Example Workflow

The following scenario describes a common use case where the Lumin Exposure View, , and Attack Path Analysis interfaces work in conjunction to assist a company in analyzing and prioritizing their data.

Getting Started

Joe logs in and lands on the Workspace landing page, where he can see all of his Tenable products and the Tenable One pages he can access. Since he needs to see his exposure risks globally, he selects Lumin Exposure View. Joe then lands on the Global Lumin Exposure View, where he can see Vulnerability Management, Tenable Identity Exposure, Tenable Web App Scanning, and Cloud data unified into a single score. He may be wondering, "Which category is driving the score?". For this, in the CES section, he can select Per Category > Computing Resources, and filter all the data on the page.

As Joe reviews the metrics to prepare for his next executive meeting, he can change the date ranges so that he can see what’s changed over time and high level indicators of why the changes occurred. Since there was a significant change in the score last week, he decides to comment on the CES Trend section to ask his coworker, Rachel, for more details.

Prioritize

Now that Joe has a better understanding of the score and which category is driving it, his next question is ”Which business owners (i.e., tags) do we need to chase?”. Now, he can look at the Tag Performance section to quickly see which tags are the highest contributors to his score. This helps Joe prioritize his focus. Again, If he needs more details or has an action item for Rachel, Joe can comment directly on the Tag Performance section in the Exposure View. Rachel can then drill down into the Tag Details to get further information.

Since there’s been a priority in process and products, Joe decides to review how his internal Remediation SLA efficiency has improved. By expanding the date range to include the past 6 months, he can report on the positive trend in addressing the crucial risks within the set number of days. Seeing how he missed his target SLA efficiency last week, Joe can look at what’s outside of SLA (how many risks, how many days, and which tags) to determine what he needs to follow up on.

He wants to share this Exposure View with his entire team, so he exports and emails to the team with a high level summary and action items.

Joe takes note of the businesses he wants to focus on within the Tag Performance widget, and then creates a custom exposure card for each one.

Customize

Now, Joe takes a look at his Exposure Card Library. At a glance, he can see his General and Custom exposure cards, where he can also see a high level preview of each card's CES and CES trend.

Should he need to create a Lumin Exposure View with a different segment, he may ask Rachel to help create a custom tag within the Asset Inventory. Rachel creates a tag that is data agnostic (so he can mix and match assets for a tag) and then a custom card using the new tag. She shares this new Lumin Exposure View with Joe. Since Joe needs more details, he clicks on the Top Affecting tags link and jumps directly to the where he can see all the assets associated with this tag. Here, he can also view asset details, and can even navigate directly to the data source product for more information. Rachel realizes that the static tag should actually be a dynamic tag, so she edits the tag configuration.

Incidents and Actions

Thomas is on the InfoSec team and is responsible for any incidents. His main focus is the Attack Path Analysis section, where he can build a custom query highlighting his most sensitive assets. He can then interact with the attack path data and proactively see potential attack paths and techniques. Here, Thomas can answer the following key questions:

  • In my environment, what are all possible attack paths between two assets or asset types?

  • In my environment, what are all possible attack paths that leverage a specific technique?

  • What assets are in jeopardy if one specific asset is compromised? (Blast Radius)

  • How do all assets in my network affect one specific asset in my environment? (Asset Exposure)

  • Where is an asset within the attack path?

  • How critical is an asset?