Event Details

The Trail Flow in Tenable Identity Exposure provides detailed information on each event affecting your Active Directory (AD). Details on a specific event allow you to review technical information and take remedial actions that the Indicator of Exposure (IoE)'s severity level requires.

IoE, Event, and Deviant Object

  • An Indicator of Exposure (IoE) describes a threat that affects the AD. Tenable Identity Exposure's IoEs assesses security levels after receiving an event in real time. IoEs can include several technical vulnerabilities. IoEs provide information on detected vulnerabilities, associated deviant objects, and recommendations for remedial actions.

  • An event indicates a change related to security that can appear in an AD. It can be a password change, a user creation, a new or modified GPO, or a new delegated right, etc. An event can change the compliance status of an IoE from compliant to non-compliant.

  • A deviant object is a technical element — either on its own or associated with another deviant object — that allows the IoE's attack vector to work.

Attributes Table

The Attributes table includes the following columns:

Column Description
Attributes Indicates the attributes of the AD object associated with the event that you selected in the Trail Flow table. Attributes describe the object characteristics. Multiple attributes can describe a single AD object.
Value at event Indicates the attribute value at the time that the event occurred.
Current value Indicates the value of the attribute in the AD at the moment when you are viewing it.
Tip: To display the value of the attribute before the event occurred, hover the blue dot on the left (if any).


If an event in the Trail Flow contains deviances, the Event Details pane also displays them to allow you to drill down to the source of the problem.