Getting Started with Tenable Attack Surface Management

Tenable Attack Surface Management (formerly known as Tenable.asm) is a web-based inventory tool that you can use to identify internet-accessible assets that may or may not be known to your organization. Tenable Attack Surface Management identifies assets using DNS records, IP addresses, and ASN, and includes more than 180 columns of metadata to help you organize and inventory your assets.

To get started with Tenable Attack Surface Management, complete the following steps:

1. Log in to Tenable Attack Surface Management

2. Create Your First Inventory

3. Add Users to Tenable Attack Surface Management

4. Filter Your Assets

5. Create Saved Queries

6. Set Up Notifications

Log in to Tenable Attack Surface Management

To log in to Tenable Attack Surface Management:

1. In a supported browser, navigate to https://cloud.tenable.com/. The login page appears.
2. Type your Username and Password credentials.
3. Click Sign In.

   The Workspace page appears.

4. Click the Tenable Attack Surface Management tile.

   The Tenable Attack Surface Management interface appears, where you can identify internet-accessible assets that may or may not be known to your organization.

Create Your First Inventory

When you log in to Tenable Attack Surface Management for the first time, you can see the Let's set up your Inventory page. Type your organization's domain name and click the + Add Domain Name button. Tenable Attack Surface Management starts discovering subdomains and creating your inventory.

Add Users to Tenable Attack Surface Management

To add users to Tenable Attack Surface Management, you must first create users in Tenable Vulnerability Management.

For information about creating users in Tenable Vulnerability Management, follow the instructions in Create a User Account in the Tenable Vulnerability Management User Guide.

(Business Admins only) You can modify user roles and add inventories for users in the Tenable Attack Surface Management administrator interface.

For more information, see Edit User Account Details and Edit Inventory Details.

Filter Your Assets

Tenable Attack Surface Management uses filters to provide powerful inventory search capabilities. Filters allow you to view specific subsets of assets in your inventory.

To apply a filter:

1. Click inside the Enter a filter query box to display the list of available filters.

   

2. Type or select a filter you want to use.

   A list of operators appears. This list varies based on the filter you select.

   

3. If the operator requires a value, type that value in the text box.

   

4. Add AND or OR conditions as needed.

5. Press Enter to apply the query.

   Your inventory displays only assets matching the filter criteria.

   In this example, your inventory displays only assets with a TLS certificate that expires within the next 30 days. The SSL/TLS Expiration column also appears.

Create Saved Queries

You can save one or more filters as a Saved Query. Tenable Attack Surface Management updates saved queries automatically and these contain only the assets that match the applied filters.

For example, if you want to know which assets have TLS certificates that expire within the next 30 days, you can create a Saved Query to refer the filter quickly.

To save a query:

1. Apply one or more filters to your assets.

2. In the left of the filter box, click the Saved Queries drop-down box.

   The saved queries list appears.

   

3. Click Save as New Query.

   A box for the query name appears.

4. Provide a name for a query.

5. Click to save the query.

   Tenable Attack Surface Management adds the query to the list.

Create Subscriptions

You can save one or more filters as a Subscription. Tenable Attack Surface Management updates subscriptions automatically and these contain only the assets that match the applied filters.

For example, if you want to know which assets have TLS certificates that expire within the next 30 days, you can create a Subscription to refer the filter quickly.

To create a Subscription:

1. Apply one or more filters to your assets.

2. To the right of the applied filter, click Save.

   

   The Create Subscription window appears.

3. In the Subscription name box, type a name for the subscription.

4. Click Create Subscription.

   A confirmation window appears with a link to the newly created subscription.

5. Click the link in the confirmation window.

   Your subscription appears with a list of assets that match the applied filter.

   

   To see a list of all your subscriptions, click the icon in the left navigation bar.

