google Cloud Platform (GCP).

  • Cloud Workload Protection (CWP): While important for overall security, CWP focuses on workload protection and provides limited data for the construction of attack path graphs.

Note: To ensure the most accurate results, Tenable recommends enabling both CSPM and CIEM within your Tenable Cloud Security instance. For more information, see the Tenable Cloud Security User Guide.