Get Started with Tenable One

Tenable recommends following these steps to get started with Tenable One data and functionality.

Configure your "Point Products" to get Data into Tenable One

To get data into Tenable One, you must first configure and deploy the Tenable One "point products". Once these are configured, Tenable One can then ingest the data and present it.

Use the Tenable One Deployment Guide to get all of your Tenable One products up and running.

For Attack Path Analysis, ensure you have the following:

• Tenable Vulnerability Management Basic Network Scan with credentials.

• One of the following:

  • A Tenable Vulnerability Management basic scan using the Active Directory Identity scan template. This scan type requires fewer permissions, and provides a basic overview of your active directory entities.

    Note: You can run this scan type on its own, or as part of a Basic Network Scan. In a Basic scan, you must ensure the Collect Identity Data from Active Directory option is enabled in the Discovery section.

  • Tenable Identity Exposure SaaS deployed.

  Note: Because the plugin only supports up to 7,000 identities, the Active Directory Identity scan template is not designed for large environments, but is instead intended to help small customers kick start their use of Attack Path Analysis. Tenable recommends that larger customers deploy Tenable Identity Exposure.

• Tenable recommends the following:

  • Have at least 60% of assets scanned via an authenticated scan.

  • Select maximum verbosity in the Basic Network Scan.

  • A default Tenable Web App Scanning scan, including injection plugins.

  • An AWS connection with a Tenable Cloud Security scan policy including all vulnerabilities and available AWS resources.

  • When using Tenable Identity Exposure, enable privileged analysis. This option highlights key attack vectors used by hackers and gives you a better understanding of your attack surface, including credential auditing and password analysis.

  • A scan frequency of at least once a week.

License, Access, and Log In

To use Tenable One, you purchase licenses for assets: resources identified by—or managed in—your Tenable products. Each Tenable One product has a different asset type. For more information, see the Tenable One Licensing Quick-Reference Guide.

To acquire a license:

1. Determine the interface that best suits your business objectives. For more information, see Use Cases.

2. Contact your Tenable representative to purchase the appropriate package.

To access and log in to Attack Path Analysis:

Follow the Log in to Attack Path Analysis steps.

Configure Tenable One for Use

• Familiarize yourself with the Tenable One key terms.

• Familiarize yourself with the categories and data metrics within Tenable One.

• Review the Tenable One Example Workflow.

• Configure your Tenable One settings.

Analyze and Assess

Perform analysis on your data within Tenable One:

• Access Lumin Exposure View, where you can gain critical business context by getting business-aligned cyber exposure score for critical business services, processes and functions, and track delivery against SLAs. Track overall VM risk to understand the risk contribution of assets to your overall Cyber Exposure Score, including by asset class, vendor, or by tags.

  • View, create, and manage cyber exposure cards.

  • View CES and CES trend data for any exposure card.

    Tip: When viewing exposure cards, you can toggle between Score and Score (Beta) to compare the differences in your scoring using old and new Tenable data models. For more information, see View Your CES.

  • View Remediation Service Level Agreement (SLA) data.

  • View Tag Performance data.

  • View Tenable blog posts related to vulnerability events via the News tab.

• Access Tenable Inventory, where you can enhance asset intelligence by accessing deeper asset insights, including related attack paths, tags, exposure cards, users, relationships, and more. Improve risk scoring by gaining a more complete view of asset exposure, with an asset exposure score that assesses total asset risk and asset criticality.

  • View, generate, and interact with the data from queries and their impacted asset violations via the Exposure Signals page.

    • Find top active threats in your environment with up-to-date feeds from Tenable Research.

  • View and interact with the data in the Assets view:

    • Unify all assets in a single view to simplify analysis, understand relationships, and discover exposures across the attack surface.

    • Familiarize yourself with the Global Search query builder and its objects and properties. Bookmark custom queries for later use.

    • Find devices, user accounts, software, cloud assets, SaaS applications, networks, and their weaknesses.

    • Drill down into the asset details page to view asset properties and all associated context views.

  • View and interact with the data in the Tags view.

    • Create tags to highlight or combine different asset classes.

  • View and interact with the data in the Weaknesses view:

    • View key context on weaknesses to make the most impactful remediation decisions.

• Access Attack Path Analysis, where you can optimize risk prioritization by exposing risky attack paths that traverse the attack surface, including web apps, IT, OT, IoT, identities, ASM, and prevent material impact. Streamline mitigation by identifying choke points to disrupt attack paths with mitigation guidance, and gain deep expertise with AI insights.

  • View the Attack Path Analysis Dashboard for a high-level view of your vulnerable assets such as the number of attack paths leading to these critical assets, the number of open findings and their severity, a matrix to view paths with different source node exposure score and ACR target value combinations, and a list of trending attack paths.

    • Review the Top Attack Path Matrix and click the Top Attack Paths tile to view more information about paths leading to your “Crown Jewels”, or assets with an ACR of 7 or above.

    You can adjust these if needed to ensure you’re viewing the most critical attack path data and findings.

  • On the Findings page, view all attack techniques that exist in one or more attack paths that lead to one or more critical assets by pairing your data with advanced graph analytics and the MITRE ATT&CK® Framework to create Findings, which allow you to understand and act on the unknowns that enable and amplify threat impact on your assets and information.

  • On the Discover page, generate attack path queries to view your assets as part of potential attack paths:

    • Generate an Attack Path using a Built-in Query

    • Generate an Asset Query using the Asset Query Builder

    • Generate an Attack Path Query using the Attack Path Query Builder

    Then, you can view and interact with the Attack Path Query and Asset Query data via the query result list and the interactive graph.

  • Interact with the MITRE Att&ck Heatmap.