Attack Scenarios (< v. 3.36)

In order to modify the attack scenario, you must have a user role with the following permissions:

• In Data Entities, "Read" access for:

  • All Indicators of Attack

  • All domains

• In Interface Entities, access for:

  • Management > System > Configuration

  • Management > System > Configuration > Application Services > Indicators of Attack

  • Management > System > Configuration > Application Services > Indicators of Attack > Download installation file

For more information about role-based permissions, see Set Permissions for a Role.

1. In Tenable Identity Exposure, click on Systems > Configuration > Indicators of Attack.

   The Definition of Attack Scenarios pane opens.

   

2. Under Attack Name, select the attack to monitor.

3. Select the domain on which to monitor for the selected attack.

4. Optionally, you can do one of the following:

   • Click on Select all to monitor for all attacks on all domains.

   • Click on n/n domains or n/n indicators to filter for specific domains to monitor for specific attacks.

5. Click Save.

   A confirmation message informs you that Tenable Identity Exposure clears the activity status of each attack after you save the configuration.

6. Click Confirm.

   A message confirms that Tenable Identity Exposure updated the Indicator of Attack configuration.

7. Click Download the installation file.

8. For the new attack configuration to take effect, run the installation file:

   1. Copy and paste the downloaded installation file to the DC in the monitored domain.

   2. Open a PowerShell terminal with administrative rights.

   3. In Tenable Identity Exposure, copy the commands under the Indicators of Attack section at the bottom of the window.

      

   4. In the PowerShell window, paste the commands to run the script.

1. In Tenable Identity Exposure, click on Systems > Configuration > Indicators of Attack.

   The IoA configuration pane opens.

2. Select the IoAs you want for your configuration.

3. Under Indicators of Attack, in the Quota maximum limit box, type a value for the workload quota limit.

   

4. Click the checkmark next to the value you entered.

   A message informs you of the modification's impacts on Tenable Identity Exposure.

   Note: If you type a quota maximum limit that is smaller than what the current attack configuration requires, you must adjust the number of active Indicators of Attack or raise the limit.

5. Click Confirm.

   A message confirms that Tenable Identity Exposure updated the quota maximum limit.

6. Click Save.

   A confirmation message informs you that Tenable Identity Exposure clears the activity status of each attack after you save the configuration.

7. Click Confirm.

   A message confirms that Tenable Identity Exposure updated the Indicator of Attack configuration.

8. Click Download the installation file.

9. For the new attack configuration to take effect, run the installation file:

   1. Copy and paste the downloaded installation file to the DC in the monitored domain.

   2. Open a PowerShell terminal with administrative rights.

   3. In Tenable Identity Exposure, copy the commands under the Indicators of Attack section at the bottom of the window.

      

   4. In the PowerShell window, paste the commands to run the script.