Get Started with Lumin
The following feature is not supported in Tenable.io Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.
You can use Tenable Lumin to quickly and accurately assess your risk and compare your health and remediation performance to other Tenable customers in your Salesforce industry and the larger population. Lumin correlates raw vulnerability data with asset business criticality and threat context data to support faster, more targeted analysis workflows than traditional vulnerability management tools.
Tenable recommends the following to get started with Lumin data and functionality.
License and Enable
Acquire a Lumin license and enable Lumin in Tenable.io.
To add Lumin to your Tenable.io license, contact your Tenable representative.
- In your browser, disable features that may prevent you from enabling Lumin:
- Ad blocker extensions
- Do Not Track (Mozilla Firefox, Google Chrome, Apple Safari, or Microsoft Internet Explorer)
Protected Mode (Microsoft Internet Explorer)
Tip: You can re-enable these features after you fully enable Lumin.
Log in to Tenable.io, as described in Log In to Lumin.
The Lumin welcome window appears.
Follow the wizard to enable Lumin.
The Lumin dashboard appears.
Generate data and learn about Lumin terminology.
|Tenable.io Only||Tenable.sc + Tenable.io Lumin|
Assess Your Exposure
Note: All Lumin data reflects all assets within the organization's Tenable.io instance.
Review your CES and perform vulnerability management analysis.
Use the Lumin dashboard to understand your CES and access details pages.
Cyber Exposure Score widget — How does your overall risk compare to other Tenable customers in your Salesforce industry and the larger population?
- Cyber Exposure Score Trend widget — How has the overall risk for your entire organization changed over time?
- Assessment Maturity widget — How frequently and thoroughly are you scanning your assets?
- Remediation Maturity widget — How quickly and thoroughly are you remediating vulnerabilities on your assets?
- Reduce Cyber Exposure Score widget — What would the impact be if you addressed all of your top 20 recommended actions?
- Asset Criticality Rating Breakdown widget — How critical are your assets?
- Asset Scan Distribution widget — What types of scans have run on your assets?
- Mitigations widget — What endpoint protection agents are running on your assets?
Cyber Exposure Score by Business Context/Tag widget — How do assets with different tags (unique business context) compare?
- To browse the most critical vulnerabilities on your network, sort your vulnerabilities by VPR.
- To browse the most critical assets on your network, sort your assets by ACR.
Customize Your ACR Values
Review the Tenable-provided ACR values and customize them to reflect the unique infrastructure or concerns of your organization.
Use the Assets page to review the Tenable-provided ACR values for your assets.
- Do any of your assets have ACR values that seem too high for the relative criticality of that asset?
- Do any of your assets have ACR values that seem too low for the relative criticality of that asset?
- If necessary, manually customize your asset ACR values.
Lower Your CES and AES
You must address vulnerabilities on your network to lower your CES and AES.
View lists of Tenable-recommended action items:
Top recommended actions for all assets on your network.
Export your top recommended actions, as necessary.
All solutions on your network.
Export your solutions, as necessary.
- Follow the recommendations and take steps to address the vulnerabilities on your network.
Mature your vulnerability management strategy.
- Continue monitoring and addressing vulnerabilities to lower your CES and AES.
- Continue exporting and sharing recommended actions (solutions) data with others in your organization to refine your vulnerability management strategy.