Attack Path Policies
Table of Contents
Attack Path Policies
To understand the true security risk of an application or infrastructure requires a complete assessment and correlation of a broad set of security signals. For example, if a virtual machine or an application is vulnerable to CVE-1234 that is network exploitable, is internet exposed, and has overly permissive IAM access to sensitive data, then this combination presents a relatively critical or high risk compared to an instance that contains the same vulnerability but is not internet exposed.
The
Attack Path
policies are out-of-the-box policies that are enabled by default. These policies identify the confluence of issues that increase the likelihood of a security breach and are based on relationships such as, overly permissive identities, permissions, network exposure, infrastructure misconfiguration, and vulnerabilities that would enable an attacker to target your application. Prisma Cloud helps you identify attack paths and presents them in a graph view, offering valuable security context to protect against high-risk threats, which often requires you to take immediate action.
Some of the Attack Path policies require the IAM security (CIEM) module to be enabled. You must subscribe to IAM Security.
Before you create an Alert Rule for Attack Path policies:
- SelectSettings > Enterprise Settings > Auto-Enable Default Policiesand verify that you have selectedCriticalandHighseverity.
- SelectPoliciesand filter by Policy TypeAttack Pathand confirm that Attack Path policies are enabled. If a System Administrator has disabled these policies, toggle theStatusto enable each policy.
When a policy violation occurs, you can view the evidence details in Graph (default) view. Select
Alerts > Overview
, filter alerts by Policy Type Attack Path
, click Alert Count
, and then click Alert ID
.
The Asset Detail View allows you to deep dive into asset details to explore the security context uncovered by Prisma Cloud.
