Create an Exposure Response Initiative

Required User Role: Administrator

In the Exposure Response section, you create initiatives, which are projects to address vulnerabilities in your environment. In initiatives, you track specific findings using combinations and apply asset tags to choose the assets in scope. You can then assign initiatives to your team, set SLAs (Service Level Agreements), generate tickets in Jira, and track progress using remediation scan results. Ticket statuses are bi-directional and therefore update dynamically between Tenable Vulnerability Management and the selected ticketing system.

Example Initiative

To address recently exploited vulnerabilities on your Headquarters network, you might create an initiative as follows:

  • Name — Recently exploited vulnerabilities at HQ

  • Asset Scope — Network: HQ

  • Owner[email protected]

  • Remediate Within — 7 days

  • Combinations — Category is equal to Recently Actively Exploited AND VPR is greater than 6

Before You Begin

Before you create an initiative:

  • Create asset tags — Initiatives use asset tags to define the assets in scope. Create any asset tags you plan to use for your initiative.

  • (Optional) Create custom combinations — If you plan to use custom combinations, create them via the Manage Combinations tab.

  • Configure the appropriate ticketing system for use with Tenable Vulnerability Management:

Create a New Initiative

To create an initiative based off of a finding:

  1. In the left navigation, click Menu Exposure Response.

    The Exposure Response page appears. By default, the Initiatives tab is active.

  2. In the My Initiatives section, click the button.

    The Create an Exposure Response Initiative pane appears.

  3. On the Basic Setup tab, configure the following options:

    Option Description
    Name (required) Type a name for the initiative.
    Description Type a description for the initiative, for example Reduce my external attack surface.
    Owner

    Select the initiative owner from a list of [MadCap Variable: Tenable.VulnerabilityManagementStandalone] users. You cannot reassign initiatives once you create them.

    Note: Only administrators and initiative owners can view initiatives.
    Asset Scope (required) Choose up to ten tags to define which assets in your environment are in scope. Search for and select tags to assign, for example Priority: High or Software: Oracle.
    Remediate Within (SLA) (required) Choose an SLA, in days, by which all findings require remediation. For example, to set an SLA of one week, enter 7.
    Assign Combinations

    Select up to ten combinations from the available tabs:

    • My Combinations — Your personal combinations, which only you can view. You cannot assign personal combinations to initiatives you do not own.

    • Shared — Organization-wide combinations, which anyone can view or use, and which your administrators and the combination owners can update. Track updates in the Combination Timeline.

    • Tenable — Predefined combinations from the Tenable Research Team. These may be updated infrequently, which can change the resources in your initiatives. Track updates in the Combination Timeline.
  4. Click the Ticketing Automation tab.

    The Setup Delivery Methods appear.

  5. Do one of the following:
    • To configure Jira ticketing automation:
      1. Click Jira.
        Note: You must first configure Jira for use with Tenable Vulnerability Management. For more information, see Configure Jira.

        Jira ticketing configuration options appear.

      2. Configure the following options:

        OptionDescription
        Ticket Aggregation Behavior

        Select how you want Tenable Vulnerability Management to aggregate tickets for the finding:

        • New ticket for every new finding — Every time a finding appears, a new ticket gets created in Jira.

        • New findings create subtasks on an existing ticket — Every time a finding appears, a subtask gets created on an existing Jira ticket.

        Existing Jira Ticket (optional)

        Select the existing Jira ticket from the drop-down list.

        Note: You see this option only if you choose New findings create subtasks on an existing ticket.
        Project

        The Jira project in which you want tickets to be created.

        Important: You must have at least one Jira project for the configuration to function as expected.
        Work TypeThe specific type of issue created, for example, Story, Task, or Bug.
        SummaryThe Jira Summary combines the finding name, asset name, and this text to create a descriptive ticket title.
        DescriptionA detailed explanation of the issue, context, and steps to reproduce (if applicable).
        Priority

        The relative importance or severity of the issue. Default value: Default Mapping.

        Note: Leave this set to Default Mapping to allow the priority to be set by the finding severity based on your Jira instance configuration. For more information about overriding this severity, see Configure Jira.
        ReporterThe user who created the issue and submitted it to the project.
        AssigneeThe user to which the ticket or subtask is assigned in Jira.
        ParentThe larger issue (for example, an Epic) under which the current item is nested.
        Labels

        Custom tags you want to apply to the ticket for flexible categorization and filtering.

    • To configure ServiceNow ticketing automation:
      1. Click ServiceNow.

        ServicNow ticketing configuration options appear.

        Note: You must first configure ServiceNow for use with Tenable Vulnerability Management. For more information, see Configure ServiceNow.

      2. Configure the following options:

        OptionDescription
        Incident Aggregation Behavior

        Select one of these two options:

        • New incident for every new finding

          Every time a finding appears, a new incident gets created in ServiceNow.

        • New findings create subtasks on an existing incident

          Every time a finding appears, a subtask gets created on an existing ServiceNow incident.

        Existing ServiceNow Incident (optional)

        Select the existing ServiceNow incident from the drop-down list.

        Note: You see this option only if you choose New findings create subtasks on an existing incident.
        CallerThe user who originally reported or requested the issue.
        Assignment GroupThe team or group responsible for managing and resolving the ticket.
        AssigneeThe individual user currently responsible for resolving the ticket.
        CategoryA high-level classification of the issue or request, for example, Hardware, Network, Software.
        SubcategoryA more detailed breakdown within the selected Category, for example, Laptop, Wireless, OS.
        Impact

        The measured effect this issue has on the business process or service. Values are Default, High, Medium or Low.

        Note: Set this to Default to allow the finding severity to set the impact based on your ServiceNow instance configuration. See Configure ServiceNow. You can override it here.
        UrgencyThe speed required to resolve the issue, based on business needs. Values are Default, High, Medium or Low.
        Note: Set this to Default to allow the urgency to be set by the finding severity based on your ServiceNow instance configuration. See Configure ServiceNow. You can override it here.
        Short DescriptionThis value will be appended to the name of the finding.
        DescriptionAdditional descriptive information for this incident.

  6. Click Save.

    The initiative appears in the My Initiatives panel. It can take up to 10 minutes to see the updated ticket information in both Tenable Vulnerability Management and the selected ticketing system.