Interact with Attack Path Query Data

After running an Attack Path Query, Attack Path Analysis displays the results associated with your query. From here, you can drill-down and interact with the data to gain further insights.

To view and interact with attack path query data:

  1. Create one of the following query types:

    • Use the Query Builder to generate a custom query.

      • Generate an Asset Exposure Graph query to visualize attack paths from multiple assets down to one asset.

      • Generate a Blast Radius query to visualize attack paths from one asset to multiple other assets.

    • Use a Built-in Query in the Query Library to generate a pre-configured query.

    The Query Result page appears.

  1. On the Query Result page, you can:

    Note: Because the options and data in this section depend on the type of query you run, some items listed below may not be available for your query.

    • View a list of attack paths that match your query. This table includes the following attack path information:

      Column Description
      Name The attack path name.
      Path Priority Rating

      A prioritization metric for attack paths based on the exposure of the source, criticality of the target and the number of steps of the attack path. Higher PPR indicates higher risk.

      Nodes

      The asset nodes associated with the attack path. If there are multiple nodes within the attack path, Attack Path Analysis inserts directional arrows to show the direction of the path to and from each node.

      Tip: Hover your mouse cursor over the icon in this column to view the full name of the node type.
      View Graph Click the button to view the attack path in a graphical format. For more information, see View the Attack Path Graph.
      Actions

      Click the button to view available actions.

      A menu appears:

      • Click View Findings to navigate directly to the Findings page filtered by the selected attack path.
      • Click Export as CSV to export the attack path information as a .csv file.

    • Click the button to expand an AI generated summary of the attack path.

View the Attack Path Graph

When you click View Graph in the Query Result list, Attack Path Analysis shows a graphical representation of the selected attack path.

Note: Because the options and data in this section depend on the type of query you run, some items listed below may not be available for your query.

In this section you can:

  • At the top of the graph, click the button to expand an AI generated summary of the attack path. Here, you can also view a list of Related Products, Assets, and Findings for the attack path. This section displays information about the data sources used or seen within this specific attack path.
    Tip: Click on a related finding to open it directly within its source application. Within the source application, the list of findings is filtered by related assets and plugin IDs. However, if there are more than 15 related assets, the list is filtered only by plugin IDs and shows findings for all assets within the source application. Not all applications include plugin information.
    Note: While source information is available for on-premises products such as Tenable Identity Exposure On-Prem and partial products such as Tenable Security Center without Tenable Vulnerability Management, links to the source application are currently unavailable for these.
  • View icons that represent the steps within the attack path, or the assets that match your query parameters.

    • Where applicable, view color coded steps and assets:

      • Technique segments color coded by priority (for example, a technique in red should be prioritized above a technique in orange).

        Note: Informational attack paths, or attack paths without a priority, appear in blue.
      • Exposed assets highlighted in red.

      • Critical assets highlighted by the icon.

    • Click on a step or an asset to view the information panel for that item.

  • Where applicable, view direction arrows and other indicators that show the source, direction, and target of the attack path.

  • Use your mouse cursor, the zoom slider, or the + and - buttons in the lower-right corner of the graph to zoom the graph in and out.

  • Click the button to enable or disable full screen view.

  • Click the button to reset the graph.

  • Right-click on a step or an asset node to open a menu with additional options: