Generate an Attack Path Query with the Attack Path Query Builder

You can use the Attack Path Query Builder to generate an attack path from one asset to another. You can create a query from a specific node or asset origin, and then specify the target to which you want to compare.

Tip: To generate an attack path using a built-in query, see Generate an Attack Path with a Built-in Query.

To generate a custom attack path query:

  1. In Attack Path Analysis, access the Discover tab.

  2. In the Custom Queries section, click Attack Path Query Builder.

    The Query Builder pane appears.

  3. In the Source box, click the button.

    The source options appear.

  4. For each source you want to include in the query:

    1. Select the radio button next to the type of origin you want to use for the query:

      • Asset type — Generate a query based on a certain type of asset.

      • Specific asset — Generate a query based on a specific asset.

    2. In the text box, type the asset type or specific node/asset you want to use for the query.

      1. Click the button.

        The Filters window appears.

      2. In the Parameter drop-down, select the parameter by which you want to filter the origin.

      3. In the Operator drop-down, select the operator to apply to the parameter.

      4. In the text box, type or select the value or values you want to use for the filter.

        Note: The values you can use differ depending on the parameter you selected.

      5. Click Apply and search.

        Attack Path Analysis applies the filter to the origin.

  5. In the Target section, click the button.

    The target options appear.

  6. For each target you want to include in the query:

    1. Select the radio button next to the type of target you want to use for the query:

      • Asset type — Generate a query based on a certain type of asset.

      • Specific asset — Generate a query based on a specific asset.

    2. In the text box, type the asset type or specific node/asset you want to use for the query.

      1. Click the button.

        The Filters window appears.

      2. In the Parameter drop-down, select the parameter by which you want to filter the target.

      3. In the Operator drop-down, select the operator to apply to the parameter.

      4. In the text box, type or select the value or values you want to use for the filter.

        Note: The values you can use differ depending on the parameter you selected.

      5. Click Apply and search.

        Attack Path Analysis applies the filter to the target.

  7. (Optional) Click Swap to swap between Source and Target assets.

  8. In the Attack Technique section, click the button.

    A text box in which you can search for and select techniques appears.

  9. In the Technique box, type or select a specific attack technique.

    Attack Path Analysis updates the list based on the search criteria. For more information on available on techniques, see Attack Path Analysis Techniques.

  10. (Optional) Click Add a Technique to add additional techniques.

    Note: Attack Path Analysis enables Add a Technique only after you add an initial technique.

    Caution: You must add techniques to your query in the order in which they appear in an attack path. Attack Path Analysis does not provide query results for incorrectly ordered techniques.

  11. Click Search .

    Attack Path Analysis returns any attack paths that match the query you created. For more information on interacting with the data, see Interact With Attack Path Data.

  12. (Optional) To reset the query pane, at the top of the pane, click the button.

    Attack Path Analysis resets the selections within the pane.

    13. (Optional) Save your Query as a Preset/Bookmark

    Once you've built your custom query, you can save it as a preset, where you can then access it as a bookmark when creating new built-in attack path queries.

    To save your query as a preset:

    1. At the top of the pane, click the button.

      The Save as preset window appears.

    2. In the Name of preset text box, type a name for the query.

    3. In the Description of preset text box, type a description of the query.

    4. Click Save preset .

      Attack Path Analysis saves the query as a preset. You can access your saved queries in the Bookmarks section of the Query Library.

What to do next:

Interact with the attack path data provided by the query.