Expand Tenable Attack Surface Management into Tenable One

Integrate Tenable Attack Surface Management with Tenable One and leverage the following features:

• Access the Exposure View page, where you can gain critical business context by getting business-aligned cyber exposure score for critical business services, processes and functions, and track delivery against SLAs. Track overall risk to understand the risk contribution of assets to your overall Cyber Exposure Score, including by asset class, vendor, or by tags.

  • View and manage cyber exposure cards.

  • View CES and CES trend data for the Global exposure card.

  • View Remediation Service Level Agreement (SLA) data.

  • View Tag Performance data.

• Access the Exposure Signals page, where you can generate exposure signals that use queries to search for asset violations. Simply put, if an asset is impacted by a weakness related to the query, then the asset is considered a violation. Using this, you can gain visibility into your most critical risk scenarios.

  • Find top active threats in your environment with up-to-date feeds from Tenable Research.

  • View, generate, and interact with the data from queries and their impacted asset violations.

  • Create custom exposure signals to view business-specific risks and weaknesses

• Access the Inventory page, where you can enhance asset intelligence by accessing deeper asset insights, including related attack paths, tags, exposure cards, users, relationships, and more. Improve risk scoring by gaining a more complete view of asset exposure, with an asset exposure score that assesses total asset risk and asset criticality.

  • View and interact with the data on the Assets tab:

    • Review your AD assets to understand the strategic nature of the interface. This should help set your expectations on what features to use within Tenable Exposure Management, and when.

    • Familiarize yourself with the Global Asset Search and its objects and properties. Bookmark custom queries for later use.

    • Find devices, user accounts, software, cloud assets, SaaS applications, networks, and their weaknesses.

    • Drill down into the Asset Details page to view asset properties and all associated context views.

  • View and interact with the data on the Weaknesses tab:

    • View key context on vulnerability and misconfiguration weaknesses to make the most impactful remediation decisions.

  • View and interact with the data on the Software tab:

    • Gain full visibility of the software deployed across your business and better understand the associated risks.

    • Identify what software may be out of date, and which pieces of software may soon be End of Life (EoL).

  • View and interact with the data on the Findings tab:

    • View instances of weaknesses (vulnerabilities or misconfigurations) appearing on an asset, identified uniquely by plugin ID, port, and protocol.

    • Review insights into those findings, including descriptions, assets affected, criticality, and more to identify potential security risks, visibility on under-utilized resources, and support compliance efforts.

• Access the Attack Path page, where you can optimize risk prioritization by exposing risky attack paths that traverse the attack surface, including web apps, IT, OT, IoT, identities, ASM, and prevent material impact. Streamline mitigation by identifying choke points to disrupt attack paths with mitigation guidance, and gain deep expertise with AI insights (Not supported in FedRAMP environments).

  • View the Dashboard tab for a high-level view of your vulnerable assets such as the number of attack paths leading to these critical assets, the number of open attack techniques and their severity, a matrix to view paths with different source node exposure score and ACR target value combinations, and a list of trending attack paths.

    • Review the Top Attack Path Matrix and click the Top Attack Paths tile to view more information about paths leading to your “Crown Jewels”, or assets with an ACR of 7 or above.

    You can adjust these if needed to ensure you’re viewing the most critical attack path data.

  • On the Top Attack Techniques tab, view all attack techniques that exist in one or more attack paths that lead to one or more critical assets by pairing your data with advanced graph analytics and the MITRE ATT&CK® Framework to create attack techniques, which allow you to understand and act on the unknowns that enable and amplify threat impact on your assets and information.

  • On the Top Attack Paths tab, generate attack path queries to view your assets as part of potential attack paths:

    • Generate an Attack Path with a Built-in Query

    • Generate an Attack Path Query with the Attack Path Query Builder

    • Generate an Asset Query with the Asset Query Builder

    Then, you can view and interact with the Attack Path Query and Asset Query data via the query result list and the interactive graph.

  • Interact with the MITRE ATT&CK Heatmap tab.

• View and interact with the data in the Tags page:

  • Create and manage tags to highlight or combine different asset classes.

  • View the Tag Details page to gain further insight into the tags associated with your assets.