Visualize associated activity using attack surface explorer
Attack surface explorer gives you a complete view of an asset and its related activity over time. You can find details from associated activity such as MAC addresses, identities, IP addresses, risks, vulnerabilities, and installed software. Visualize which user accounts or service accounts are connected, which IP addresses are most active, and where risk or detection activity is concentrated. The line thickness serves as a visual indicator of detection activity, highlighting associations with the most activity and helping you identify patterns and potential areas of concern.
Follow these steps to analyze an asset or identity using attack surface explorer:
- Open the Investigation page for an asset or identity.
- Select the Attack surface tab. Alternatively, you can select the Activity tab and then select the node icon (
) on one of the association panels.
- Select a time range and an association type.
-
Enter a number for Max nodes per association. Setting a maximum reduces noise and helps you focus on particular associations.
- (Optional) Select the Link weights check box to visualize the weight of detection activity. When you turn on link weights, the line, or link, between an asset and its associations appears thicker when there is more activity.
-
Double-click another asset or identity in the attack surface explorer to visualize associations for that entity. Doing so reloads the attack surface explorer for the item you've selected. Alternatively, you can right-click the asset or identity and then select Explore to open a separate tab.
After you're finish exploring associations in the attack surface explorer, you can right-click on an asset or identity association and select Investigate to open a new investigation page for that entity.