Configure Tenable Enclave Security
When you access the Tenable Enclave Security user interface for the first time, the Setup page appears. On the Setup page, you'll create your Super Administrator user account, set up your first organization, and create a Security Manager user account.
Before you begin:
Configure Tenable Enclave Security:
-
In a web browser, access Tenable Enclave Security at the URL that you defined in Prepare a Kubernetes Cluster.
-
Set up your Super Administrator user account, and click Next.
Super Administrator optionsOption
Description
First Name
The first name for the user.
Last Name
The last name for the user.
User Name
The username for the Super Administrator account.
Password
The unique password for the Super Administrator account.
Confirm Password
The same password you entered in the Password box.
-
Set up an organization, and click Next.
For more information about organizations, see Organizations.
Organization optionsOption
Description
Default
General
Name
The name for the organization.
--
Description
A description for the organization.
--
Address
The address for the organization.
--
City
The city for the organization.
--
State
The city for the organization.
--
Phone
The phone number for the organization.
--
Password Expiration
Enable Password Expiration
When enabled, the user's password will expire after the number of days specified in the Expiration Days box. The user will receive daily password expiration notifications at login, starting 14 days before the password expires. After the password expires, the user must change their password at the next login.
When disabled, the user's password expiration settings will default to the organization settings.
disabled
Expiration Days
The number of days before the user's password expires. You can enter a number between 1 and 365.
--
Container Security Scanner Key Expiration The number of days before the user's scanner key expires. 90 Scanning
Distribution Method
The scan distribution mode you want to use for this organization:
-
Automatic Distribution Only - The scanner chooses one or more scan zones to run the scan. Organizational users cannot choose a scan zone when configuring a scan.
-
Locked Zone - The scanner uses the scan zone(s) you specify to run the scan. Organizational users cannot modify the scan zone when configuring a scan.
-
Selectable Zones - The scanner allows organizational users to select a scan zone when configuring a scan. This mode allows organizational users to use scanners to run internal and external vulnerability scans and analyze the vulnerability stance from a new perspective. For example, an organizational user can choose an external scanner to see the attack surface from an external attacker’s perspective.
Automatic Distribution Only
Scan Zones
One or more scan zones for the organization.
Scan zones are areas of your network that you want to target in an active scan, associating an IP address or range of IP addresses with one or more scanners in your deployment. For more information about scan zones, see
--
Allow for Automatic Distribution
Enable or disable this option to specify whether you want the scanner to select one or more scan zones automatically if an organizational user does not specify a scan zone when configuring a scan.
-
When enabled, the scanner chooses one or more scan zones that you specify in the Restricted Scan Ranges setting.
-
When disabled, the scanner requires the organizational user to specify a scan zone when configuring a scan.
disabled
Restricted Scan Ranges
The IP address ranges you do not want users in this organization to scan.
--
Analysis
Accessible LCEs
The Log Correlation Engines that you want this organization to have access to. You can search for the Log Correlation Engines by name or scroll through the list.
--
Accessible Repositories
The repositories that you want this organization to have access to. You can search for the repositories by name or scroll through the list.
--
Accessible Agent Capable Scanners
The Tenable Nessus scanners (with Tenable Nessus Agents enabled) that you want this organization to have access to. Select one or more of the available scanners to allow the organization to import Tenable Nessus Agent results from the selected scanner.
--
Accessible LDAP Scanners
The LDAP servers that you want this organization to have access to. An organization must have access to an LDAP server to perform LDAP authentication on user accounts within that organization, and to configure LDAP query assets.
Note: If you revoke access to an LDAP server, users in the organization cannot authenticate and LDAP query assets cannot run.
--
Custom Analysis Links
Link Name
A name for the custom analysis link. You can use custom analysis links to reference additional data external to Tenable Enclave Security.
--
URL
The custom analysis link URL that will appear in the host vulnerability details.
For example, http://example.com/index.htm?ip=%ip%.The %ip% reference is a variable that inserts the IP address of the current host into the specified URI.
--
Vulnerability Weights
Vulnerability Weights
The vulnerability weighting to apply to vulnerabilities with the specified criticality:
-
Low - The vulnerability weighting to apply to Low criticality vulnerabilities for scoring purposes. (Default: 1)
-
Medium - The vulnerability weighting to apply to Medium criticality vulnerabilities for scoring purposes. (Default: 3)
-
High - The vulnerability weighting to apply to High criticality vulnerabilities for scoring purposes. (Default: 10)
-
Critical - The vulnerability weighting to apply to Critical criticality vulnerabilities for scoring purposes. (Default: 40)
Medium
Vulnerability Scoring System
Scoring System
The scoring system the scanner uses to assess the severity of vulnerabilities: CVSS v2 or CVSS v3.
Note: Changing the Scoring System while the scanner is running certain operations, such as preparing reports or dashboard data, results in data using mixed CVSS v2 and CVSS v3 scores.
Note: Changing the Scoring System does not impact historical dashboard trend data. For example, if you change the Scoring System from CVSS v2 to CVSS v3, dashboard trend data before the change displays CVSS v2 scores while dashboard trend data after the change displays CVSS v3 scores.
CVSS v2
-
-
Configure a Security Manager account, and click Finish.
Security Manager OptionsOption
Description
Default
Configure Product Access
Role
The role for the user.
Security Manager
Organization
The organization that the user belongs to.
--
General
First Name
The first name for the user.
--
Last Name
The last name for the user.
--
Type
The authentication type for the user account:
-
Tenable (TNS)
-
Lightweight Directory Access Protocol (LDAP)
-
Security Assertion Markup Language (SAML)
You must configure an LDAP server or SAML authentication in order to select LDAP or SAML from the Type drop-down box.
TNS
User Name
The username for the user account. The username is case-sensitive.
--
Password
The password for the user account.
Tip: Tenable recommends using passwords that meet stringent length and complexity requirements.
--
Confirm Password
The same password you entered in the Password box.
--
User Must Change Password
When enabled, the user must change their password when they log in for the first time.
disabled
Time Zone
The time zone for the user.
Scan Result Default Timeframe
The default Completion Time filter applied when the user accesses or refreshes the scan results.
Cached Fetching
When enabled, Tenable Enclave Security caches plugin policy information and performs plugin policy downloads once per page load.
Password Expiration
Enable Password Expiration
When enabled, the user's password will expire after the number of days specified in the Expiration Days box. The user will receive daily password expiration notifications at login, starting 14 days before the password expires. After the password expires, the user must change their password at the next login.
When disabled, the user's password expiration settings will default to the organization settings.
disabled
Expiration Days
The number of days before the user's password expires. You can enter a number between 1 and 365.
--
-