Interact with Attack Path Query Data

After running an Attack Path Query, Attack Path Analysis displays the results associated with your query. From here, you can drill-down and interact with the data to gain further insights.

To view and interact with attack path query data:

1. Create one of the following query types:

   • Use the Query Builder to generate a custom query.

     • Generate an Asset Exposure Graph query to visualize attack paths from multiple assets down to one asset.

     • Generate a Blast Radius query to visualize attack paths from one asset to multiple other assets.

   • Use a Built-in Query in the Query Library to generate a pre-configured query.

   The Query Result page appears.

   

1. On the Query Result page, you can:

   Note: Because the options and data in this section depend on the type of query you run, some items listed below may not be available for your query.

   • Filter the list of attack paths:

     1. At the top of the list, click inside the search box.

        The Choose your filter drop-down box appears.

     2. Select the filter you want to use to filter the list.

        The Choose operator drop-down box appears.

     3. Select the operator you want to use to filter the list.

        The Choose value drop-down box appears.

     4. Select or type the value you want to use to filter the list.

     5. Click Apply.

        The Attack Path Analysis filters the list based on your criteria.

   • View a list of attack paths that match your query. This table includes the following attack path information:

     Column	Description
     Name	The attack path name.
     Path Priority Rating	A prioritization metric for attack paths based on the exposure of the source, criticality of the target and the number of steps of the attack path. Higher PPR indicates higher risk.
     Nodes	The asset nodes associated with the attack path. If there are multiple nodes within the attack path, Attack Path Analysis inserts directional arrows to show the direction of the path to and from each node. Tip: Hover your mouse cursor over the icon in this column to view the full name of the node type.
     View Graph	Click the button to view the attack path in a graphical format. For more information, see View the Attack Path Graph.
     Actions	Click the button to view available actions. A menu appears: Click View Findings to navigate directly to the Findings page filtered by the selected attack path. Click Export as CSV to export the attack path information as a .csv file.

   • Click the button to expand an AI powered summary of the attack path.
   • Export one or more attack paths from the list:

     Do one of the following:

     • To export individual attack paths:

     1. In the list, select the check box next to each asset you want to export.

     2. At the top of the list, click Export Selected.

     • To export all attack paths in the list:

       1. At the top of the list, click Export All.

     Attack Path Analysis downloads the list of selected attack paths as a .csv file.

View the Attack Path Graph

When you click View Graph in the Query Result list, Attack Path Analysis shows a graphical representation of the selected attack path.

Note: Because the options and data in this section depend on the type of query you run, some items listed below may not be available for your query.

In this section you can:

• View icons that represent the steps within the attack path, or the assets that match your query parameters.

  • Where applicable, view color coded steps and assets:

    • Technique segments color coded by priority (for example, a technique in red should be prioritized above a technique in orange).

      Note: Informational attack paths, or attack paths without a priority, appear in blue.

    • Exposed assets highlighted in red.

    • Critical assets highlighted by the icon.

  • Click on a step or an asset to view the information panel for that item.

• Where applicable, view direction arrows and other indicators that show the source, direction, and target of the attack path.

• Use your mouse cursor, the zoom slider, or the + and - buttons in the lower-right corner of the graph to zoom the graph in and out.

• Click the button to enable or disable full screen view.

• Click the button to reset the graph.

• Right-click on a step or an asset node to open a menu with additional options:

  • Ask AI About This Node — Click to open an AI chat window, where you can ask questions related to the asset node or the attack path to which it belongs.

    

    Using this AI, users can better understand the attack path and its associated risk. Here, you can also gain additional insight into the assets affected by the attack path.

    For more information about AI explainability, how to use it, and its limitations, see the Attack Path Analysis Generative AI Best Practices Guide.

  • Expand Node — Click to expand a full view of all items related to the asset node.

    

  • Blast Radius — Click to open a blast radius query, where the selected node is the source of the attack path. For more information, see Generate a Blast Radius Query.

  • Asset Exposure — Click to open an Asset Exposure query, where the selected node is the target of the attack path. For more information, see Generate an Asset Exposure Graph Query.