Review attack paths
Attack paths in Microsoft Security Exposure Management help you to proactively identify and visualize potential routes that attackers can exploit using vulnerabilities, gaps, and misconfigurations. Simulated attack paths allow you to proactively investigate and remediate potential threats.
Security Exposure Management is currently in public preview.
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
Prerequisites
- Read about attack paths before you start. -- Review required permissions for working with attack paths.
- The value of attack paths increases based on the data used as a source. If no data is available or the data doesn't reflect your organization's environment, attack paths might not appear. Attack paths might not be fully representative:
- If you don't have licenses defined for workloads integrated and represented in the attack path.
- If you don't fully define critical assets.
View attack paths
To access attack paths, select Attack surface -> Attack path.
To change how attack paths are displayed, you can select a heading name to sort by a specific column heading.
Group by choke points
To group by choke point:
Select Attack surface -> Attack path.
Select Group to group by Name, Entry point type, Target type, Target criticality, Status, or choke point.
Examine an attack path
Select a specific attack path to examine it further for potential exploitable vulnerabilities.
In the Attack Path graph, hover over a node or edge (connector) icon to see additional information about how the attack path is built.
Review recommendations
Select the Recommendations tab to view the list of actionable recommendations to mitigate the identified attack paths.
Sort recommendations by heading or select a specific recommendation, to open the recommendation screen.
Review recommendation details, and then select Manage to remediate the recommendation in the correct workload interface.
View an attack path asset in the exposure map
To see a broader picture of an attack path asset in the exposure map:
Select Attack surface -> Attack path -> Graph -> View in map.
You can also search for and select an asset in the attack path from Map and select it. Or, select View in map from an asset from the Device inventory.
Explore connections as needed.
Next steps
Learn about critical asset management.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for