Microsoft has introduced a new tool called ExposureGraphEdges & ExposureGraphNodes tables in Advanced Hunting to manage security exposure. These tables contain data for Microsoft Security Exposure Management graph, including information about devices, identities, user groups, and cloud assets. By understanding this data, organizations can proactively manage their security posture.
The Blast Radius concept, traditionally associated with physical explosions, is now used in cybersecurity to evaluate the potential impact of an attacker exploiting a compromised asset. By calculating Blast Radius, organizations can uncover potential attack paths, prioritize high-risk entities, and enhance security products.
Asset Exposure provides a complementary perspective by revealing all paths leading to an entity. This helps organizations identify access points to valuable assets and strengthen their protection.
To analyze paths between groups, groupData can be added to the tables to define groups based on attributes like subscriptions or naming conventions. By grouping nodes and edges based on GroupId, organizations can identify closely connected groups of entities and assets within their network.
The function XGraph_PathExplorationWithGroups can be used to find paths between groups based on their properties. By aggregating start and end points by GroupId, organizations can identify paths between different types of resources in different groups.
To calculate Blast Radius and Asset Exposure at a group level,
