removed related content

snicklezzz · snicklezzz · commit 262705028875 · 2026-04-07T18:40:54.000+03:00
diff --git a/articles/defender-for-cloud/how-to-test-attack-path-and-security-explorer-with-vulnerable-container-image.md b/articles/defender-for-cloud/how-to-test-attack-path-and-security-explorer-with-vulnerable-container-image.md
@@ -8,26 +8,21 @@ ms.date: 03/02/2026
 
 # Attack path analysis and enhanced risk-hunting for containers
 
-Attack path analysis is a graph-based algorithm that scans the cloud security graph. The scans expose paths that bad actors might exploit to breach your environment and reach your high-impact assets. Attack path analysis exposes attack paths and suggests recommendations for remediating issues that break the attack path and prevent a successful breach.
+Attack path analysis identifies potential paths that attackers could use to reach high-impact resources in your environment. It analyzes relationships between resources and highlights issues that can be remediated to reduce risk.
 
-You can explore and investigate [attack paths](how-to-manage-attack-path.md) by sorting them based on risk level, name, environment, risk factors, entry point, target, affected resources, and active recommendations. You can also explore cloud security graph Insights on the resource. Examples of Insight types include:
+This article shows how to test attack path analysis by deploying a mock vulnerable container image.
 
-- Pod exposed to the internet
-- Privileged container
-- Pod uses host network
-- Container image is vulnerable to remote code execution
+# [Azure](#tab/azure)
 
-## Test the attack path and security explorer using a mock vulnerable container image for each cloud provider
+## Prerequisites
 
-## [Azure](#tab/testing-the-attack-path-and-security-explorer-using-a-mock-vulnerable-container-image-for-azure)
+- [Defender CSPM enabled for your subscription](tutorial-enable-cspm-plan.md).
 
-### Test the attack path and security explorer by using a mock vulnerable container image for Azure
+- Access to an Azure Kubernetes Service (AKS) cluster.
 
-If the list of attack paths has no entries, you can still test this feature by using a mock container image. Use the following steps to set up the test:
+- An Azure Container Registry (ACR) that the cluster can access.
 
-**Requirement:** An instance of Azure Container Registry (ACR) in the tested scope.
-
-#### Import a mock vulnerable image to your Azure Container Registry
+## Test the attack path and security explorer using a mock vulnerable container image
 
 1. Pull a base image (for example, alpine) to your local environment by running the following command:
 
@@ -72,34 +67,51 @@ If the list of attack paths has no entries, you can still test this feature by u
     helm install dcspmcharts  oci://mcr.microsoft.com/mdc/stable/dcspmcharts --version 1.0.0 --namespace mdc-dcspm-demo --create-namespace --set image=<your-image-uri> --set distribution=AZURE
     ```
 
-#### Verify deployment
+### Verify deployment
 
 1. Look for an entry with **mdc-dcspm-demo** as namespace.
-1. Go to **Workloads-> Deployments**.
+
+1. Go to **Workloads** > **Deployments**.
+
 1. Verify `pod1` and `pod2` are created 3/3 and **ingress-controller-nginx-ingress-controller** is created 1/1.
+
 1. Go to **Services and Ingresses**.
+
 1. Verify that **service1** and **ingress-controller-nginx-ingress-controller** are listed. 
+
 1. Verify one **ingress** is created with an IP address and nginx class.
 
+# [AWS](#tab/aws)
+
+## Prerequisites
+
+- [Defender CSPM enabled for your AWS account](tutorial-enable-cspm-plan.md).
+
+- Access to an Amazon Elastic Kubernetes Service (EKS) cluster.
 
-## [**AWS**](#tab/testing-the-attack-path-and-security-explorer-using-a-mock-vulnerable-container-image-for-aws)
+- An Amazon Elastic Container Registry (ECR) repository that the cluster can access.
 
-### Test the attack path and security explorer by using a mock vulnerable container image for AWS
+## Test the attack path and security explorer using a mock vulnerable container image
+
+1. Create an Amazon ECR repository named `mdc-mock-0001`.
 
-1. Create an ECR repository named *mdc-mock-0001*.
 1. In your AWS account, select **Command line or programmatic access**.
+
 1. Select **Option 1: Set AWS environment variables (Short-term credentials)**. 
+
 1. Copy the values for the following credentials:
    * *AWS_ACCESS_KEY_ID*
    * *AWS_SECRET_ACCESS_KEY*
    * *AWS_SESSION_TOKEN*
+
 1. Run the following command to get the authentication token for your Amazon ECR registry. Replace `<REGION>` with the region of your registry and `<ACCOUNT>` with your AWS account ID.
 
