Create an Access Group

Tenable is retiring access groups. Moving forward, Tenable recommends that you use permissions to manage user and group access to resources on your Tenable Vulnerability Management instance and that you convert your existing access groups into permission configurations. For more information, see Transition to Permission Configurations.

Required User Role: Administrator

You can create an access group to group assets based on rules, using information such as an AWS Account ID, FQDN, IP address, and other identifying attributes. You can then assign permissions for users or user groups to view or scan the assets in the access group.

To create an access group:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. In the left navigation plane, click Settings.

    The Settings page appears.

  3. Click the Access Groups tile.

    The Access Groups page appears. This page contains a table that lists the access groups to which you have access.

  4. In the upper-right corner of the page, click the Create Access Group button.

    The Create Access Group page appears.

  5. In the General section, in the Name box, type a name for the access group.

    Note: The name must be unique within your organization.

  6. In the Type section, select the appropriate access group type based on the type of targets you want to scan.

    If you create an access group of one type, then change the type during configuration, Tenable Vulnerability Management prompts you to confirm the action. If you confirm, Tenable Vulnerability Management clears any previously added rule filters.

  7. Note: You can add up to 1,000 rules per access group.

    1. In the Category drop-down box, select an attribute to filter assets or targets.

    2. In the Operator drop-down box, select an operator.

      Possible operators include:

      is equal toTenable Vulnerability Management matches the rule to assets or targets based on an exact match of the specified term.

      Note: Tenable Vulnerability Management interprets the operator as 'equals' for rules that specify a single IPv4 address, but interprets the operator as 'contains' for rules that specify an IPv4 range or CIDR range.

      contains: Tenable Vulnerability Management matches the rule to assets or targets based on a partial match of the specified term.

      starts withTenable Vulnerability Management matches the rule to assets or targets that start with the specified term.

      ends with: Tenable Vulnerability Management matches the rule to assets or targets that end with the specified term.

    3. In the text box, type a valid value for the selected category.

      Tip: You can enter multiple values separated by commas. For IPV4 Address, you can use CIDR notation (e.g., 192.168.0.0/24), a range (e.g., 192.168.0.1-192.168.0.255), or a comma-separated list (e.g., 192.168.0.0, 192.168.0.1).

    4. (Optional) To add another rule, click the Add button.

      Note: If you configure multiple rules for an access group, the access group includes assets or targets that match any of the rules. For example, if you configure two rules -- one that matches on the Network Name attribute and one that matches on IPv4 Address, the access group includes any assets in the specified network, plus any asset with the specified IPv4 address, regardless of whether that asset belongs to the specified network.

  8. In the Users & Groups section, configure user permissions for the access group.
  9. Click Save.

    Tenable Vulnerability Management creates the access group. The Access Groups page appears.

    Note: When you create or edit an access group, Tenable Vulnerability Management may take some time to assign assets to the access group, depending on the system load, the number of matching assets, and the number of vulnerabilities.

    You can view the status of this assignment process in the Status column of the access groups table on the Access Groups page.