How is Attack Depth calculated? What does a negative value for Attack Depth stand for?
Thank you again.
Hi, Subbarao Chitturi
Attack Depth indicates how many separate attack steps it takes to reach from an Untrusted Threat Source to the location in question. So if you have a host with a vuln that is directly exposed to attack, that host will have AD=1. If you have a host that cannot be reached directly from any Threat Source, but can be reached after an attacker exploits a leapfrog vuln at AD=1, then that host will be at AD=2 - meaning it would take two attacks in sequence to get there.
That handles all the positive numbers. However, we can find hosts that have NO chains of attack to reach them at all. In the GUI, we display this as "Unreachable", so that's what you will see. However, if you call the API to get the underlying values, you'll find we encode that as a negative number. You could also see a zero, if you had a scanned host living in a subnet that is already marked as a Threat Source - meaning that host already lives in a network that is outside your control, and so cannot be trusted.Reply