The Posture page is a simplified reporting dashboard that helps you understand your environment’s current and historical risks. The dashboard divides information into several sections that show where the biggest risks originate and track your remediation progress over time.
Filter the view by domain, privilege zone, and time range to assess your overall risk.
Attack Paths
The Attack Paths table displays the Attack Paths with active findings during the selected date range. Each Attack Path shows:| Column | Description |
|---|---|
| Severity | The severity level of the Attack Path at the end date of the selected range |
| Name | The name of the Attack Path |
| Category | The category of the Attack Path |
| Findings | The number of findings that existed on the end date of the selected range |
| Change | The calculated difference in the number of findings between the beginning and end date of the selected range |
This list includes Attack Paths that were entirely resolved (by your remediation efforts), or deprecated by SpecterOps during the selected range.
- CRITICAL: 95%-100%
- HIGH: 80%-94%
- MODERATE: 40%-79%
- LOW: 0%-39%
Attack Path Summary
The Attack Path Summary includes a “plain English” description of the risk held within the applied filter on the selected end date; and the change in Attack Paths, Findings, and Tier Zero Objects within the selected time frame.
Posture Over Time Graphs
This series of visualizations shows posture over time. They provide insights about trends in exposure levels, findings, attack paths, and Tier Zero objects.-
Total Tier Zero Attack Path Exposure - This graph represents the trend (by percentage) of overall exposure of your Tier Zero Privilege Zone within the selected filter parameters over time.
This risk represents the percentage of principals within the environment (and trusted/connected environments) that can compromise the Tier Zero Privilege Zone.
-
Historical Findings - This graph represents the trend (by count) in the total number of findings within the selected filter parameters over time.
As you remediate findings (or newly created misconfigurations generate new ones), this chart helps you track the changes in the number of identified findings over time.
-
Total Attack Paths - This graph represents the trend (by count) in the total number of active Attack Paths within the selected filter parameters over time.
As you remediate findings that contribute to Attack Paths (or newly created misconfigurations generate new ones), this chart helps you track the changes in the total number of identified Attack Paths over time.
-
Tier Zero Objects - This graph represents the trend in the total number of objects in the Tier Zero Privilege Zone within the selected filter parameters over time.
As you add or remove objects from the Tier Zero Privilege Zone, this chart helps you track the changes in the number of Tier Zero objects over time.
Completeness Graphs
For Active Directory environments, the Group Completeness and Session Completeness graphs represent how much visibility BloodHound Enterprise has into session and local group data across active computers in your environment. BloodHound Enterprise calculates completeness as the percentage of all computers that it successfully scanned for sessions and groups. It includes only enabled computers with at least one login in the past 14 days.