Asset Graph

Use the Asset Graph page to view a visual representation of the connections between the assets in your inventory. You can start by viewing the details of a single asset, such as a device, and then use the capabilities of the graph to ask questions about the device and both expand and filter what is displayed. You can also start with multiple assets from one of the asset tables or select an asset type directly in the Asset Graph page.

The Asset Graph provides many benefits, including:

• A graph gives a visual representation of the relationships between assets that allows you to quickly understand the topology.
• Multi-step analysis and deep dive into the relationship between assets.
• You can see the downstream impact of incidents.
• Investigation is faster, straightforward and more accurate.
• Quickly understand the relationship between assets.
• Ability to triage asset issues quickly.
• Easier to explain the attack surface to non-technical teammates.
• Allows to easily determine the blast radius of an incident.

To display the Asset Graph, click Click in the left navigation bar.

A tile for each asset type in the environment is displayed. The number of assets of each type is displayed in the tile below the asset type name. See Accessing the Asset Graph for more details about how to access the Asset Graph from the Asset Profile page or one of the asset pages such as Users or SaaS Software.

Accessing the Asset Graph

There are three ways to access the Asset Graph:

About the Asset Graph

Once opened, the Asset Graph shows the assets you selected, whether specific assets from one of the asset pages or a whole category of assets from the Asset Graph page.

The side pane on the left includes the Investigation Steps list at the top and the Data Layers list below.

• The Investigation Steps list includes a tile representing each action taken in the Asset Graph. See Viewing the Investigation Step-by-Step for more about navigating within the current Asset Graph.
• The Data Layers list represents the asset types included in the current state of the Asset Graph. See Viewing Data Layers for more about Data Layers.

Assets and groups of assets are shown as circles with asset type icons. Groups have the asset count displayed in a number balloon. Connections between assets and/or groups are shown as arrows linking them with the type of connection indicated by the connection label.

Connection labels tell you the type of connection:

• Last Used by - Indicates there are users associated with the asset.
• Has - Indicates that these assets have vulnerabilities associated with them.
• Affected by - Indicates other assets that affect another asset, such as settings.
• Accessing - Indicates that an asset is accessible or used by another asset, such as users.

Viewing the Investigation Step-by-Step

The Investigation Steps list in the side pane shows the sequence of steps taken in your investigation and allows you to view the progress step-by-step. The following example describes how the Investigation Steps list works.

1. In this example, multiple assets were selected on the Application Extensions asset page but what follows applies no matter how the investigation starts.

   

2. Click on the Applications Extensions group icon and select Connections and then All.

Assets connected to the Application Extensions are added to the chart and a new step is added to the Investigation Steps list representing the action taken. Note that the current step is highlighted blue. Layers for the newly added asset types, SaaS Applications and User Extensions, are added to the Data Layers list.

Each step tile includes a description of the step it represents. Hover over the tile to see the full description in a tooltip. Mouse over a step tile to see the full name of the action taken when the name is long. Clicking a step tile also recenters the graph.

3. In the Investigation Steps list, click Selected Assets, a previous step, to view the graph at that step. All later steps are preserved as well, while only the Data Layers in the current state of the graph are listed.

To return to the main Asset Graph view, click Starting Point in the Investigation Steps list or in the Navigation bar.

When you apply different query parameters or filter the current results, the step tiles from this step forward will change. In this case, the following message appears:

Viewing Data Layers

The Data Layers list at the bottom of the side pane shows each asset category included in the current state of the Asset Graph and the number of assets matching the current query parameters. When query parameters change, the asset count changes in the Data Layers menu to reflect the current query.

When you hover over a data layer, the view icon appears. Click the icon to show or hide the data layer.

Zooming In and Out

Use the zoom tools in the lower-left corner of the graph to magnify the graph. You can move the graph within the page to position it how you want and you can zoom the graph to focus on specific assets.

• To move the graph within the page, click in the empty space and drag to move the Asset Graph within the page.

• Click to set the view to fit the graph in the visible window.

• Click to zoom in and to zoom out. You can also use the mouse wheel to zoom the graph.

Viewing More Information about Asset Entities

Click on an individual asset or group of assets and select one of the options to further your investigation.

Investigating Groups of Assets

Click on an asset group and select one of the options:

• View details - Opens the Explore Group drawer. See Viewing Group Details.

• Filter - See Filtering Asset Groups

• Preview - For groups of less than 500 assets, displays all group members individually. A group circle surrounds the group members. Click within the group circle and select Close preview to go back to the group icon.

• Ungroup - For groups of less than 500 assets, removes the group and displays all group members individually.

• Segment by - Select a field to segment the group. Subgroups of the assets are displayed according to the field selected. For example, segregating SaaS Applications by Application Category

  

  For example, segmenting SaaS Applications by Application Category creates groups of SaaS applications for each category. Each of these groups can also be segmented and investigated further.

  

• Connections - Shows the connections between the group and other asset types in the environment. The asset types shown in the menu are those that have connections to the selected asset. For example, selecting to view User connections from the SaaS Applications group shows a connection to a users group.

  

  The following is displayed in the Asset Graph:

  

A next step may be to view the devices connected to the members of the group Users. Selecting Connections and then Devices from the menu displays all the devices that have a connection to any user in the group Users. Then segmenting the Devices by OS Type shows the operating systems running on these devices.

Investigating Individual Assets

You can investigate individual assets whether in a more complex graph or by themselves.

• View asset profile - Displays the Asset Profile page in a new tab for the selected asset in a new browser tab.

• Connections - Click in an asset and select Connections and then one of the options to view connections between the selected asset and other assets in the environment. Select All to see connections to all asset types or select a single asset type. All asset types with a connection to the selected asset are shown in the menu.

  

Viewing the Connection between Assets

When some members of one asset group have connections to some members of another group or individual asset, hover over one of them to see connection arrows between the assets.

Viewing Group Details

You can view detailed information about the assets in a group in the Explore Group drawer. The Explore Group drawer displays information appropriate for each asset type.
At the top of the drawer the asset category is displayed along with the number of assets and the total number of connections to those assets. Group Connections shows the number of connections to the other asset types.

• Click on a group or within a group circle and select View Details.

In this example, each vulnerability is listed with the Vulnerability ID (Vuln ID) and the number of devices (Device Count) that have each vulnerability.

Use the Search bar to find specific assets within the current list or click Query Wizard to use different query parameters.

The Query Wizard opens with the current query parameters. Make any changes you want and click Apply. Assets matching the new parameters are listed in the Explore Group drawer and in the Asset Graph. See Creating Queries with the Query Wizard for more about creating queries.

Filtering Asset Groups

You can filter a group to see a more specific set of assets.

1. Select a group and click Filter Group to open the Query Wizard.

   The Query Wizards opens on the query that describes the group you clicked on. The number of assets in the group appears at the top of the wizard.

2. Change the query parameters to filter the group and click Apply. The Asset Graph and the asset count at the top of the wizard update to reflect the new parameters and a new breadcrumb is added. See Creating Queries with the Query Wizard more information on how to use the Query Wizard.

   

   When a filter is applied to a group, the filter icon appears on the group icon.