Exposure Instance Exclusions

Tailor Your Security Scans with Asset Exclusions

Not every security alert needs action, and not every flagged asset is truly at risk. In some cases, systems are configured in ways that may trigger alerts, even when there is no real threat. This can lead to unnecessary noise in your security reports and distract from the issues that really matter.

To help you stay focused on what’s important, the Exclusions feature lets you exclude specific assets from being reported as impacting certain weaknesses. Excluding safe assets gives you more control over your scan results so your reports are clear, relevant, and actionable.

  1. In Tenable Identity Exposure's left navigation pane, click the Exposure Center icon .

  2. From the submenu, click on Exposure Instances.

    The Exposure Instances page appears.

  3. To go into further detail about each Exposure Instance, click the arrow at the end of the line. This opens another page with the following information for each exposure instance:

  4. Click the Exclusions tab.

    A page opens to show a list of exclusions, if any, for that instance.

  1. Click Create Exclusion.

    The Create an Exclusion window opens.

  2. Provide the following information:

    Name Type an intuitive name for the exclusion
    Tenant

    Click the arrow for the drop-down list and select the tenant to apply the exclusion.
    Criteria Depending on the type of weakness, the related information and criteria differ.
     

    • In the Asset Type drop-down, select the type of asset you want to exclude:

    • Click + next to the attribute name and assign values identifying the asset to exclude. Tenable Identity Exposure offers suggested values corresponding to the impacted asset you selected.

    • Click Select.
      Asset type Attributes
      Tenant Asset Name, External Identifier
      Privileged Role Asset Name, External Identifier, Role is Privileged
      Account Account Login, Account Status, ACR, Asset Name, Entra ID Security Identifier, External Identifier, MFA Flag, User Type
      User
    Business justification Type a description for this exclusion to provide it with context.

    Click Save to create the exclusion.

    A message appears to indicate that Tenable Identity Exposure created the exclusion and will it into account at the next security analysis.

    Note: The new exclusion is not effective immediately and therefore the status of the excluded assets do not updated until the following scan.

The Exclusions list is sorted by the most recently updated item at the top, so any new exclusion you create appears first.

Name Description
Name Displays the name given to the exclusion.
Tenant The tenant associated with the impacted asset in the exclusion.
Business justification The reason for the exclusion
Criteria

Shows the exclusion's criteria and attributes as a list of pills, which automatically resize based on the column width.

If all attributes aren't visible, click more to open the right-hand panel to display the full exclusion details, with each pill representing a criterion or attribute of the exclusion. Clicking a pill in this panel reveals a searchable list of all values it contains, which is useful when values are hidden due to space.

Last Update Date of the most recent creation or update of the exclusion.
Last Author The name of the party who created or updated the exclusion.
A contextual menu to allow you to edit or delete an exclusion.

  1. Select the exclusion from the list and click on the contextual menu at the end of the line.

  2. Select Edit Exclusion.

    The Edit an Exclusion window opens.

  3. Edit the necessary information. Refer to the procedure to create an exclusion.

  4. Click Save.

    A message appears to indicate a successful update of the exclusion, which the next scan will take into account.

  1. Click on the contextual menu at the end of the line.

  2. Select Delete exclusion.

    A message asks you to confirm the deletion. You cannot undo this action.

  3. Confirm the deletion.

    A message appears to indicate a successful deletion of the exclusion, which the next scan will take into account.

  1. In Tenable Identity Exposure's left navigation pane, click the Exposure Center icon .

  2. From the submenu, click on Exposure Instances.

  3. The Exposure Instances page appears.

  4. To go into further detail about each Exposure Instance, click the arrow at the end of the line. This opens another page with the following information for each exposure instance:

  5. On the Exposure Instance page's status filter, select "Excluded":

  6. Click Apply filter.

    Tenable Identity Exposure shows the excluded assets for that exposure instance, if any.

  7. Click on Excluded under "Status" to open the side panel showing the exclusion.

  8. From this panel, you can edit or delete the exclusion.

See Also