Visualize attributed assets and users using attack surface explorer
Attack surface explorer gives you a complete view of an asset and its related activity over time. You can find details from attributions such as MAC addresses, users, and IP addresses. Visualize which user accounts are connected or which IP addresses are most active. The line thickness serves as a visual indicator of discovery activity, highlighting entities with the most attributions and helping you identify patterns and potential areas of concern.
Follow these steps to analyze an asset or user using attack surface explorer:
-
Select Analytics then Exposure analytics and then Entity analysis.
-
Search for a particular entity.
- Select the Attack surface tab.
- Select a time range and an attribution type.
-
Enter a number for Max nodes per attribution. Setting a maximum reduces noise and helps you focus on particular attributions.
- (Optional) Select the Link weights check box to visualize the weight of detection activity. When you turn on link weights, the line, or link, between an asset and its attributions appears thicker when there is more activity.
-
Double-click another asset or user in the attack surface explorer to visualize attributions for that entity. Doing so reloads the attack surface explorer for the item you've selected. Alternatively, you can right-click the asset or user and then select Explore to open a separate tab.
After you're finish exploring attributions in the attack surface explorer, you can right-click on an asset or user attribution and select Investigate to open a new analysis page for that entity.