Identity Protection Attack Path to a Privileged Account

[RoemIko]

Hi,

Is there an easy way to display all attack paths to a privileged account?

[jshcodes]

Hi @RoemIko -

Try the following snippet and let us know if you encounter issues:

from falconpy import IdentityProtection

# This example is leveraging Environment Authentication
idp = IdentityProtection()

idp_query = """{
  entities(
    archived: false
    first: 5
    riskFactorTypes: [HAS_ATTACK_PATH]
    sortKey: RISK_SCORE
    sortOrder: DESCENDING
  )
  {
    nodes {
      primaryDisplayName
      secondaryDisplayName
      riskScoreSeverity
      riskFactors {
        type

        ... on AttackPathBasedRiskFactor {
          attackPath {
            entity {
              primaryDisplayName
              type
              riskScoreSeverity
            }
            relation
            nextEntity {
              primaryDisplayName
              type
              riskScoreSeverity
            }
          }
        }
      }
    }
  }
}"""

result = idp.graphql(query=idp_query)

Thanks for the question! 😄