Asset Graph

Use the Asset Graph page to view a visual representation of the connections between the assets in your inventory. You can start by viewing the details of a single asset, such as a device, and then use the capabilities of the graph to ask questions about the device and both expand and filter what is displayed. You can also start with multiple assets from one of the asset tables or select an asset type directly in the Asset Graph page.

The Asset Graph provides many benefits, including:

• A graph gives a visual representation of the relationships between assets that allows you to quickly understand the topology.
• Multi-step analysis and deep dive into the relationship between assets.
• You can see the downstream impact of incidents.
• Investigation is faster, straightforward and more accurate.
• Quickly understand the relationship between assets.
• Ability to triage asset issues quickly.
• Easier to explain the attack surface to non-technical teammates.
• Allows to easily determine the blast radius of an incident.

To display the Asset Graph, click in the left navigation bar.

A tile for each asset type in the environment is displayed. The number of assets of each type is displayed in the tile below the asset type name. See Accessing the Asset Graph for more details about how to access the Asset Graph from the Asset Profile page or one of the asset pages such as Users or SaaS Software.

Accessing the Asset Graph

There are three ways to access the Asset Graph:

About the Asset Graph

Once opened, the Asset Graph shows the assets you selected, whether specific assets from one of the asset pages or a whole category of assets from the Asset Graph page.

The side pane on the left includes the Investigation Steps list at the top and the Data Layers list below.

• The Investigation Steps list includes a tile representing each action taken in the Asset Graph. See Viewing the Investigation Step-by-Step for more about navigating within the current Asset Graph.
• The Data Layers list represents the asset types included in the current state of the Asset Graph. See Viewing Data Layers for more about Data Layers.

Assets and groups of assets are shown as circles with asset type icons. Groups have the asset count displayed in a number balloon. Relationships between assets or asset groups are indicated by arrows with a label describing the type of relationship.

For more about working with the Asset Graph:
Managing Asset Graphs
Exploring Connections and Asset Relationships
Saving, Loading and Updating Asset Graphs
Importing and Exporting Asset Graphs

Viewing Investigations Step-by-Step

The Investigation Steps list in the side pane shows the sequence of steps taken in your investigation and allows you to view the progress step-by-step. Each action performed on the graph is represented by a tile in the Investigation Steps list. Keywords, such as action type and asset type or field, are shown as tiles.

The current step is highlighted blue. Each step tile includes a description of the step it represents. Hover over the tile to see the full description in a tooltip. Mouse over a step tile to see the full name of the action taken when the name is long.

Clicking a step tile also recenters the graph.

Click a step to view the graph at that stage of the investigation. Later steps are preserved and you can move through the steps as you want. This is useful to see the progression of the graph through the steps.

To return to the main Asset Graph view, click Starting Point in the Investigation Steps list or in the Navigation bar.

When a previous step is selected and you make changes for the next subsequent step, the following message appears:

Viewing Data Layers

The Data Layers list at the bottom of the side pane shows each asset category included in the current state of the Asset Graph and the number of assets matching the current query parameters. When query parameters change, the asset count changes in the Data Layers menu to reflect the current query.

When you hover over a data layer, the view icon appears. Click the icon to show or hide the data layer.

Zooming In and Out

Use the zoom tools in the lower-left corner of the graph to magnify the graph. You can move the graph within the page to position it how you want and you can zoom the graph to focus on specific assets.

• To move the whole graph, use the hand tool . Click in the empty space and drag. To move selected nodes, select the nodes you want and drag them to a new location. Learn more on how to select multiple assets.

• Click to set the view to fit the graph in the visible window.

• Click to zoom in and to zoom out. You can also use the mouse wheel to zoom the graph.

Asset Relationships

Relationships between assets and/or groups are shown as arrows linking them. It describes how the assets are connected.

See Exploring Connections and Asset Relationships for more about working with connections and relationships.

Viewing a Group Preview

For groups of less than 500 assets, you can display all group members individually as a preview.

