Scale Tenable Identity Exposure Services

Cancri is the service in charge of translating and decoding the raw data it receives.

Cancri's scaling up mechanism goes through its reconfiguration using an environment variable.

To scale Cancri:

1. Open a PowerShell (x64) terminal.

2. Define the environment variable TENABLE_CASSIOPEIA_CANCRI_Application__MaxConcurrentPublishToEridanis:

   Note: The default value is 100.
   
   Copy

   [Environment]::SetEnvironmentVariable("ALSID_CASSIOPEIA_CANCRI_Application__MaxConcurrentPublishToEridanis", "IntegerValue", "Machine")

3. Restart Cancri:

   Copy

   Restart-Service -Name Alsid_Cancri
   

Example:

[[Environment]::SetEnvironmentVariable("ALSID_CASSIOPEIA_CANCRI_Application__MaxConcurrentPublishToEridanis", "200", "Machine")
Restart-Service -Name Alsid_Cancri

The Cygni service analyzes changes in AD objects to identify potential risks. If these changes collectively meet deviance criteria, it transmits the deviance to the database and it becomes visible in Tenable Identity Exposure.

If your security requirements do not align with the default settings of the Tenable security profile, you can deactivate it to enhance performance by circumventing the computation associated with this profile. Alternatively, you can create a new profile by duplicating the Tenable security profile and customizing it to your specific needs. This allows you to create a personalized profile aligned with your own security standards based on Tenable recommendations. You can then deactivate the default Tenable profile, ensuring that your system adheres to your security requirements.

Note: Disabling analysis on this profile pauses the results.

To disable IoE analysis on the Tenable security profile:

1. On the Security Engine Node machine, open a PowerShell (x64) terminal.

2. Run the following command:

   Copy

   [Environment]::SetEnvironmentVariable("ALSID_CASSIOPEIA_CYGNI_Application__IOE__IgnoreDefaultProfile", "true", [System.EnvironmentVariableTarget]::Machine)
   

3. Restart the Cygni service:

   Copy

   Restart-Service -Name 'alsid_Cygni'
   

Eridanis is the API service that stores the business data (configuration and AD objects, deviances, etc.) in the MSSQL Server and forwards it to other services.

To scale up the total number of Eridanis instances, you must update the ERIDANIS_WORKER_COUNT environment variable.

To scale Eridanis:

1. Open a PowerShell (x64) terminal.

2. Run the following command (replace the value in brackets with the real expected value):

   Copy

   [System.Environment]::SetEnvironmentVariable('ERIDANIS_WORKER_COUNT', <number of Eridanis instances>, 'Machine')

3. Restart Eridanis:

   Copy

   Restart-Service -Name 'alsid_Eridanis'

Example: For 3 Instances of Eridanis

[System.Environment]::SetEnvironmentVariable('ERIDANIS_WORKER_COUNT', 3, 'Machine')
Restart-Service -Name 'alsid_Eridanis' -Force

The EventLogsDecoder component needs to process data at a high speed. It's possible that a single instance of EventLogsDecoder may not suffice, so consider running multiple instances of this component concurrently.

To determine when to initiate additional instances, you monitor a specific metric, which is the number of messages queued in the RabbitMQ queue named event-logs-decoder-ioa-input-queue. When this metric reaches a threshold of 8000 messages, it's imperative to launch a new instance of the EventLogsDecoder component.

To scale a new instance of EventLogsDecoder on a new machine, launch the installation program on this machine and follow the same procedure as the one you used for the first instance:

• Default TLS

• Default TLS in "Expert Mode"

• TLS without Peer Verification

• TLS with Peer Verification

• No TLS

You do not need to restart any service because Tenable Identity Exposure automatically takes in account this new instance.