Create an Access Group
Tenable is retiring access groups. Moving forward, Tenable recommends that you use permissions to manage user and group access to resources on your Tenable.io instance and that you convert your existing access groups into permission configurations. For more information, see Transition to Permission Configurations.
Required User Role: Administrator
You can create an access group to group assets based on rules, using information such as an AWS Account ID, FQDN, IP address, and other identifying attributes. You can then assign permissions for
To create an access group:
In the upper-left corner, click the button.
The left navigation plane appears.
In the left navigation plane, click Settings.
The Settings page appears.
Click the Access Groups
The Access Groups
pageappears. This pagecontains a table that lists the access groups to which you have access.
In the upper-right corner of the page, click the <![CDATA[ ]]>Create Access Group button.
The Create Access Group page appears.
In the General section, in the Name box, type a name for the access group.
Note: The name must be unique within your organization.
In the Type section, select the appropriate access group type based on the type of targets you want to scan.
If you create an access group of one type, then change the type during configuration, Tenable.io prompts you to confirm the action. If you confirm, Tenable.io clears any previously added
In the Rules section, add rules for the access group.
Note: You can add up to 1,000 rules per access group.
In the Category drop-down box, select an attribute to filter assets or targets.
In the Operator drop-down box, select an operator.
Possible operators include:
• is equal to: Tenable.io matches the rule to assets or targets based on an exact match of the specified term.
Note: Tenable.io interprets the operator as 'equals' for rules that specify a single IPv4 address, but interprets the operator as 'contains' for rules that specify an IPv4 range or CIDR range.
• contains: Tenable.io matches the rule to assets or targets based on a partial match of the specified term.
• starts with: Tenable.io matches the rule to assets or targets that start with the specified term.
• ends with: Tenable.io matches the rule to assets or targets that end with the specified term.
In the text box, type a valid value for the selected category.
Tip: You can enter multiple values separated by commas. For IPV4 Address, you can use CIDR notation (e.g., 192.168.0.0/24), a range (e.g., 192.168.0.1-192.168.0.255), or a comma-separated list (e.g., 192.168.0.0, 192.168.0.1).
(Optional) To add another rule, click the Add button.
Note: If you configure multiple rules for an access group, the access group includes assets or targets that match any of the rules. For example, if you configure two rules -- one that matches on the Network Name attribute and one that matches on IPv4 Address, the access group includes any assets in the specified network, plus any asset with the specified IPv4 address, regardless of whether that asset belongs to the specified network.
- In the Users & Groups section, configure user permissions for the access group.
- Click Save.
Tenable.io creates the access group. The Access Groups page appears.
Note: When you create or edit an access group, Tenable.io may take some time to assign assets to the access group, depending on the system load, the number of matching assets, and the number of vulnerabilities.
You can view the status of this assignment process in the Status column of the access groups table on the Access Groups page.