Exposure Signals

An Exposure Signal can be defined as a combination of risks that could make any weakness potentially dangerous to your business. For example, an account with:

Privileged access to a business-critical application
Unpatched vulnerabilities on their device
A device not covered by EDR

Is a candidate for an exposure signal, because these weaknesses combined on an asset makes this person a risk to their organization.

Within Tenable Inventory, you can generate exposure signals that use queries to search for asset violations. Simply put, if an asset is impacted by a weakness related to the query, then the asset is considered a violation. On the Exposure Signals page, you can view, generate, and interact with the data from queries and their impacted asset violations.

Using this, you can:

Gain visibility into your most critical risk scenarios
Create custom exposure signals to view business-specific risks and weaknesses

To access the exposure signals page:

The Exposure Signals page includes the following sections:

Exposure Signals List

On the left side of the page, you can view a list of cards representing exposure signals. The list includes several sections:

Tenable — The cards in this section represent Tenable-provided exposure signals. You cannot edit Tenable-provided signals.
My Exposure Signals — The cards in this section represent user-created custom exposure signals. To add exposure signals to this section, you can:
Archived — The cards in this section represent all exposure signal cards that have been archived.

Tip: To unarchive an exposure signal, in the upper-right corner of the card, click the Unarchive button. Tenable Inventory reactivates the exposure signal and moves the card to the appropriate section of the exposure signals list.

Each card includes the following information:

Violations — The number of assets found in violation of the exposure signal.
Exposure Mgmt. — The exposure management class associated with the exposure signal.
Trends — The trend and percentage of change in violations within the last 7 days. For example, if the violations for this combination have increased by 5.45%, you'd see .

Note: Because data on exposure signal cards only refreshes once every 24 hours, you may notice a difference in violation counts between these cards and the rest of the Tenable Inventory interface, including theImpacted Assets section.

In the upper right corner of a card, click the button to view additional options:

Section	Menu Options
Tenable	Click Archive to move the exposure signal card to the Archived section of the list.
My Exposure Signals	Click Edit to make changes to the exposure signal card. For more information, see Edit a Custom Exposure Signal. Click Duplicate to make a copy of the exposure signal card. For more information, see Duplicate a Custom Exposure Signal. Click Archive to move the exposure signal card to the Archived section of the list. For more information, see Archive a Custom Exposure Signal. Click Delete to permanently delete the exposure signal card from the Exposure Signals page. For more information, see Delete a Custom Exposure Signal.
Archived	Click Delete to permanently delete the exposure signal card from the Exposure Signals page.

Exposure Signal Details

When you click on a card in the Exposure Signals List, the details for that card appear on the right side of the page.

Basic Information and Summary

At the top of the details section, you can view the following information:

The name of the exposure signal.
Last Run — The date and time at which information was last generated for the exposure signal.
Exposure Mgmt. — The number of and the icons for each exposure management class associated with the exposure signal.
(Not supported in Tenable FedRAMP Moderate) What is it about? — This section displays an AI-generated summary of the exposure signal, including information about why the combination may be a risk to you.

Associated Query

In this section, you can view the asset query that generated the exposure signal.

Below the query, you can select any of the following options:

See results in Asset Inventory — Click to navigate directly to the Assets view, where you can view the asset query and the asset list filtered by the query results. For more information, see Assets.
Duplicate — Click to duplicate the exposure signal into a new, custom exposure signal. From here, you can manage and edit the exposure signal to fit your needs before saving it to the My Exposure Signals section of the exposure signals list.
Copy — Click to copy the query to your device's clipboard. You can then paste the query for use/editing in the Global Asset Search, or you can save it for later.

Trend

In the Trend section, you can view a graphical representation of how the number of violations within the selected exposure signal has changed over a specific period of time.

To change the period of time for which you want to view the trend, in the upper-right corner of the section, expand the drop-down menu and select one of the following options:

All time
Last year
Last quarter
Last month
Last 7 days

Tip: Hover your mouse cursor over any point on the graph to view the exact number of violations on that date.

Impacted Assets

In this section, you can view a list of the impacted assets (assets found in violation) of the exposure signal.

Tip: Use the search box to search for a specific impacted asset.

This list includes the following asset information:

Name — The asset identifier. Tenable Inventory assigns this identifier based on the presence of certain asset attributes in the following order:
1. Agent Name (if agent-scanned)
2. NetBIOS Name
3. FQDN
4. IPv6 address
5. IPv4 address
For example, if scans identify a NetBIOS name and an IPv4 address for an asset, the NetBIOS name appears as the Asset Name.
Class — The class type associated with the asset. For more information, see Asset Classes.
Weaknesses — The weaknesses associated with the asset. For more information, see Weaknesses.
ACR — The Asset Criticality Rating for the asset. The ACR represents the asset's relative criticality as an integer from 1 to 10. A higher ACR indicates higher criticality.

Note:Tenable Inventory does not calculate an ACR for unlicensed assets.

Click the asset row to view additional asset details:

The asset details panel appears.

This panel includes the following asset information:

Section	Information
Header	View the asset name. Below the name, click See Asset Details to navigate directly to the full Asset Details page for the selected asset.
Exposure Signal Summary	(Not supported in Tenable FedRAMP Moderate) View an AI-generated summary of the exposure signals, including information about why the combination may be a risk to you.
Key Properties	View high-level Key Properties, including: Last Observed At — The date and time at which a scan most recently identified the asset. Created Date — The date and time at which the asset record was created in Tenable One. Host Fully Qualified DNS — The Host Fully Qualified Domain Names, or FQDNs, of the asset host. Device System Type — The type associated with the asset's device system, for example, plc. Asset Class — The asset class associated with the asset, for example, Device. ACR — The Asset Criticality Rating for the asset. The ACR represents the asset's relative criticality as an integer from 1 to 10. A higher ACR indicates higher criticality.
Weaknesses	View a list of all weaknesses associated with the asset. Click on a weakness to navigate directly to the Weakness Details page for the selected weakness. Tip: Use the search box to search for a specific weakness on the asset.