Attack Paths - TraceCtrl

GET

api

risk

attack-paths

Attack Paths

curl --request GET \
  --url https://api.example.com/api/v1/risk/attack-paths

{
  "path_id": "<string>",
  "rule_name": "<string>",
  "owasp_category": "<string>",
  "agents_involved": [
    "<string>"
  ],
  "path_steps": [
    {}
  ],
  "risk_score": 123,
  "severity": "<string>"
}

Returns all detected attack paths ordered by risk score descending.

service

string

Filter by service name

path_id

string

Unique path identifier

rule_name

string

TAGAAI rule that fired (e.g., vulnerableToExcessiveAgency)

owasp_category

string

OWASP ASI category (ASI01, ASI02, etc.)

agents_involved

string[]

Agent IDs in the attack chain

path_steps

object[]

Step-by-step attack chain

risk_score

float

Computed risk score

severity

string

Critical, High, Medium, or Low

Agent Risk ScoresPer-agent risk scores

Attack Paths

curl --request GET \
  --url https://api.example.com/api/v1/risk/attack-paths

{
  "path_id": "<string>",
  "rule_name": "<string>",
  "owasp_category": "<string>",
  "agents_involved": [
    "<string>"
  ],
  "path_steps": [
    {}
  ],
  "risk_score": 123,
  "severity": "<string>"
}

Engine API

Risk