- 12 Feb 2024
- 10 Minutes to read
- Updated on 12 Feb 2024
- 10 Minutes to read
Use the Asset Graph page to view a visual representation of the connections between the assets in your inventory. You can start by viewing the details of a single asset, such as a device, and then use the capabilities of the graph to ask questions about the device and both expand and filter what is displayed. You can also start with multiple assets from one of the asset tables or select an asset type directly in the Asset Graph page.
The Asset Graph provides many benefits, including:
- A graph gives a visual representation of the relationships between assets that allows you to quickly understand the topology.
- Multi-step analysis and deep dive into the relationship between assets.
- You can see the downstream impact of incidents.
- Investigation is faster, straightforward and more accurate.
- Quickly understand the relationship between assets.
- Ability to triage asset issues quickly.
- Easier to explain the attack surface to non-technical teammates.
- Allows to easily determine the blast radius of an incident.
To display the Asset Graph, click Click in the left navigation bar.
A tile for each asset type in the environment is displayed. The number of assets of each type is displayed in the tile below the asset type name. See Accessing the Asset Graph for more details about how to access the Asset Graph from the Asset Profile page or one of the asset pages such as Users or SaaS Software.
Accessing the Asset Graph
There are three ways to access the Asset Graph:
A single asset from the Asset Details page
- Select a single asset and then, from the Actions menu, select Open in graph.
You can also select the asset to view its details and click the Asset Graph tab. This works exactly as does the Asset Graph page. The selected asset and all the other assets directly connected to it appear in the graph.
Multiple assets from an Asset page
- From any asset page, such as Devices or SaaS Applications, select multiple assets in the table and from the Actions menu, select Open in graph.
The graph opens in the Asset Graph page showing a group icon for the selected assets in the center of the graph area.
All assets in the Asset Graph page from the Navigation toolbar
- Click in the left navigation bar. A tile for each asset type in the environment is displayed. The number of assets of each type is displayed in the tile below the asset type name.
Click an asset type to start your investigation. You can filter the asset types by category from the Category list. You can select multiple categories. To return to the main Asset Graph view, click Starting View in the Investigation Steps list or in the Navigation bar.
About the Asset Graph
Once opened, the Asset Graph shows the assets you selected, whether specific assets from one of the asset pages or a whole category of assets from the Asset Graph page.
The side pane on the left includes the Investigation Steps list at the top and the Data Layers list below.
- The Investigation Steps list includes a tile representing each action taken in the Asset Graph. See Viewing the Investigation Step-by-Step for more about navigating within the current Asset Graph.
- The Data Layers list represents the asset types included in the current state of the Asset Graph. See Viewing Data Layers for more about Data Layers.
Assets and groups of assets are shown as circles with asset type icons. Groups have the asset count displayed in a number balloon. Relationships between assets or asset groups are indicated by arrows with a label describing the type of relationship.
Viewing Investigations Step-by-Step
The Investigation Steps list in the side pane shows the sequence of steps taken in your investigation and allows you to view the progress step-by-step. The following example describes how the Investigation Steps list works.
In this example, multiple assets were selected on the Application Extensions asset page but what follows applies no matter how the investigation starts.
Click on the Applications Extensions group icon and select Connections and then All.
Assets connected to the Application Extensions are added to the chart and a new step is added to the Investigation Steps list representing the action taken. Note that the current step is highlighted blue. Layers for the newly added asset types, SaaS Applications and User Extensions, are added to the Data Layers list.
Each step tile includes a description of the step it represents. Hover over the tile to see the full description in a tooltip. Mouse over a step tile to see the full name of the action taken when the name is long. Clicking a step tile also recenters the graph.
- In the Investigation Steps list, click Selected Assets, a previous step, to view the graph at that step. All later steps are preserved as well, while only the Data Layers in the current state of the graph are listed.
To return to the main Asset Graph view, click Starting Point in the Investigation Steps list or in the Navigation bar.
When you apply different query parameters or filter the current results, the step tiles from this step forward will change. In this case, the following message appears:
Viewing Data Layers
The Data Layers list at the bottom of the side pane shows each asset category included in the current state of the Asset Graph and the number of assets matching the current query parameters. When query parameters change, the asset count changes in the Data Layers menu to reflect the current query.
When you hover over a data layer, the view icon appears. Click the icon to show or hide the data layer.
Zooming In and Out
Use the zoom tools in the lower-left corner of the graph to magnify the graph. You can move the graph within the page to position it how you want and you can zoom the graph to focus on specific assets.
