Interact with Attack Path Query Data

After running an Attack Path Query, Attack Path Analysis displays the results associated with your query. From here, you can drill-down and interact with the data to gain further insights.

To view and interact with attack path query data:

  1. Create one of the following query types:

    • Use the Query Builder to generate a custom query.

      • Generate an Asset Exposure Graph query to visualize attack paths from multiple assets down to one asset.

      • Generate a Blast Radius query to visualize attack paths from one asset to multiple other assets.

    • Use a Built-in Query in the Query Library to generate a pre-configured query.

    The Query Result page appears.

  1. On the Query Result page, you can:

    Note: Because the options and data in this section depend on the type of query you run, some items listed below may not be available for your query.

      1. At the top of the list, click inside the search box.

        The Choose your filter drop-down box appears.

      2. Select the filter you want to use to filter the list.

        The Choose operator drop-down box appears.

      3. Select the operator you want to use to filter the list.

        The Choose value drop-down box appears.

      4. Select or type the value you want to use to filter the list.

      5. Click Apply.

        The Attack Path Analysis filters the list based on your criteria.

    • View a list of attack paths that match your query. This table includes the following attack path information:

      Column Description
      Name The attack path name.
      Path Priority Rating

      A prioritization metric for attack paths based on the exposure of the source, criticality of the target and the number of steps of the attack path. Higher PPR indicates higher risk.
      Nodes

      The asset nodes associated with the attack path. If there are multiple nodes within the attack path, Attack Path Analysis inserts directional arrows to show the direction of the path to and from each node.

      Tip: Hover your mouse cursor over the icon in this column to view the full name of the node type.
      View Graph Click the button to view the attack path in a graphical format. For more information, see View the Attack Path Graph.
      Actions

      Click the button to view available actions.

      A menu appears:

      • Click View Findings to navigate directly to the Findings page filtered by the selected attack path.

      • Click Export as CSV to export the attack path information as a .csv file.
    • Click the button to expand an AI generated summary of the attack path.

    • Do one of the following:

      • To export individual attack paths:

        1. In the list, select the check box next to each asset you want to export.

        2. At the top of the list, click Export Selected.

      • To export all attack paths in the list:

        1. At the top of the list, click Export All.

      Attack Path Analysis downloads the list of selected attack paths as a .csv file.

View the Attack Path Graph

When you click View Graph in the Query Result list, Attack Path Analysis shows a graphical representation of the selected attack path.

Note: Because the options and data in this section depend on the type of query you run, some items listed below may not be available for your query.

In this section you can:

  • At the top of the graph, click the button to expand an AI generated summary of the attack path. Here, you can also view a list of Related Products, Assets, and Findings for the attack path. This section displays information about the data sources used or seen within this specific attack path.
    Tip: Click on a related finding to open it directly within its source application. Within the source application, the list of findings is filtered by related assets and plugin IDs. However, if there are more than 15 related assets, the list is filtered only by plugin IDs and shows findings for all assets within the source application. Not all applications include plugin information.
    Note: While source information is available for on-premises products such as Tenable Identity Exposure On-Prem and partial products such as Tenable Security Center without Tenable Vulnerability Management, links to the source application are currently unavailable for these.

  • View icons that represent the steps within the attack path, or the assets that match your query parameters.

    • Where applicable, view color coded steps and assets:

      • Technique segments color coded by priority (for example, a technique in red should be prioritized above a technique in orange).

        Note: Informational attack paths, or attack paths without a priority, appear in blue.

      • Exposed assets highlighted in red.

      • Critical assets highlighted by the icon.

    • Click on a step or an asset to view the information panel for that item.

  • Where applicable, view direction arrows and other indicators that show the source, direction, and target of the attack path.

  • Using this AI, users can better understand the attack path and its associated risk. Here, you can also gain additional insight into the assets affected by the attack path.

    For more information about AI explainability, how to use it, and its limitations, see the Attack Path Analysis Generative AI Best Practices Guide.

  • Use your mouse cursor, the zoom slider, or the + and - buttons in the lower-right corner of the graph to zoom the graph in and out.

  • Click the button to enable or disable full screen view.

  • Click the button to reset the graph.

  • Right-click on a step or an asset node to open a menu with additional options: