For the attack path mapping, we iterate on all the access policies from the internet to the endpoint (internet gateways, security groups, and similar).

One or more of the following conditions must be met in order to trigger the internet exposure:

• Instance has public IP or instance is targeted by an internet-facing load balancer Security group on the instance or load balancer permits 0.0.0.0/0 Subnet of instance is public (meaning, it has a route to an internet gateway)
• Internet exposure is also used to determine the host risk score.

How can be used within the context of vulnerabilities please see our documentation: https://docs.lacework.com/console/attack-path-analysis-exposure-polygraph#view-exposure-risk-context