Generate an Attack Path Query with the Attack Path Query Builder
You can use the Attack Path Query Builder to generate an attack path from one asset to another. You can create a query from a specific node or asset origin, and then specify the target to which you want to compare.
Tip: To generate an attack path using a built-in query, see Generate an Attack Path with a Built-in Query.
To generate a custom attack path query:
-
In Attack Path Analysis, access the Discover tab.
-
In the Custom Queries section, click Attack Path Query Builder.
The Query Builder pane appears.
-
In the Source box, click the
button.The source options appear.
-
For each source you want to include in the query:
-
Select the radio button next to the type of origin you want to use for the query:
-
Asset type — Generate a query based on a certain type of asset.
-
Specific asset — Generate a query based on a specific asset.
-
-
In the text box, type the asset type or specific node/asset you want to use for the query.
-
(Optional) To apply filters to the origin:
-
Click the
button.The Filters window appears.
-
In the Parameter drop-down, select the parameter by which you want to filter the origin.
-
In the Operator drop-down, select the operator to apply to the parameter.
-
In the text box, type or select the value or values you want to use for the filter.
Note: The values you can use differ depending on the parameter you selected.
-
Click Apply and search.
Attack Path Analysis applies the filter to the origin.
-
-
-
In the Target section, click the
button.The target options appear.
-
For each target you want to include in the query:
-
Select the radio button next to the type of target you want to use for the query:
-
Asset type — Generate a query based on a certain type of asset.
-
Specific asset — Generate a query based on a specific asset.
-
-
In the text box, type the asset type or specific node/asset you want to use for the query.
-
(Optional) To apply filters to the target:
-
Click the
button.The Filters window appears.
-
In the Parameter drop-down, select the parameter by which you want to filter the target.
-
In the Operator drop-down, select the operator to apply to the parameter.
-
In the text box, type or select the value or values you want to use for the filter.
Note: The values you can use differ depending on the parameter you selected.
-
Click Apply and search.
Attack Path Analysis applies the filter to the target.
-
-
- (Optional) Click
Swap to swap between Source and Target assets. -
In the Attack Technique section, click the
button. A text box in which you can search for and select techniques appears.
-
In the Technique box, type or select a specific attack technique.
Attack Path Analysis updates the list based on the search criteria. For more information on available on techniques, see Attack Path Analysis Techniques.
-
(Optional) Click
Add a Technique to add additional techniques.Note: Attack Path Analysis enables Add a Technique only after you add an initial technique. -
Click Search
.Attack Path Analysis returns any attack paths that match the query you created. For more information on interacting with the data, see Interact With Attack Path Data.
-
(Optional) To save the query as a preset, at the top of the pane, click the
button.The Save as preset window appears:
-
In the Name of preset text box, type a name for the query.
-
In the Description of preset text box, type a description of the query.
-
Click Save preset
.Attack Path Analysis saves the query as a preset. You can access your saved queries in the Bookmarks section of the Query Library.
Tip: When you save a query as a preset, you can also use it as a filter on the Findings tab.
-
-
(Optional) To reset the query pane, at the top of the pane, click the
button.Attack Path Analysis resets the selections within the pane.
What to do next:
Interact with the attack path data provided by the query.