Manage Tenable Identity Exposure
Using its web portal, Tenable Identity Exposure allows you to review, manage, and receive relevant information about the security state of the monitored infrastructure. The web portal displays the following:
Live Active Directory security flows to allow security teams to perform security compliance tasks, threat hunting, or incident response tasks.
Administrative panes to manage the monitoring of new infrastructures.
Access rights of each user or service connected to the platform.
Tenable Identity Exposure can also forward its security monitoring flows to other services such as internal application logs for further correlation.
Tenable Identity Exposure includes notifications and alerts that you can connect to third-party services, such as an event log collector (for example, a Security Information and Event Management), an email service provider using SMTP, or a ticketing system. When a new security incident appears, Tenable Identity Exposure raises notifications to inform security teams to take immediate action.
Tenable Identity Exposure uses email notifications to send general purpose information to users, such as password recovery information, as well as notifications about security incidents.
To enable alerts, provide Tenable Identity Exposure with credentials for a user account with permissions to send emails to the selected SMTP server. This can be the same user account as the one you use to connect to your Active Directory.
The following is a generic email template for a security incident detected by Tenable:
You can integrate Tenable Identity Exposure into a security ecosystem using its RESTv3 (Representational State Transfer) API to enable management, logging. or notification capabilities.
Tenable Identity Exposure provides a public API that you can use to connect the platform to third-party services. This API supports the REST v3 standard which you access using HTTP.
For more information, see the Tenable Identity Exposure API Reference Portal.