     ```awscli
     aws ecr get-login-password --region <REGION> | docker login --username AWS --password-stdin <ACCOUNT>.dkr.ecr.<REGION>.amazonaws.com
     ```
 
 1. Create a Docker image that is tagged as vulnerable by name. The image name must include *mdc-mock-0001*. 
+
 1. Push the image to your ECR registry. Replace `<ACCOUNT>` and `<REGION>` with your AWS account ID and region.
 
     ```awscli
@@ -109,6 +121,7 @@ If the list of attack paths has no entries, you can still test this feature by u
     ```
 
 1. Connect to your EKS cluster.
+
 1. Configure `kubectl` to work with your EKS cluster. Replace `<your-region>` and `<your-cluster-name>` with your EKS cluster region and name.
 
     ```awscli
@@ -123,7 +136,7 @@ If the list of attack paths has no entries, you can still test this feature by u
 
 1. Install the [ngnix ingress Controller](https://docs.nginx.com/nginx-ingress-controller/installation/installing-nic/installation-with-helm/) :
 
-    ```azurecli
+    ```awscli
     helm install ingress-controller oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.0.1
     ```
 
@@ -134,14 +147,24 @@ The Helm chart deploys resources onto your cluster that you can use to infer att
     helm install dcspmcharts oci://mcr.microsoft.com/mdc/stable/dcspmcharts --version 1.0.0 --namespace mdc-dcspm-demo --create-namespace --set image=<ACCOUNT>.dkr.ecr.<REGION>.amazonaws.com/mdc-mock-0001 --set distribution=AWS
     ```
 
+## [GCP](#tab/gcp)
 
-## [**GCP**](#tab/testing-the-attack-path-and-security-explorer-using-a-mock-vulnerable-container-image-for-gcp)
+## Prerequisites
 
-### Test the attack path and security explorer by using a mock vulnerable container image for GCP
+- [Defender CSPM enabled for your GCP project](tutorial-enable-cspm-plan.md).
+
+- Access to a Google Kubernetes Engine (GKE) cluster.
+
+- A Google Artifact Registry repository that the cluster can access.
+
+## Test the attack path and security explorer using a mock vulnerable container image
 
 1. Sign in to the GCP portal.
+
 1. Search for **Artifact Registry**.
+
 1. Create a GCP repository named *mdc-mock-0001*.
+
 1. Follow the GCP documentation, [Push and pull images](https://cloud.google.com/artifact-registry/docs/docker/pushing-and-pulling), to push the image to your repository. Run these commands:
 
     ```docker
@@ -151,7 +174,9 @@ The Helm chart deploys resources onto your cluster that you can use to infer att
     ```
 
 1. Go to **Kubernetes Engine** > **Clusters**. 
+
 1. Select the **Connect** button.
+
 1. Run the following command in the Cloud Shell:
 
    ```gcloud-cli
@@ -174,22 +199,33 @@ The Helm chart deploys resources onto your cluster that you can use to infer att
         ```gcloud-cli
         helm install dcspmcharts oci:/mcr.microsoft.com/mdc/stable/dcspmcharts --version 1.0.0 --namespace mdc-dcspm-demo --create-namespace --set image=<IMAGE_URI> --set distribution=GCP
         ```
-
 ---
 
 > [!NOTE]
-> It can take up to 24 hours to see results in the cloud security explorer and attack path.
+> It can take up to 24 hours for results to appear in Attack path analysis and Cloud Security Explorer.
 
-After you finish testing the attack path, investigate the created attack path by going to **Attack path analysis**, and search for the attack path you created. For more information, see [Identify and remediate attack paths](how-to-manage-attack-path.md).
+## View attack paths
 
-### Find container posture issues with cloud security explorer
+After deploying the mock scenario, you can view the generated attack path in **Microsoft Defender for Cloud**:
 
-You can build queries in one of the following ways:
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Go to **Defender for Cloud** > **Attack path analysis**.
+
+1. Locate the attack path related to the deployed resources.
+
+Learn how to [identify and remediate attack paths](how-to-manage-attack-path.md).
 
-- [Explore risks with built-in cloud security explorer templates](how-to-manage-cloud-security-explorer.md#query-templates)
-- [Create custom queries with cloud security explorer](how-to-manage-cloud-security-explorer.md#build-a-query)
+## Investigate container risks with Cloud Security Explorer
 
+After deploying the mock vulnerable image, you can use Cloud Security Explorer to identify related risks and explore how they contribute to attack paths.
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Go to **Defender for Cloud** > **Cloud Security Explorer**.
+
+You can build queries in one of the following ways:
 
-## Next steps
+- [Use built-in query templates](how-to-manage-cloud-security-explorer.md#query-templates)
 
-- Learn more about the [Microsoft Defender for Cloud plans](defender-for-cloud-introduction.md#cloud-workload-protection-platform-cwpp).
+- [Create custom queries](how-to-manage-cloud-security-explorer.md#build-a-query)
