Get Started With Tenable.sc
Use the following getting started sequence to configure and mature your Tenable.sc deployment.
Before you begin, learn about Tenable.sc and establish a deployment plan and analysis workflow to guide your configurations.
- Access Tenable Support and training resources for Tenable.sc, including:
Design a deployment plan by identifying your organization's objectives and analyzing your network topology. Consider Tenable-recommended best practices for your environment. For more information about environment requirements, see Requirements. For information about scan types, see Scanning Overview.
- Design an analysis workflow. Identify key stakeholders in your management and operational groups, considering the data you intend to share with each stakeholder.
For more information about planning a large enterprise deployment of Tenable.sc, see the Tenable.sc Large Enterprise Deployment Guide.
Install Tenable.sc and perform initial configuration.
For complete information about Tenable Core + Tenable.sc, see the Tenable Core User Guide.
Perform quick setup, as described in Quick Setup. You can:
- Upload licenses
- Configure one Nessus scanner
- Configure one NNM scanner (requires a NNM activation license)
- Configure one LCE server (requires an LCE® activation license)
- Create one repository
- Create one organization
- Configure one LDAP server
- Create one administrator user account and one security manager account
- Configure usage statistic collection
Tenable recommends following the quick setup wizard, but you can configure these features later. For example, do not configure LDAP until you have easy access to all necessary LDAP parameters.
- Configure SMTP settings, as described in Mail Settings.
- Configure scan zones, as described in Add a Scan Zone.
- Configure additional repositories, if necessary, as described in Repositories.
- Configure additional scanners, if necessary, as described in Nessus Scanners, Nessus Network Monitor Instances, and Log Correlation Engines.
- Configure security settings (e.g., password complexity requirements and custom banners), as described in Security Settings.
Configure and run basic scans to begin evaluating the effectiveness of your deployment plan and analysis workflow.
- Configure credentials, as described in Credentials.
- Create static assets, as described in Add a Custom Asset. For more information about asset types, see Assets.
- Configure a Host Discovery policy and a Basic Network Scan policy from Tenable-provided scan policy templates, as described in Add a Scan Policy.
- Confirm that the scans can access all areas of your network with no credential issues.
- Configure NNM scanners, as described in Nessus Network Monitor Instances.
- When the scans complete, create template-based dashboards and reports, as described in Dashboards and Reports.
Tenable recommends frequently reviewing your scan results and scan coverage. You may need to modify your scan configurations to suit your organization's objectives and reach all areas of your network.
Configure other features, if necessary, and refine your existing configurations.
- Configure audit files, as described in Audit Files.
- Create additional scan policies, as described in Add a Scan Policy.
- Configure scan blackout windows, as described in Add a Blackout Window.
- Configure groups, as described in Add a Group.
- Create a custom user role, as described in Create a User Role.
- Create additional user accounts and share objects with users, as described in User Accounts.
- Create dynamic assets and combination assets, as described in Add a Custom Asset. For more information about asset types, see Assets.
- Review the plugin update schedule, as described in Edit Plugin and Feed Settings and Schedules. Consider editing the schedules to suit your needs. For example, you may want to schedule plugin and feed updates to run a few hours before your scheduled scans.
- Add queries and use filters, as described in Add or Save a Query and Apply a Filter.
- Create custom dashboards and reports, as described in Dashboards and Reports.
- Create Assurance Report Cards (ARCs), as described in Assurance Report Cards.
- Configure alerts, ticketing, accept risk rules, and recast risk rules, as described in Workflow Actions.
- View vulnerability data and use the built-in analysis tools, as described in Vulnerability Analysis.
Review and mature your deployment plan and analysis workflow.
- Conduct weekly meetings to review your organization's responses to identified vulnerabilities.
- Conduct weekly management meetings to oversee your teams executing the analysis workflow.
- Review scan automation settings and consider revising.
- Review your scan results and scan coverage. You may need to modify your scan configurations to suit your organization's objectives and reach all areas of your network.
- Optimize and operationalize your custom dashboards to meet the needs of individual user account holders.
- Optimize and operationalize your custom reports to prepare them for distribution.
- Consider configuring API integrations, as described in the Tenable.sc API Guide and the Tenable.sc API Best Practices Guide.
- Consider synchronizing Tenable.sc with Tenable.io Lumin to take advantage of Cyber Exposure features, as described in Lumin Synchronization.