Recently Viewed Topics
Create an Access Group
Required User Role: Administrator
You can create an access group to group assets based on rules, using information such as an AWS Account ID, FQDN, IP address, and other identifying attributes. You can then assign permissions for users or groups of users to view the assets in the access group.
To create an access group:
In the upper-left corner, click the button.
The left navigation plane appears.
In the left navigation plane, click Settings.
The Settings page appears.
Click the Access Groups widget.
The Access Groups page appears. This page contains a table that lists the access groups that you have access to.
Click the Create Access Group button.
The Create Access Group page appears.
In the Name box, type a name for the access group.
Note: The name must be unique within your organization.
- Set the permissions type for the access group:
- Manage Assets—Users can view the asset records created during previous scans and scan the associated targets for those assets.
- Scan Targets—Users can scan targets associated with the access group and view the results of those scans. Targets may be associated with existing assets.
If you assign a permission type to the group, then change the type during configuration, Tenable.io prompts you to confirm the action. If you confirm, Tenable.io clears any rule filters you might have added.
In the Rules section, add the rules that Tenable.io uses to include assets or targets in the access group.
Note: You can add up to 1,000 rules per access group.
In the Category drop-down box, select an attribute to filter assets or targets.
In the Operator drop-down box, select an operator.
Possible operators include:
• is equal to: Tenable.io matches the rule to assets or targets based on an exact match of the specified term.
Note: Tenable.io interprets the operator as 'equals' for rules that specify a single IPv4 address, but interprets the operator as 'contains' for rules that specify an IPv4 range or CIDR range.
• contains: Tenable.io matches the rule to assets or targets based on a partial match of the specified term.
• starts with: Tenable.io matches the rule to assets or targets that start with the specified term.
• ends with: Tenable.io matches the rule to assets or targets that end with the specified term.
In the text box, type a valid value for the selected category.
Tip: You can enter multiple values separated by commas. For IPV4 Address, you can use CIDR notation (e.g., 192.168.0.0/24), a range (e.g., 192.168.0.1-192.168.0.255), or a comma-separated list (e.g., 192.168.0.0, 192.168.0.1).
(Optional) To add another rule, click the Add button.
Note: If you configure multiple rules for an access group, the access group includes assets or targets that match any of the rules. For example, if you configure two rules -- one that matches on the Network Name attribute and one that matches on IPv4 Address, the access group includes any assets in the specified network, plus any asset with the specified IPv4 address, regardless of whether that asset belongs to the specified network.
- In the Users & Groups section, configure user permissions for the access group.
- Click Save.
Tenable.io creates the access group. The Access Groups page appears.
Note: When you create an access group, Tenable.io may take some time to assign assets to the access group, depending on the system load, the number of matching assets, and the number of vulnerabilities. You can view this status in the Status column of the access groups table on the Access Groups page.