# Path Finder Search Strings The Path Finder supports the following search primitives: ``` card_id:TEXT, order:NUM, target_id:TEXT, target:TEXT, foothold:TEXT, host:TEXT, identity:TEXT, prize:TEXT, criticality:TEXT, bim:TEXT, os:TEXT ``` And the following unique keywords: | Keyword | Result | | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | VulnToHighValue | Display paths starting with a vulnerability and resulting in the compromise of a high-value target | | VulnToAzBuiltinsL5 | Display paths starting with a vulnerability and resulting in the compromise of Azure's most privileged roles. \["Global Administrator", "Privileged Role Administrator", "Privileged Authentication Administrator", "Azure AD Joined Device Local Administrator"] | | VulnToAzBuiltinsL4 | Display paths starting with a vulnerability and resulting in the compromise of Azure's second most privileged roles - \["Application Administrator","Authentication Administrator","Authentication Policy Administrator","Azure DevOps Administrator","B2C IEF Keyset Administrator","Cloud Application Administrator","Cloud Device Administrator","Directory Synchronization Accounts","Exchange Administrator","External Identity Provider Administrator","Helpdesk Administrator","Hybrid Identity Administrator","Intune Administrator","Partner Tier1 Support","Partner Tier2 Support","Password Administrator","Security Administrator","Security Operator","User Administrator","Windows 365 Administrator"] | | AnyToDomain | Display any path that results in the compromise of a Domain | | VulnToDC | Display paths starting with a vulnerability that results in the compromise of a Domain Controller | | VulnToEA | Display paths starting with a vulnerability that results in the compromise of an Enterprise Administrator | | AuthUToHighValue | Display paths starting with an authentication compromise and resulting in the compromise of a high-value target | | VulnToDA | Display paths starting with a vulnerability and resulting in compromise of Domain Admin | | VulnToBIM | Display paths starting with a vulnerability and resulting in the compromise of a Business Impact Matrix prioritized device | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.reveald.com/technical-documentation/admin-guides/epiphany-intelligence-platform-administrator-guide/epiphany-tools/path-finder/path-finder-search-strings.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.