Get Started with Attack Path Analysis

Tenable recommends following these steps to get started with Tenable One data and functionality.

Tip: For additional information on getting started with Tenable One products, check out the Tenable One Deployment Guide.


Before you begin:

Ensure you have the following:

  • Basic Network Scan with credentials.
  • One of the following:

    • SaaS deployed.

    • Active Directory Identity Scan — You can run it separately or via the Basic Network Scan with the Collect Identity Data from Active Directory option enabled in the Discovery section.

  • Tenable recommends the following:

    • Have at least 60% of assets scanned via an authenticated scan.

    • Select maximum verbosity in the Basic Network Scan.

    • A scan frequency of at least once a week.

For a demonstration on getting started with Attack Path Analysis, see the following video:

License, Access, and Log In

  • Acquire a license:

    1. Determine the interface that best suits your business objectives. For more information on use cases, see Welcome to Tenable One Attack Path Analysis.

    2. Contact your Tenable representative to purchase the appropriate package.

Configure Attack Path Analysis for Use

Assess Your Exposure

Review your CES and perform analysis:

  • Access the Attack Path Analysis section, where you can:

    • Generate custom, built-in, asset exposure graph, or blast radius queries to view attack path data.

    • Interact with the attack path data.