To view a preview of an asset group:

1. Click on the node and select Preview. The group is opened and the members are enclosed within a circle.
2. To close the preview, click within the group circle and select Close preview to go back to the group icon.

Ungrouping a Group Node

Groups of less than 500 members can be ungrouped. When a node is ungrouped, all the members are displayed on the graph individually.

To ungroup a group node:

• Click on a group node and select Ungroup.

Viewing the Asset Profile

When you hover over the icon of a single asset, a tooltip appears with information about that asset.

Click on the asset icon for other options:

• View asset profile - Displays the Asset Profile page in a new tab for the selected asset in a new browser tab.

Segmenting a Group of Assets

You can segment a group of assets by various fields to separate them into categories.

To segment an asset group:

• Click Segment by and select a field to segment the group. Subgroups of the assets are displayed according to the field selected. For example, segmenting SaaS Applications by Application Category.

  

  For example, segmenting SaaS Applications by Application Category creates groups of SaaS applications for each category. Each of these groups can also be segmented and investigated further.

  

Selecting Multiple Nodes

You can select multiple assets or asset groups in the Asset Graph and investigate them together.

To select multiple assets:

• Do one of the following:
  • On all OSs, click the till it turns to . Then, click and drag the border around the nodes you want to select.
  • On Windows and Linux machines, press CTRL; on Apple macOS machines, press Command. and click on the nodes you want to select.
    

When you select multiple nodes on a graph, the Actions appear in the upper-right corner.

Creating Custom Node Groups

Use custom groups to associate individual assets or groups of assets together. Groups reduce clutter in your graph, and enable you to act on the whole group as a single entity. Groups can only include assets of the same type. Enforcement Actions are executed on all members of a group.

For example, you can select all the user nodes that belong to the same department, group them together.

Expanding a group's connections shows the connections for all the members of the group.

To group assets on the asset graph

1. Select the assets you want to group.
2. In the menu, select Group.
3. The selected nodes are grouped together into one node and named in sequence with the asset type added.
   

To ungroup an asset group

• Click on a group and select Ungroup.

Viewing Group Details

You can view detailed information about the assets in a group in the Explore Group drawer. The Explore Group drawer displays information appropriate for each asset type.
At the top of the drawer the asset category is displayed along with the number of assets and the total number of connections to those assets. Group Connections shows the number of connections to the other asset types.

• Click on a group or within a group circle and select View Details.

In this example, each vulnerability is listed with the Vulnerability ID (Vuln ID) and the number of devices (Device Count) that have each vulnerability.

Use the Search bar to find specific assets within the current list or click Query Wizard to use different query parameters.

The Query Wizard opens with the current query parameters. Make any changes you want and click Apply. Assets matching the new parameters are listed in the Explore Group drawer and in the Asset Graph. See Creating Queries with the Query Wizard for more about creating queries.

Filtering Asset Groups

You can filter a group to see a more specific set of assets.

1. Select a group and click Filter Group to open the Query Wizard.

   The Query Wizards opens on the query that describes the group you clicked on. The number of assets in the group appears at the top of the wizard.

2. Change the query parameters to filter the group and click Apply. The Asset Graph and the asset count at the top of the wizard update to reflect the new parameters and a new breadcrumb is added. See Creating Queries with the Query Wizard more information on how to use the Query Wizard.

   

   When a filter is applied to a group, the filter icon appears on the group icon.

   

Using Enforcement Actions from the Asset Graph

You can use an existing Enforcement or create new ones directly from the Asset Graph.

To use an Enforcement Action in the Asset Graph

1. Click on the asset or asset group on which you want the Enforcement Action to apply.
2. From the Enforce option, select one of the following:

• Create Enforcement- To create a new Enforcement Set, see Enforce - Create Enforcement in Asset Actions.
• Use Existing Enforcement - To use an exising Enforcement, see Enforce - Use Existing Enforcement in Asset Actions.

Tags, Custom Fields and Create Tickets from the Asset Graph

You can also assign tags, add custom fields and create tickets directly from the Asset Graph.