Get Started with Tenable Vulnerability Management

Use the following getting started sequence to configure and mature your Tenable Vulnerability Management deployment.

  1. Prepare a Deployment Plan
  2. Install and Link Scanners
  3. Configure Scans
  4. Additional Tenable Vulnerability Management Configurations
  5. Review and Analyze
  6. Expand
Tip: For additional information on Tenable Vulnerability Management, review the following customer education materials:

Prepare a Deployment Plan

For a demonstration on Tenable Vulnerability Management architecture and predictive prioritization, see the following video:

To establish a deployment plan and analysis workflow:

  1. Review principles of the TCP/IP internet protocol suite. Tenable Vulnerability Management documentation assumes you know basic networking concepts and principles.
  2. Get your Tenable Vulnerability Management access information and starter account credentials from your Tenable representative.
  3. If necessary, access Tenable Support and training resources for Tenable Vulnerability Management, including the Professional Services Scan Strategy guide.

  4. Design a deployment plan by identifying your organization's objectives and analyzing your network topology. Consider Tenable-recommended best practices for your environment.

    For more information about environment requirements, see the guidelines provided for your scanner in the General Requirements Guide. For more information about supported browsers for Tenable Vulnerability Management, see Tenable Vulnerability Management System Requirements.

  5. Design an internal scanning and external scanning plan. Identify the scans you intend to run and ensure that you have sufficient network coverage.

  6. Design an analysis workflow. Identify key stakeholders in your management and operational groups, considering the data you intend to share with each stakeholder.

Install and Link Scanners

To install your scanners and link them to Tenable Vulnerability Management:

  1. Log in to the Tenable Vulnerability Management user interface.
  2. Set up your linked scanners:

    • If your deployment plan includes Tenable Nessus scanners, install Tenable Nessus as described in Install Tenable Nessus in the Tenable Nessus User Guide.

    • If your deployment plan includes Tenable Nessus Agents, install agents as described in Install Tenable Nessus Agents in the Tenable Nessus Agent Deployment and User Guide.

    • If your deployment plan includes Tenable Nessus Network Monitor, install Tenable Nessus Network Monitor as described in Install NNM in the Tenable Nessus Network Monitor User Guide.

      • Then, configure Tenable Nessus Network Monitor to communicate with Tenable Vulnerability Management, as described in Configure NNM in the Tenable Nessus Network Monitor User Guide.

    • If your deployment plan includes Tenable Web App Scanning, install web applications as described in Deploy or Install Tenable Core + Tenable Web App Scanning in the Tenable Core User Guide.

    Then, link your first scanners to Tenable Vulnerability Management, as described in Link a Sensor.

Configure Scans

Configure and run basic scans to begin evaluating the effectiveness of your deployment plan and analysis workflow:

Note: For information on how to configure scans based on your environment and business needs, see the Tenable Vulnerability Management Scan Tuning Guide.

  1. Configure your first active scan using the Basic Network Scan template:

    1. Create a scanner group, as described in Create a Scanner Group.
    2. Create a scan using the Basic Network Scan template, as described in Create a Scan.

  2. Configure your first agent scan using the Basic Agent Scan template:

    1. Create an agent group, as described in Create an Agent Group.
    2. Create an agent scan using the Basic Agent Scan template, as described in Create a Scan.
  3. Launch your first Tenable Nessus scan and agent scan, as described in Launch a Scan.

  4. Confirm your Tenable Nessus scan and agent scan completed, accessing all targeted areas of your network. Review your discovered assets to assess your knowledge of your network.

Additional Tenable Vulnerability Management Configurations

Configure other features, if necessary, and refine your existing configurations:

  1. Create user accounts and create user groups within your Tenable Vulnerability Management container.
  2. Create access groups to manage view and scan permissions for assets and targets.

  3. Configure tags to organize, group, and control access to assets.

  4. Set up asset discovery with connectors, Professional Services integrations, or integrated products. For more information, see Connectors, the Custom Integration Services page, or the Integration Guides section of the Tenable Vulnerability Management Documentation page.

  5. Configure managed credentials, scan-specific credentials, or policy-specific credentials for a Tenable Nessus scan, as described in Credentials. For more information about configuring and troubleshooting credentialed scans, see Tenable Nessus Credentialed Checks.

    1. Launch your credentialed Tenable Nessus scan and credentialed agent scan, as described in Launch a Scan.

    2. Confirm your credentialed scan completed, accessing all targeted areas of your network.

  6. If you want to assess your exposure, obtain a Tenable Lumin license.

  7. If you want to perform web application scanning, obtain a Tenable Web App Scanning license.

  8. If you want to evaluate risk on your containers, obtain a Tenable Container Security license.

  9. Configure user Access Control to control what objects users can and cannot view and interact with within Tenable Vulnerability Management.

Review and Analyze

Tip: Tenable recommends frequently reviewing your scan results and scan coverage. You may need to modify your scan configurations to suit your organization's objectives and reach all areas of your network.

To review and analyze your data further, you can:

  1. View your scans and individual scan details.
  2. View and analyze your vulnerability and asset findings via the Findings and Assets pages.
  3. Create a dashboard to gain immediate insight and quickly analyze vulnerabilities in your network. Use interactive widgets and customizable tables to explore your data.
  4. Filter your dashboards, assets, and findings to drill into data and investigate your progress.
  5. Create recast or accept rules to recast or accept vulnerabilities discovered by scans.

  6. Create a report to share scan and vulnerability information with others in your organization.

Expand

Tenable recommends the following as best practices to keep up to date with your deployment plan and analysis workflow:

  • Conduct weekly meetings to review your organization's responses to identified vulnerabilities. Conduct weekly management meetings to oversee your teams executing the analysis workflow.
  • Review your scan results and scan coverage. You may need to modify your scan configurations to suit your organization's objectives and reach all areas of your network.
  • Consider API integrations, as described in the Tenable Vulnerability Management API Documentation.