Network Requirements

Tenable Identity Exposure requires access to your Active Directory infrastructures to initiate security monitoring. You must allow network flows between the different Tenable Identity Exposure services as described in Network Flow Matrix.


As a monitoring platform, Tenable Identity Exposure receives Active Directory events continuously. Depending on the scale of the infrastructure, this process can generate a significant volume of data.

You must allocate an appropriate bandwidth to guarantee data transmission to Tenable Identity Exposure for analysis in a reasonable amount of time.

The following table defines the required bandwidth based on the size of the monitored AD.

Active AD Users

Average Number of Objects Received (per minute)

Minimum Bandwidth

Recommended Bandwidth

1 – 5,000


1 Mbps/sec

2 Mbps/sec

5,001 – 75,000


5 Mbps/sec

10 Mbps/sec

75,001 – 400,000


15 Mbps/sec

30 Mbps/sec

Microsoft APIs

To subscribe to the replication flows and begin monitoring them, Tenable Identity Exposure must contact standard directory APIs from Microsoft. Tenable Identity Exposure only requires communication with the Primary Domain Controller emulator (PDCe) with a regular user account. You must also deploy a new group policy object (GPO) to activate the attack detection engine.

Communication with AD

For an on-premises installation, Tenable Identity Exposure is a software package that you deploy on your Windows Server environment. Tenable Identity Exposure must communicate with the monitored Active Directory.

Internet Access

Tenable provides a continuous integration process to allow regular releases of new detection capabilities and features. Tenable recommends that you plan an Internet access to upgrade Tenable Identity Exposure regularly.

Network Protocols

Specific network protocols (such as Syslog, SMTP or HTTP) allow Tenable Identity Exposure to offer native alerting features, the ability to design specific analysis flows bound to a Security Information and Event Management (SIEM) platform, and a REST API that can integrate into a cybersecurity ecosystem.