Search attack paths

Returns a list of the top attack paths leading to critical assets. The response includes details about each attack path, such as associated techniques, nodes, and metadata. This endpoint enables you to use advanced search capabilities, including filtering, sorting, and pagination.

Note: Attack paths inherit their status from underlying techniques. To prioritize active threats, the system excludes the following statuses by default:

  • chain_prevented — The attack chain is partially fixed.
  • accepted — The risk is accepted.
  • done — Remediation is complete.

To retrieve all paths regardless of status, set the exclude_resolved parameter to false.

For more information, see Top Attack Paths in the Exposure Management User Guide.

Requires the Basic [16] user role or the ATTACK_PATH_ANALYSIS.QUERY.SEARCH custom role privilege. See Roles and Permissions.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Query Params
integer
100 to 10000
Defaults to 1000

The number of attack path records to retrieve. If omitted, the default value is 1000. The minimum value is 100 and the maximum value is 10000.

integer
≥ 0
Defaults to 0

The number of records to skip for offset-based pagination. If omitted, the default value is 0.

string

The property and direction to sort the results by, in the format property:direction. For example: name:asc, priority:desc, or path_status:asc.

Supported properties for sorting include name, priority, and path_status.

string
enum
Defaults to false

Indicates whether or not to run the AI summarization for missing paths.

Generative AI enables users to better understand attack paths and their associated risk, and it provides additional insight into the assets affected by the attack paths.

Note that enabling the AI summarization results in slower response times.

Allowed:
boolean
Defaults to true

Excludes resolved attack paths from the results. When true (default), the system filters out paths with the following path_status values:

  • done — Remediation is complete.
  • chain_prevented — The attack chain is partially broken.
  • accepted — The risk is accepted.

Set to false to include all attack paths regardless of status.

Body Params

Filter conditions for searching attack paths. Filter operators can include nested conditions and operators to create complex filtering logic.

Defines a single filter condition used to narrow the search results for attack paths.

string
enum

Specifies the property used to filter the results. For example: priority, name, or technique.

string
enum

Specifies the comparison operator applied to the property filter. For example: eq (equals), ne (not equals), or contains.

Defines the specific value or values to match against the property. This can be a single value or an array of values depending on the operator used.

Headers
string
enum
Defaults to application/json

Generated from available response content types

Allowed:
Responses

Language
Credentials
Header
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json
text/html