# Attack Paths Analysis

Users here are presented with visual representations of the network's security posture, generated through symbolic AI. The system employs a sophisticated methodology, gathering data from the scanning process and applying symbolic AI to derive conclusions based on these facts. Additionally, the system incorporates derived facts to identify vulnerabilities and evaluate potential attack goals.

The generated graph illustrates complicated relationships between several elements within the network, including vulnerabilities, attack paths, and critical assets. Initially, the system constructs a full attack graph, which may be complex due to the network's size and complexity. To update this graph and highlight critical paths, the system undergoes a reduction process. This process aims to condense the attack graph into a concise and informative summary version.

The resulting critical path graph provides users with a clear overview of the most significant attack paths within the network. Each critical path is ranked based on severity and impact, offering users the information of the most persistent security risks. By presenting this summarized version of the attack graph, the system enables users to prioritize efforts and focus on securing critical assets effectively.

On the Graph page, users encounter two views: [Critical Paths](/attack-paths-analysis/critical-paths-view.md) and [Critical Assets](/attack-paths-analysis/critical-assets-view.md). Both views offer insights into the network's security posture from different perspectives while reflecting the same original information.

<img src="/files/MxkjosxqITekZY8nFy27" alt="Process Flow" class="gitbook-drawing">

When the user clicks on <mark style="color:blue;">**Attack Paths Analysis**</mark> in the side menu, this **Critical Paths Analysis Guidelines** window appears. It serves as an introduction to how the system generates and prioritizes critical paths, helping users understand the methodology behind the analysis.

<figure><img src="/files/kEaW3spCSCO6A68Vsfns" alt=""><figcaption><p>Critical Paths Analysis Guidelines</p></figcaption></figure>

This page provides a set of guidelines for interpreting critical paths identified by the system such as:

1. **Public IP Address Priority**
   * Assets with public IP addresses are automatically flagged as potential points of compromise, regardless of whether network vulnerabilities are present.&#x20;
2. **Critical Paths Visualization by Severity**
   * The analyzer’s AI engine evaluates all potential critical paths based on the severity of vulnerabilities on associated assets.&#x20;
3. **Prioritization of Attack Goals**
   * The system identifies potential attack goals by focusing on vulnerable assets within the organization.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://stormanalyzer.cybral.com/attack-paths-analysis.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.