Getting Started with Tenable Attack Surface Management

Use the following steps to get started with Tenable Attack Surface Management:

1. Log in to Tenable Attack Surface Management

2. Create Your First Inventory

3. Add Users to Tenable Attack Surface Management

4. Filter Your Assets

5. Create Subscriptions

6. Set Up Notifications

Log in to Tenable Attack Surface Management

To log in to Tenable Attack Surface Management:

1. In a supported browser, navigate to https://cloud.tenable.com/. The login page appears.
2. Type your Username and Password credentials.
3. Click Sign In.

   The Workspace page appears.

4. Click the Tenable Attack Surface Management tile.

   The Tenable Attack Surface Management interface appears, where you can identify internet-accessible assets that may or may not be known to your organization.

Create Your First Inventory

When you log in to Tenable Attack Surface Management for the first time, you can see the Let's set up your Inventory page. Type your organization's domain name and click the + Add Domain Name button. Tenable Attack Surface Management starts discovering subdomains and creating your inventory.

If you entered wikipedia.org as your main domain name, you can see the following inventory:

Add Users to Tenable Attack Surface Management

To add users to Tenable Attack Surface Management, you must first create users in Tenable Vulnerability Management.

For information about creating users in Tenable Vulnerability Management, follow the instructions in Create a User Account in the Tenable Vulnerability Management User Guide.

(Business Admins only) You can modify user roles and add inventories for users in the Tenable Attack Surface Management administrator interface.

For more information, see Edit User Account Details and Edit Inventory Details.

Filter Your Assets

Tenable Attack Surface Management uses filters to provide powerful inventory search capabilities. Filters allow you to view specific subsets of assets in your inventory.

To apply a filter:

1. Above the search box, click + Add filter.

   

   A drop-down menu appears with a list of filters:

   

2. Select the filter you want to use.

   A list of operators appears. This list varies based on the filter you select.

3. If the operator requires a value, type that value in the text box.

   In this example, Filter = SSL/TLS Expiration, Operator = expires in, and Value =30.

4. Click Done.

   Your inventory displays only assets matching the filter criteria.

   In this example, your inventory displays only assets with a TLS certificate that expires within the next 30 days. The SSL/TLS Expiration column also appears.

Create Subscriptions

You can save one or more filters as a Subscription. Tenable Attack Surface Management updates subscriptions automatically and these contain only the assets that match the applied filters.

For example, if you want to know which assets have TLS certificates that expire within the next 30 days, you can create a Subscription to refer the filter quickly.

To create a Subscription:

1. Apply one or more filters to your assets.

2. To the right of the applied filter, click Save.

   

   The Create Subscription window appears.

3. In the Subscription name box, type a name for the subscription.

4. Click Create Subscription.

   A confirmation window appears with a link to the newly created subscription.

5. Click the link in the confirmation window.

   Your subscription appears with a list of assets that match the applied filter.

   

To see a list of all your subscriptions click the icon in the top navigation bar.

Set Up Notifications

If certain aspects of your inventory change, Tenable Attack Surface Management provides a notification system that can email you, send you a Slack message, or communicate though ServiceNow.

For example, you can receive an email notification when an asset has a TLS certificate that expires soon by using the Subscription that you created previously.

1. Hover over the row that contains your Expiring TLS Certificates subscription, and click the bell icon:

   

   The following window appears:

   

2. To enable email notifications, click the Email toggle.

3. Type your email address and press Save.

   Tenable Attack Surface Management now sends daily emails that give you a list of assets that have a TLS certificate expiring in 30 days.

Expand Tenable Attack Surface Management into Tenable One

Integrate Tenable Attack Surface Management with Tenable One and leverage the following features:

• In Lumin Exposure View, gain critical business context by getting business-aligned cyber exposure score for critical business services, processes and functions, and track delivery against SLAs. Track overall identity risk to understand the risk contribution of web applications to your overall cyber exposure score.

  • Review the Global exposure card to understand your holistic score. Click Per Exposure to understand what factors are driving your score, and by how much.

  • Configure the exposure view settings to set a customized Card Target and configure Remediation SLA and SLA Efficiency based on your company policy.

  • Create a custom exposure card based on business context (for example, Domains, Domain Admins, Asset Criticality, Critical Users/Critical Assets, or Service Accounts).

• In Tenable Inventory, enhance asset intelligence by accessing deeper asset insights, including related attack paths, tags, exposure cards, users, relationships, and more. Improve risk scoring by gaining a more complete view of asset exposure, with an asset exposure score that assesses total asset risk and asset criticality for identities.

  • Review the Tenable Queries that you can use, edit, and bookmark.

  • Familiarize yourself with the Global Search query builder and its objects and properties. Bookmark custom queries for later use.

    Tip: To get a quick view of what properties are available:

    • In the query builder, type has. A list of suggested asset properties appears.
    • Customize the list by adding a column. A list of available columns/properties appears.
  • Drill down into the asset details page to view asset properties and all associated context views.

  • (Optional) Create a tag that combines different asset classes.

• In Attack Path Analysis, optimize risk prioritization by exposing risky attack paths that traverse the attack surface, including web apps, IT, OT, IoT, identities, ASM, and prevent material impact. Streamline mitigation by identifying choke points to disrupt attack paths with mitigation guidance, and gain deep expertise with AI insights.

  • View the Attack Path Analysis Dashboard for a high-level view of your vulnerable assets such as the number of attack paths leading to these critical assets, the number of open findings and their severity, a matrix to view paths with different source node exposure score and ACR target value combinations, and a list of trending attack paths.

    • Review the Top Attack Path Matrix and click the Top Attack Paths tile to view more information about your most critical attack paths.

    You can adjust these if needed to ensure you’re viewing the most critical attack path data and findings.

  • On the Findings page, view all attack techniques that exist in one or more attack paths that lead to one or more critical assets by pairing your data with advanced graph analytics and the MITRE ATT&CK® Framework to create Findings, which allow you to understand and act on the unknowns that enable and amplify threat impact on your assets and information.

  • On the Discover page, generate attack path queries to view your assets as part of potential attack paths:

    • Generate an Attack Path using a Built-in Query

    • Generate an Asset Query using the Asset Query Builder

    • Generate an Attack Path Query using the Attack Path Query Builder

    Then, you can view and interact with the Attack Path Query and Asset Query data via the query result list and the interactive graph.