Attack Path Analysis FAQ

Attack Path Analysis currently supports these Tenable products: Tenable.ad and Tenable.io.

For the complete list of attack techniques, see Attack Path Analysis Attack Techniques.

An attack path defines a source, a target, and one or more attack techniques leading an attack from the source to the target.

Attack Path Analysis receives data and pairs it with advanced graph analytics, MITRE ATT&CK™, and Open Web Application Security Project® (OWASP) to map the possible attack techniques.

See the prerequisite section of each attack technique in Attack Path Analysis Attack Techniques to find the conditions that must exist for an attack query to run.

A finding is an attack technique that exists in one or more attack paths leading to one or more critical assets.

The calculation includes mathematical algorithms, to assess the following:

• Likelihood: The number of attack paths using the technique associated with the finding.

• Impact: The number of critical assets that the technique allows an adversary to compromise.

• Method: The tactic associated with the technique such as lateral movement, privilege escalation, etc.

• Path: The starting point and ending point of the technique.

Attack Path Analysis determines the asset type as follows:

• Computer, Server, or Workstation — By parsing the operating system type and mapping it to the relevant type to determine if the asset is a Workstation, Server, or Computer.

• Domain Controller — By determining the domain controller through User Account Control.

• Other computer assets— By considering Computer as the base type for unknown assets.

Attack Path Analysis triggers a data processing job every 30 minutes and it takes up to two hours to update the data.

The Discover > Query Builder includes the following asset types: