Manage Tenable Identity Exposure
Using its web portal, Tenable.ad allows you to review, manage, and receive relevant information about the security state of the monitored infrastructure. The web portal displays the following:
Live Active Directory security flows to allow security teams to perform security compliance tasks, threat hunting, or incident response tasks.
Administrative panes to manage the monitoring of new infrastructures.
Access rights of each user or service connected to the platform.
Tenable.ad can also forward its security monitoring flows to other services such as internal application logs for further correlation.
Tenable.ad includes notifications and alerts that you can connect to third-party services, such as an event log collector (for example, a Security Information and Event Management), an email service provider using SMTP, or a ticketing system. When a new security incident appears, Tenable.ad raises notifications to inform security teams to take immediate action.
Tenable.ad uses email notifications to send general purpose information to users, such as password recovery information, as well as notifications about security incidents.
To enable alerts, provide Tenable.ad with credentials for a user account with permissions to send emails to the selected SMTP server. This can be the same user account as the one you use to connect to your Active Directory.
The following is a generic email template for a security incident detected by Tenable:
You can integrate Tenable.ad into a security ecosystem using its RESTv3 (Representational State Transfer) API to enable management, logging. or notification capabilities.
Tenable.ad provides a public API that you can use to connect the platform to third-party services. This API supports the REST v3 standard which you access using HTTP.
For more information, see the Tenable.ad API Reference Portal.