Get Started with Attack Path Analysis
Tenable recommends following these steps to get started with Attack Path Analysis data and functionality.
Prepare
Before you begin:
Ensure you have the following:
- Tenable Vulnerability Management Basic Network Scan with credentials.
-
One of the following:
-
A Tenable Vulnerability Management basic scan using the Active Directory Identity scan template. This scan type requires fewer permissions, and provides a basic overview of your active directory entities.
Note: You can run this scan type on its own, or as part of a Basic Network Scan. In a Basic scan, you must ensure the Collect Identity Data from Active Directory option is enabled in the Discovery section. -
Tenable Identity Exposure SaaS deployed.
Note: Because the plugin only supports up to 7,000 identities, the Active Directory Identity scan template is not designed for large environments, but is instead intended to help small customers kick start their use of Attack Path Analysis. Tenable recommends that larger customers deploy Tenable Identity Exposure. -
-
Tenable recommends the following:
-
Have at least 60% of assets scanned via an authenticated scan.
-
Select maximum verbosity in the Basic Network Scan.
-
A default Tenable Web App Scanning scan, including injection plugins.
-
An AWS connection with a Legacy Tenable Cloud Security scan policy including all vulnerabilities and available AWS resources.
-
When using Tenable Identity Exposure, enable privileged analysis. This option highlights key attack vectors used by hackers and gives you a better understanding of your attack surface, including credential auditing and password analysis.
-
A scan frequency of at least once a week.
-
-
Familiarize yourself with the Attack Path Analysis key terms.
-
Review the Tenable One Licensing Quick-Reference Guide.
-
Familiarize yourself with the categories and data metrics within Attack Path Analysis.
-
Review the Tenable One Example Workflow.
For a demonstration on getting started with Attack Path Analysis, see the following video:
License, Access, and Log In
To use Tenable One, you purchase licenses for assets: resources identified by—or managed in—your Tenable products. Each Tenable One product has a different asset type. For more information, see the Tenable One Licensing Quick-Reference Guide.
To acquire a license:
-
Determine the interface that best suits your business objectives. For more information, see Use Cases.
-
Contact your Tenable representative to purchase the appropriate package.
To access and log in to Attack Path Analysis:
Follow the Log in to Attack Path Analysis steps.
Configure Attack Path Analysis for Use
-
Configure your Attack Path Analysis settings.
-
View your data sources.
Assess Your Exposure
Review your CES and perform analysis:
-
Access Attack Path Analysis, where you can:
-
Generate custom, built-in, asset exposure graph, or blast radius queries to view attack path data.
-
Interact with the attack path data.
-