Tenable Identity Exposure Network Requirements
Tenable Identity Exposure requires access to your Active Directory infrastructures to initiate security monitoring. You must allow network flows between the different Tenable Identity Exposure services as described in Network Flow Matrix.
Bandwidth
As a monitoring platform, Tenable Identity Exposure receives Active Directory events continuously. Depending on the scale of the infrastructure, this process can generate a significant volume of data.
You must allocate an appropriate bandwidth to guarantee data transmission to Tenable Identity Exposure for analysis in a reasonable amount of time.
The following table defines the required bandwidth based on the size of the monitored AD.
Active AD Users |
Average Number of Objects Received (per minute) |
Minimum Bandwidth |
Recommended Bandwidth |
---|---|---|---|
1 – 5,000 |
10 |
1 Mbps/sec |
2 Mbps/sec |
5,001 – 75,000 |
150 |
5 Mbps/sec |
10 Mbps/sec |
75,001 – 400,000 |
700 |
15 Mbps/sec |
30 Mbps/sec |
Microsoft APIs
To subscribe to the replication flows and begin monitoring them, Tenable Identity Exposure must contact standard directory APIs from Microsoft. Tenable Identity Exposure only requires communication with the Primary Domain Controller emulator (PDCe) with a regular user account. You must also deploy a new group policy object (GPO) to activate the attack detection engine.
Communication with AD
For an on-premises installation, Tenable Identity Exposure is a software package that you deploy on your Windows Server environment. Tenable Identity Exposure must communicate with the monitored Active Directory.
Internet Access
Tenable provides a continuous integration process to allow regular releases of new detection capabilities and features. Tenable recommends that you plan an Internet access to upgrade Tenable Identity Exposure regularly.
Network Protocols
Specific network protocols (such as Syslog, SMTP or HTTP) allow Tenable Identity Exposure to offer native alerting features, the ability to design specific analysis flows bound to a Security Information and Event Management (SIEM) platform, and a REST API that can integrate into a cybersecurity ecosystem.