Indicators of Attack Incidents

The Indicators of Attack (IoA) list of incidents provides detailed information about specific attacks on your Active Directory (AD). This allows you to take the required action depending on the IoA's severity level.

Incident Details

Each entry in the list of incidents shows the following information:

  • Date — The date when the incident triggering the IoA occurred. Tenable Identity Exposure shows the most recent at the top of the timeline.

  • Source — The source where the attack originated and its IP address.

  • Attack Vector — An explanation about what happened during the attack.

    Tip: Hover over the attack vector to see more information about the IoA.
  • Destination — The target of the attack and its IP address.

  • Attack Name — The technical name of the attack.

  • Domain — The domains that the attack impacted.

    Tip: Tenable Identity Exposure can show a maximum of five panes when you click on several interactive elements (links, action buttons, etc.) in the List of incidents. To close all panes simultaneously, click anywhere on the page.

Attack Details

From the list of incidents, you can drill down on a specific attack and take necessary action to remediate.

To show attack details:

  1. From the list of incidents, select an incident to drill down for details.

  2. Click Details.

    Tenable Identity Exposure displays the details associated with that attack:

See also