Glossary of Terms

This glossary familiarizes you with the commonly used terms in Tenable Identity Exposure.

Cancri — The service that computes the difference between the previous state of an AD object and its new current state. It also sequences events so that Cygni receives them in order.

Cephei — The service that calculates the statistics observable on your dashboard (Widget Active Users count, Compliance Score, Deviance, etc).

Ceti — The service that initially collects AD objects (crawling) and subscribes to replication flows (appearance of new events: listening). The AD objects retrieved currently come from two sources: LDAP and Sysvol.

Cygni — The service that analyzes the changes in AD objects to deduce whether they involve one or more risks, which, when assembled, would meet the criteria for deviance. This deviance will then be transmitted to the database and then visible in Tenable Identity Exposure.

Deviant objects — The set of deviances that an Indicator Of Exposure (IoE) flags, pointing to an object that carries an attribute that triggered the related IoE.

Directory Listeners — Hosting the Ceti services (on-premises context) that work closely with the monitored domain controllers, the Directory Listeners receive real-time Active Directory flows and apply several treatments to decode, isolate, and correlate security changes.

Enif — The service that controls authentication at the Web interface.

Eridanis — The API service that stores the business data (configuration and AD objects, deviances, etc.) in MS SQL Server and supplies them to other services.

Kapteyn — The service that hosts the Tenable Identity Exposure web applications. Developed with Javascript technologies, it is a real-time application that allows data updates without user action.

RabbitMQ — RabbitMQ is a third-party tool that Tenable Identity Exposure uses to transfer messages from one service to another. The messages remain in the RabbitMQ queue manager until a receiving application connects and removes a message from the queue. The receiving application subsequently processes the message.

Secure Relay — A mode of transfer for your Active Directory data from your network to Tenable Identity Exposure using Transport Layer Security (TLS) instead of a VPN (exclusive to versions 3.59 and later).

Security Engine Nodes — As the hosting analysis-related services, the Security Engine Nodes support the Tenable Identity Exposure security engine, internal communication bus, and end-user applications (such as the Web portal, the REST API, or the alert notifier). This component builds on different isolated Windows services.

Storage Manager — Providing hot and cold storage support, the Storage Managers oversees serving data to the Directory Listeners and the Security Engine Nodes. This component is the only one that must remain persistent to save information. Internally, they use Microsoft MS SQL Server to store internal data and configuration.

Trail Flow — The Trail Flow landing page displays the real-time monitoring and analysis of events affecting your AD infrastructures. The Trail Flow page provides the ability to load previous events to go back in time. The search function at the top of this page can also allow you to perform threat hunting and detect malicious patterns.