Views:

Identify high-risk assets, discover attack choke points, and remediate attack path-related risk events in Attack Path Prediction.

Attack Path Prediction provides a holistic view of all potential attack paths in your organization. The view enables you to understand risks on entry points, identify choke points that could facilitate multiple attack paths, and take proactive remediation actions.
The following table details the actions available on the main Attack Path Prediction screen.
Action
Description
Investigate entire attack paths and individual asset nodes
  • Click an asset node on a specific attack path to view the associated attack path risk event description and recommended remediation steps on the left-hand menu.
  • Right-click an asset node to see available investigation and response actions for the individual node.
Remediate attack paths
  • On the Attack Paths tab on the left-hand menu, click a risk event to expand and see the event description and remediation steps.
  • Click the number of displayed entry point risk events to go to a screen listing all entry point risk events that facilitate the attack path. Remediating all risk events on the entry point eliminates the attack path automatically. Changes are displayed after the next daily update takes place.
Locate risky entry points and choke points
  • Go to the Entry Points tab on the left-hand menu, to see a list of all potential entry points and their number of associated attack paths. You may condense multiple attack paths coming from a single entry point by enabling the Consolidate paths by asset toggle.
  • Click the name of an asset to see the asset profile.
Change attack path status
Select one or more attack paths from the Attack Paths tab on the left-hand menu and then use the drop-down menu to change the status of the attack path risk event.
Important
Important
Resolving the attack path risk event alone does not eliminate the risk events on the entry point. Click the number of entry point risk events to see all risk events for the entry point and change the status directly.