Tenable Identity Exposure

Important! Tenable One only supports SaaS instances of Tenable Identity Exposure. You cannot use Tenable Identity Exposure On Premises with Tenable One.

Activate Tenable Identity Exposure

Because there is a significant cost associated with operating each instance of Tenable Identity Exposure, Tenable does not automatically activate the application for all Tenable One customers.

Important! If you have not yet purchased or are currently purchasing Tenable One, you can request access to Tenable Identity Exposure during the subscription process. Otherwise, follow the steps below to get set up.

To activate Tenable Identity Exposure for your Tenable One instance:

  1. Log in to Tenable One.

    The Workspace page appears. The Tenable Identity Exposure tile is disabled by default.

  2. In the Tenable Identity Exposure tile, click Request.

  3. Be prepared to provide the estimated number of users in your active directory. If Tenable discovers more assets are required than are available in your Tenable One license, a Tenable representative will reach out directly to discuss license expansion.

    This is necessary to ensure that your Tenable One subscription has available assets to apply to assess your organization's active directory. To get an accurate estimate of unique enabled identities, Tenable recommends to running the following PowerShell Command script(s) on your domain controllers:

    • AD On-premise Only (Once Per Domain)

      1. In the Active Directory Powershell module, run the following command:

        (Get-ADuser -ResultSetSize $null -Filter 'enabled -eq $true').count

    • Microsoft Entra ID

      1. To install Microsoft Graph, in the Active Directory Powershell module, run the following command:

        Install-Module Microsoft.Graph -Scope CurrentUser

      2. Then, to get a count of all Azure AD Identity Users, run the following commands:

        Connect-MgGraph -Scopes "User.Read.All"
        (Get-MgUser -All -Filter "accountEnabled eq true").Count

        This provides a list of all Microsoft Entra ID users.

      3. Then, to get a count of all Cloud Only Azure AD identities, run the following command:

        (Get-MgUser -All -Filter "accountEnabled eq true" -Property onPremisesSyncEnabled | where { $_.onPremisesSyncEnabled -ne $true }).Count
        Note: This excludes any synchronized identities from your on-premises Active Directory “Hybrid Identities”.

    Once the request is complete, Tenable recommends expecting 2-3 day turnaround time to enable Tenable Identity Exposure access.

Deploy and configure Tenable Identity Exposure in the Cloud

Deploy Tenable Identity Exposure according to the steps outlined in the Tenable Identity Exposure User Guide, or based on guidelines received directly from Tenable Professional Services.

Configure Tenable Identity Exposure for Use in Tenable One

    1. Navigate to Tenable Community to download the license file required to use Tenable Identity Exposure with Tenable One.

      Tip: If you cannot locate the license file, contact your Tenable Representative.

    2. In Tenable Identity Exposure, navigate to System > About > Edit License File.

    3. Upload the license file required to use Tenable Identity Exposure with Tenable One.

    1. On the Tenable Identity Exposure Downloads site, download the Secure Relay for your Tenable Identity Exposure instance.

    2. Install the Secure Relay on your local network by following the steps outlined in the Tenable Identity Exposure User Guide.

    3. Navigate to Settings > Relay Management to view and manage the Secure Relay.

    1. In Tenable Identity Exposure, navigate to Settings > Forest Management > Add Forest.

    2. On the Add Forest page, type the Login and Password associated with the connected service account.

    3. Click Add.

Onboarding Milestones

Tenable suggests you complete the following milestones to ensure your success before proceeding with your Tenable One deployment process:

  • In Lumin Exposure View, gain critical business context by getting business-aligned cyber exposure score for critical business services, processes and functions, and track delivery against SLAs. Track overall identity risk to understand the risk contribution of web applications to your overall cyber exposure score.

    • Review the Global exposure card to understand your holistic score. Click Per Exposure to understand what factors are driving your score, and by how much.

    • Review the Active Directory exposure card.

    • Configure the exposure view settings to set a customized Card Target and configure Remediation SLA and SLA Efficiency based on your company policy.

    • Create a custom exposure card based on business context (for example, Domains, Domain Admins, Asset Criticality, Critical Users/Critical Assets, or Service Accounts).

  • In Tenable Inventory, enhance asset intelligence by accessing deeper asset insights, including related attack paths, tags, exposure cards, users, relationships, and more. Improve risk scoring by gaining a more complete view of asset exposure, with an asset exposure score that assesses total asset risk and asset criticality for identities.

    • Review your AD assets to understand the strategic nature of the interface. This should help set your expectations on what features to use within Tenable Inventory, and when.

    • Review the Tenable Queries that you can use, edit, and bookmark.

    • Familiarize yourself with the Global Search query builder and its objects and properties. Bookmark custom queries for later use.

      Tip: To get a quick view of what properties are available:
      • In the query builder, type has. A list of suggested asset properties appears.
      • Customize the list by adding a column. A list of available columns/properties appears.
    • Drill down into the asset details page to view asset properties and all associated context views.

    • (Optional) Create a tag that combines different asset classes.

  • In Attack Path Analysis, optimize risk prioritization by exposing risky attack paths that traverse the attack surface, including web apps, IT, OT, IoT, identities, ASM, and prevent material impact. Streamline mitigation by identifying choke points to disrupt attack paths with mitigation guidance, and gain deep expertise with AI insights.

    • View the Attack Path Analysis Dashboard for a high-level view of your vulnerable assets such as the number of attack paths leading to these critical assets, the number of open findings and their severity, a matrix to view paths with different source node exposure score and ACR target value combinations, and a list of trending attack paths.

      • Review the Top Attack Path Matrix and click the Top Attack Paths tile to view more information about paths leading to your “Crown Jewels”, or Domain Admins.

      You can adjust these if needed to ensure you’re viewing the most critical attack path data and findings.

    • On the Findings page, view all attack techniques that exist in one or more attack paths that lead to one or more critical assets by pairing your data with advanced graph analytics and the MITRE ATT&CK® Framework to create Findings, which allow you to understand and act on the unknowns that enable and amplify threat impact on your assets and information.

    • On the Discover page, generate attack path queries to view your assets as part of potential attack paths:

      Then, you can view and interact with the Attack Path Query and Asset Query data via the query result list and the interactive graph.

What to do next

Deploy Tenable Attack Surface Management.