Discover

The Discover tab of Attack Path Analysis allows you to dive deeper into the mind of an attacker by interacting directly with attack paths and nodes. Here, you can:

• Use the Attack Path Query Builder to generate custom paths and manipulate the origins and targets within a path to view exactly how these changes affect your data.

• Use the Asset Query Builder to gain insight into your asset nodes and how they connect to one another.

• Create and manage query bookmarks, and use Built-in Queries to dive deeper into possible attack paths.

Before you begin:

Ensure you have the following:

• Tenable Vulnerability Management Basic Network Scan with credentials.

• One of the following:

  • A Tenable Vulnerability Management basic scan using the Active Directory Identity scan template. This scan type requires fewer permissions, and provides a basic overview of your active directory entities.

    Note: You can run this scan type on its own, or as part of a Basic Network Scan. In a Basic scan, you must ensure the Collect Identity Data from Active Directory option is enabled in the Discovery section.

  • Tenable Identity Exposure SaaS deployed.

  Note: Because the plugin only supports up to 7,000 identities, the Active Directory Identity scan template is not designed for large environments, but is instead intended to help small customers kick start their use of Attack Path Analysis. Tenable recommends that larger customers deploy Tenable Identity Exposure.

• A default Tenable Web App Scanning scan, including injection plugins.

• An AWS connection with a Tenable Cloud Security scan policy including all vulnerabilities and available AWS resources.

• Tenable recommends the following:

  • Have at least 60% of assets scanned via an authenticated scan.

  • Select maximum verbosity in the Basic Network Scan.

  • When using Tenable Identity Exposure, enable privileged analysis. This option highlights key attack vectors used by hackers and gives you a better understanding of your attack surface, including credential auditing and password analysis.

  • A scan frequency of at least once a week.

To access the Discover tab:

1. In the upper-left corner of the page, click the button.

2. In the Analytics section, click Attack Path Analysis.

   Attack Path Analysis appears. By default, the Dashboard tab is active.

3. Click the Discover tab.

   The Discover page appears.

   

By default, the Top Attack Paths list appears, which lists the top attack paths leading to critical assets.

In this list, you can:

• Filter the list:

  1. At the top of the list, click inside the search box.

     The Choose your filter drop-down box appears where you can use the following filters:

     Filter	Description
     Name	Filters by the attack path name.
     Summary	Filters by the attack path summary text.
     Priority	Filters by priority: critical, high, medium, or low.

  2. Select the filter you want to use to filter the list.

     The Choose operator drop-down box appears.

  3. Select the operator you want to use to filter the list.

     The Choose value drop-down box appears.

  4. Select the value you want to use to filter the list.

  5. Click Apply.

     The Attack Path Analysis filters the list based on your criteria.

• Show/hide columns in the list:

  1. In the upper-right corner of the list, click the button.

     A drop-down menu appears.

  2. Select or deselect the check box next to the column you want to show or hide in the list.

     The list updates based on your selection.

• Export one or more attack paths:

  Do one of the following:

  • In the list, next to the attack path you want to export, click the button.

    A menu appears.

    1. Click Export as CSV.

  • In the list, select the check box next to each attack path you want to export.

    1. At the top of the list, click Export Selected.

  • To export all attack paths, at the top of the list, click Export All.

  Attack Path Analysis downloads the export file to your computer. Depending on your browser settings, your browser may notify you that the download is complete.

• View the following attack path information:

  Tip: Click the button in any row to expand the full attack path summary details.
  
  
  
  

  • Name — The name of the attack path.

  • Path Priority Rating — The priority of an attack path. Attack Path Analysis calculates the PPR based on the relative number of attack paths to critical assets. Attack Path Analysis categorizes priority levels as Low, Medium, High, and Critical.

  • Nodes — A visual representation of the nodes involved in the attack path that indicates the node type and the order in which the nodes might be accessed.

  • View Graph — Click the button in the row of any attack path for which you want to view the Graph Visualization for the attack path. For more information, see Interact with Attack Path Query Data.

  • Actions — Click the in the row of any attack path to perform the following actions:

    • View Findings — Click to navigate directly to the Findings page, filtered by findings related to the selected attack path.

    • Export as CSV — Click to export the attack path in CSV format. Attack Path Analysis downloads the export file to your computer. Depending on your browser settings, your browser may notify you that the download is complete.

On the Discover page, you can also:

• Use the Attack Path Query Builder to generate a custom attack path query.

• Use the Asset Query Builder to generate a custom query for one or more assets or asset groups.

• Use a Built-in Query in the Query Library to generate a pre-configured query.