Create Initiatives

In the Exposure Response section, your first step is creating an initiative. To do this, add the initiative, define the scope with asset tags, assign an owner, and choose an SLA. Then, add combinations to define the vulnerabilities to track.

Note: As a Tenable administrator, you can assign initiatives to other users. As a non-administrator, you can only create initiatives for yourself. As either type of user, you can create up to ten initiatives.

Example Initiative

To address recently exploited vulnerabilities on your Headquarters network, you might create an initiative as follows:

  • Name — Recently exploited vulnerabilities at HQ

  • Asset Scope — Network: HQ

  • Owner[email protected]

  • Remediate Within — 7 days

  • Combinations — Category is equal to Recently Actively Exploited AND VPR is greater than 6

Before You Begin

Before you create an initiative:

  • Create asset tags — Initiatives use asset tags to define the assets in scope.

  • (Optional) Create custom combinations — If you plan to use custom combinations, create them.

Create a New Initiative

To create a new initiative:

  1. In the left navigation, click Menu Exposure Response.

    The Exposure Response page appears.

  2. In My Initiatives, click New.

    The Create New Initiative pane appears.

  3. Set the following options.

    Option Description
    Name Type a name for the initiative.
    Description Type a description for the initiative, for example Reduce my external attack surface.
    Owner

    Select the initiative owner from a list of Tenable Vulnerability Management users. You cannot reassign initiatives once created.

    Note: Only administrators and initiative owners can view initiatives.
    Asset Scope Choose up to ten tags to define which assets in your environment are in scope. Search for and select tags to assign, for example Priority: High or Software: Oracle.
    Remediate Within Choose an SLA by which all findings must be remediated. For example, to set an SLA of one week, enter 7.

  4. Under Assign Combinations, add up to ten combinations from the following tabs.

    Tab Description
    My Combinations Your personal combinations, which only you can view. You cannot assign personal combinations to initiatives you do not own.
    Shared Organization-wide combinations, which anyone can view or use and which your administrators and the combination owners can update. Updates may change the resources in your initiative. Track updates in the Combination Timeline.
    Tenable

    Predefined combinations from the Tenable Research Team. These may be updated infrequently, which can change the resources in your initiatives. Track updates in the Combination Timeline.
    Note: Initiatives can contain no more than 17 queries across all combinations. For example, if you add four combinations to an initiative—and the combinations have five queries each for a total of 20, a warning appears and you cannot save the initiative.

  5. Click Save.

    The initiative appears in the My Initiatives panel.