Interact with Attack Path Query Data

After running an Attack Path Query, Tenable Exposure Management displays the results associated with your query. From here, you can drill-down and interact with the data to gain further insights into the attack path, the nodes techniques involved, and how these could affect your overall security.

To view and interact with attack path query data:

Create one of the following query types:
- Use the Query Builder to generate a custom query.
  - Generate an Asset Exposure query to visualize attack paths from multiple assets down to one asset.
  - Generate a Blast Radius query to visualize attack paths from one asset to multiple other assets.
- Use a Built-in Query in the Query Library to generate a pre-configured query.
The Query Result page appears.

On the Query Result page, you can:

Note: Because the options and data in this section depend on the type of query you run, some items listed below may not be available for your query.

Filter the list of attack paths:
Tip: Below the search box, click a quick filter button to automatically filter the list by the selected item.
1. At the top of the list, click inside the search box.
  
  The Choose your filter drop-down box appears.
2. Select the filter you want to use to filter the list.
  
  The Choose operator drop-down box appears.
3. Select the operator you want to use to filter the list.
  
  The Choose value drop-down box appears.
4. Select or type the value you want to use to filter the list.
5. Click Apply.
  
  Tenable Exposure Management filters the list based on your criteria.

View a list of attack paths that match your query. This table includes the following attack path information:

Column	Description
View Graph	Click the button to view the attack path in a graphical format. For more information, see View the Attack Path Graph.
Name	The attack path name.
Path Priority Rating	A prioritization metric for attack paths based on the exposure of the source, criticality of the target and the number of steps of the attack path. Higher PPR indicates higher risk.
Nodes	The asset nodes associated with the attack path. If there are multiple nodes within the attack path, Tenable Exposure Management inserts directional arrows to show the direction of the path to and from each node. Tip: Hover your mouse cursor over the icon in this column to view the full name of the node type.
Actions	Click the button to view available actions. A menu appears: Click View Attack Techniques to navigate directly to the Top Attack Techniques page filtered by the selected attack path. Click Export as CSV to export the attack path information as a .csv file.

(Not available in FedRAMP environments) Click the button to expand an AI generated summary of the attack path.
Export one or more attack paths from the list:
Do one of the following:
- To export individual attack paths:
- To export all attack paths in the list:
  1. At the top of the list, click Export All.
Tenable Exposure Management downloads the list of selected attack paths as a .csv file.

View the Attack Path Graph

When you click View Graph in the Query Result list, Tenable Exposure Management shows a graphical representation of the selected attack path.

Note: Because the options and data in this section depend on the type of query you run, some items listed below may not be available for your query.

In this section you can:

(Not available in FedRAMP environments) At the top of the graph, click the button to expand an AI generated summary of the attack path. Here, you can also view a list of Related Sources for the attack path. This section displays information about the data sources used or seen within this specific attack path.
Note: While source information is available for on-premises products such as Tenable Identity Exposure On-Prem and partial products such as Tenable Security Center without Tenable Vulnerability Management, links to the source application are currently unavailable for these.
View icons that represent the steps within the attack path, or the assets that match your query parameters.
- Where applicable, view color coded steps and assets:
  - Technique segments color coded by priority (for example, a technique in red should be prioritized above a technique in orange).
    
    Note: Informational attack paths, or attack paths without a priority, appear in blue.
  - Exposed assets highlighted in red.
  - Critical assets highlighted by the icon.
- Click on a step or an asset to view additional details for that item.
Where applicable, view direction arrows and other indicators that show the source, direction, and target of the attack path.
(Not available in FedRAMP environments) Click AI Assistant to open an AI chat window, where you can ask questions related to the asset node or the attack path to which it belongs.

Using this AI, users can better understand the attack path and its associated risk. Here, you can also gain additional insight into the assets affected by the attack path.

For more information about AI explainability, how to use it, and its limitations, see the Generative AI Best Practices Guide.
Use your mouse cursor, the zoom slider, or the + and - buttons in the lower-right corner of the graph to zoom the graph in and out.
Click the button to enable or disable full screen view.
Click the button to reset the graph.
Right-click on a step or an asset node to open a menu with additional options:
- (Not available in FedRAMP environments) Ask AI About This Node — Click to open an AI chat window, where you can ask questions related to the asset node or the attack path to which it belongs.
  
  Using this AI, users can better understand the attack path and its associated risk. Here, you can also gain additional insight into the assets affected by the attack path. For more information about AI explainability, how to use it, and its limitations, see the Generative AI Best Practices Guide.
- Expand Node — Click to expand a full view of all items related to the asset node.
- Blast Radius — Click to open a blast radius query, where the selected node is the source of the attack path. For more information, see Generate a Blast Radius Query.
- Asset Exposure — Click to open an Asset Exposure query, where the selected node is the target of the attack path. For more information, see Generate an Asset Exposure Query .

View Node / Attack Details

The details panel displays additional information about asset nodes and attack techniques visible on the attack path graph.

To view the information panel for a node or technique:

Do one of the following:
- Click a node on the canvas.
  
  A panel appears at the bottom of the page with information about the node.
  
  Tip: In the upper-right corner, click View Asset Details to view the node and its details directly on the Asset Details page.
  
  This information includes, but is not limited to:
  - Open Ports — The open ports on the asset.
  - ACR — Tenable assigns an ACR to each asset on your network to represent the asset's relative criticality as an integer from 1 to 10. A higher ACR indicates higher criticality.
  - AES — Tenable calculates a dynamic AES for each asset on your network to represent the asset's relative exposure as an integer between 0 and 1000. A higher AES indicates higher exposure.
  - AVR — The Asset Vulnerability Rating (AVR) is an aggregation of all Vulnerability Priority Rating (VPR) scores for vulnerabilities detected on the asset.
  - NES — The Node Exposure Score (NES) is a metric produced by Tenable Exposure Management to understand the blast radius exposure of a node. This metric considers the Vulnerability Priority Rating of all vulnerabilities on the asset as well as other relationships such as software installed, sub-networks to which the asset belongs, internet exposure, etc.
  - Sensors — The sensor or sensors that detected the asset.
- Click an attack technique (i.e., step) on the canvas.
  
  A panel appears with information about the technique such as:
  - a Description of the technique.
  - the Tactics used within the technique.
  - any Sub Techniques used as part of the selected technique.
  Here you can:
  - Click the Technique ID to navigate directly to the MITRE definition for that technique.
  - View a list of Related Sources for the attack path technique.
    
    Note: While source information is available for on-premises products such as Tenable Identity Exposure On-Prem and partial products such as Tenable Security Center without Tenable Vulnerability Management, links to the source application are currently unavailable for these.