Trail Flow
Tenable Identity Exposure's Trail Flow shows the real-time monitoring and analysis of events affecting your AD infrastructure. It allows you to identify critical vulnerabilities and their recommended courses of remediation.
Using the Trail Flow page, you can go back in time and load previous events or search for specific events. You can also use its search box at the top of the page to search for threats and detect malicious patterns.
To access the Trail Flow:
-
In Tenable Identity Exposure, click Trail Flow in the navigation bar on the left.
The Trail Flow page opens with a list of events. For more information, see Trail Flow Table.
To select a timeframe:
-
At the top of the Trail Flow page, click on the calendar box.
-
Select a start date and an end date.
-
Click Search.
Tenable Identity Exposure updates the Trail Flow table with the selected timeframe.
To select a domain:
-
At the top of the Trail Flow page, click n/n domain >.
The Forest and Domains pane opens.
-
Select the forests and domains.
-
Click Filter on selection.
Tenable Identity Exposure updates the Trail Flow table with information for the selected forest and domain.
To view an event:
-
In the Trail Flow table, click on a line that contains the event you want to explore.
The Event Details pane appears. For more information, see Event Details.
To pause and restart the Trail Flow:
-
Do one of the following:
-
Click on the
icon to pause the Trail Flow.Pausing the Trail Flow stops the automatic vertical scrolling of the most recent events while the analysis continues to run in the background and allows you to run a search on events.
-
Click on the
icon to restart the Trail Flow.
-
To load the next or previous events:
-
In the Trail Flow page, do one of the following:
-
Click Load next events
-
Click Load previous events
-