To move the whole graph, use the hand tool . Click in the empty space and drag. To move selected nodes, select the nodes you want and drag them to a new location. See /pl/docs/asset-graph#selecting-multiple-assets.
Click to set the view to fit the graph in the visible window.
Click to zoom in and to zoom out. You can also use the mouse wheel to zoom the graph.
Relationships between assets and/or groups are shown as arrows linking them. It describes how the assets are connected.
See Exploring Connections and Asset Relationships for more about working with connections and relationships.
Viewing a Group Preview
For groups of less than 500 assets, you can display all group members individually as a preview.
To view a preview of an asset group:
- Click on the node and select Preview. The group is opened and the members are enclosed within a circle.
- To close the preview, click within the group circle and select Close preview to go back to the group icon.
Ungrouping a Group Node
Groups of less than 500 members can be ungrouped. When a node is ungrouped, all the members are displayed on the graph individually.
To ungroup a group node:
- Click on a group node and select Ungroup.
Viewing the Asset Profile
When you hover over the icon of a single asset, a tooltip appears with information about that asset.
Click on the asset icon for other options:
- View asset profile - Displays the Asset Profile page in a new tab for the selected asset in a new browser tab.
Segmenting a Group of Assets
You can segment a group of assets by various fields to separate them into categories.
To segment an asset group:
Click Segment by and select a field to segment the group. Subgroups of the assets are displayed according to the field selected. For example, segmenting SaaS Applications by Application Category.
For example, segmenting SaaS Applications by Application Category creates groups of SaaS applications for each category. Each of these groups can also be segmented and investigated further.
Selecting Multiple Nodes
You can select multiple assets or asset groups in the Asset Graph and investigate them together.
To select multiple assets:
- Do one of the following:
- On all OSs, click the till it turns to . Then, click and drag the border around the nodes you want to select.
- On Windows and Linux machines, press CTRL, on Apple Mac machines, press Command. and click on the nodes you want to select.
Using Node Custom Groups
Use custom groups to associate individual assets or groups of assets together. Groups reduce clutter in your graph, and enable you to act on the whole group as a single entity. Groups can only include assets of the same type. Enforcement Actions are executed on all members of a group.
You can select all the user nodes that belong to the same department, group them together, and name the group “Sales”. Then, you can Filter, Enforce, Segment, or explore further connections to the “Sales” group with just a few clicks.
Expanding a group's connections shows the connections for all the members of the group.
To group assets on the asset graph:
- Select the assets you want to group.
- In the menu, select Group.
- The selected nodes are grouped together into one node and named in sequence with the asset type added.
To ungroup an asset group:
- Click on a group and select Ungroup.
Viewing Group Details
You can view detailed information about the assets in a group in the Explore Group drawer. The Explore Group drawer displays information appropriate for each asset type.
At the top of the drawer the asset category is displayed along with the number of assets and the total number of connections to those assets. Group Connections shows the number of connections to the other asset types.
- Click on a group or within a group circle and select View Details.
In this example, each vulnerability is listed with the Vulnerability ID (Vuln ID) and the number of devices (Device Count) that have each vulnerability.
Use the Search bar to find specific assets within the current list or click Query Wizard to use different query parameters.
The Query Wizard opens with the current query parameters. Make any changes you want and click Apply. Assets matching the new parameters are listed in the Explore Group drawer and in the Asset Graph. See Creating Queries with the Query Wizard for more about creating queries.
Filtering Asset Groups
You can filter a group to see a more specific set of assets.
Select a group and click Filter Group to open the Query Wizard.
The Query Wizards opens on the query that describes the group you clicked on. The number of assets in the group appears at the top of the wizard.
Change the query parameters to filter the group and click Apply. The Asset Graph and the asset count at the top of the wizard update to reflect the new parameters and a new breadcrumb is added. See Creating Queries with the Query Wizard more information on how to use the Query Wizard.
When a filter is applied to a group, the filter icon appears on the group icon.
Using Enforcement Actions from the Asset Graph
You can use existing Enforcement Sets or create new ones directly from the Asset Graph.
To use an Enforcement Action in the Asset Graph:
- Click on the asset or asset group on which you want the Enforcement Action to apply.
- From the Enforce option, select one of the following:
- Create Enforcement- To create a new Enforcement Set, see Enforce - Create Enforcement in Asset Actions.
- Use Existing Enforcement - To use an exising Enforcement Set, see Enforce - Use Existing Enforcement in Asset Actions.