: Attack Path Policies
Table of Contents

Attack Path Policies

To understand the true security risk of an application or infrastructure requires a complete assessment and correlation of a broad set of security signals. For example, if a virtual machine or an application is vulnerable to CVE-1234 that is network exploitable, is internet exposed, and has overly permissive IAM access to sensitive data, then this combination presents a relatively critical or high risk compared to an instance that contains the same vulnerability but is not internet exposed.
Attack Path
policies are out-of-the-box policies that are enabled by default. These policies identify the confluence of issues that increase the likelihood of a security breach and are based on relationships such as, overly permissive identities, permissions, network exposure, infrastructure misconfiguration, and vulnerabilities that would enable an attacker to target your application. Prisma Cloud helps you identify attack paths and presents them in a graph view, offering valuable security context to protect against high-risk threats, which often requires you to take immediate action.
Some of the Attack Path policies require the IAM security (CIEM) module to be enabled. You must subscribe to IAM Security.
Before you create an Alert Rule for Attack Path policies:
  • Select
    Settings > Enterprise Settings > Auto-Enable Default Policies
    and verify that you have selected
  • Select
    and filter by Policy Type
    Attack Path
    and confirm that Attack Path policies are enabled. If a System Administrator has disabled these policies, toggle the
    to enable each policy.
When a policy violation occurs, you can view the evidence details in Graph (default) view. Select
Alerts > Overview
, filter alerts by Policy Type
Attack Path
, click
Alert Count
, and then click
Alert ID
The Asset Detail View allows you to deep dive into asset details to explore the security context uncovered by Prisma Cloud.

Recommended For You