Get Started with Tenable Vulnerability Management

Use the following getting started sequence to configure and mature your Tenable Vulnerability Management deployment.

  1. Prepare a Deployment Plan
  2. Install and Link Scanners
  3. Configure Scans
  4. Additional Tenable Vulnerability Management Configurations
  5. Review and Analyze
  6. Expand
Tip: For additional information on Tenable Vulnerability Management, review the following customer education materials:

Prepare a Deployment Plan

To establish a deployment plan and analysis workflow:

  1. Review principles of the TCP/IP internet protocol suite. Tenable Vulnerability Management documentation assumes you know basic networking concepts and principles.
  2. Get your Tenable Vulnerability Management access information and starter account credentials from your Tenable representative.
  3. If necessary, access Tenable Support and training resources for Tenable Vulnerability Management, including the Professional Services Scan Strategy guide.

  4. Design a deployment plan by identifying your organization's objectives and analyzing your network topology. Consider Tenable-recommended best practices for your environment.

    For more information about environment requirements, see the guidelines provided for your scanner in the General Requirements Guide. For more information about supported browsers for Tenable Vulnerability Management, see System Requirements.

  5. Design an internal scanning and external scanning plan. Identify the scans you intend to run and ensure that you have sufficient network coverage.

  6. Design an analysis workflow. Identify key stakeholders in your management and operational groups, considering the data you intend to share with each stakeholder.

Install and Link Scanners

To install your scanners and link them to Tenable Vulnerability Management:

  1. Log in to the Tenable Vulnerability Management user interface.
  2. Set up your linked scanners:

    • If your deployment plan includes Tenable Nessus scanners, install Tenable Nessus as described in Install Tenable Nessus in the Tenable Nessus User Guide.

    • If your deployment plan includes Tenable Nessus Agents, install agents as described in Install Tenable Nessus Agents in the Tenable Nessus Agent Deployment and User Guide.

    • If your deployment plan includes Tenable Nessus Network Monitor, install Tenable Nessus Network Monitor as described in Install NNM in the Tenable Nessus Network Monitor User Guide.

      • Then, configure Tenable Nessus Network Monitor to communicate with Tenable Vulnerability Management, as described in Configure NNM in the Tenable Nessus Network Monitor User Guide.

    • If your deployment plan includes Tenable Web App Scanning, install web applications as described in Deploy or Install Tenable Core + Tenable Web App Scanning in the Tenable Core User Guide.

    Then, link your first scanners to Tenable Vulnerability Management, as described in Link a Sensor.

Configure Scans

Configure and run basic scans to begin evaluating the effectiveness of your deployment plan and analysis workflow:

Note: For information on how to configure scans based on your environment and business needs, see the Tenable Vulnerability Management Scan Tuning Guide.

  1. Configure your first active scan using the Basic Network Scan template:

    1. Create a scanner group, as described in Create a Scanner Group.
    2. Create a scan using the Basic Network Scan template, as described in Create a Scan.

  2. Configure your first agent scan using the Basic Agent Scan template:

    1. Create an agent group, as described in Create an Agent Group.
    2. Create an agent scan using the Basic Agent Scan template, as described in Create a Scan.
  3. Launch your first Tenable Nessus scan and agent scan, as described in Launch a Scan.

  4. Confirm your Tenable Nessus scan and agent scan completed, accessing all targeted areas of your network. Review your discovered assets to assess your knowledge of your network.

Additional Tenable Vulnerability Management Configurations

Configure other features, if necessary, and refine your existing configurations:

  1. Create user accounts and create user groups within your Tenable Vulnerability Management container.
  2. Create access groups to manage view and scan permissions for assets and targets.

  3. Configure tags to organize, group, and control access to assets.

  4. Set up asset discovery with connectors, Professional Services integrations, or integrated products. For more information, see Connectors, the Custom Integration Services page, or the Integration Guides section of the Tenable Vulnerability Management Documentation page.

  5. Configure managed credentials, scan-specific credentials, or policy-specific credentials for a Tenable Nessus scan, as described in Credentials. For more information about configuring and troubleshooting credentialed scans, see Tenable Nessus Credentialed Checks.

    1. Launch your credentialed Tenable Nessus scan and credentialed agent scan, as described in Launch a Scan.

    2. Confirm your credentialed scan completed, accessing all targeted areas of your network.

  6. If you want to assess your exposure, obtain a Tenable Lumin license.

  7. If you want to perform web application scanning, obtain a Tenable Web App Scanning license.

  8. If you want to evaluate risk on your containers, obtain a Tenable Container Security license.

  9. Configure user Access Control to control what objects users can and cannot view and interact with within Tenable Vulnerability Management.

Review and Analyze

Tip: Tenable recommends frequently reviewing your scan results and scan coverage. You may need to modify your scan configurations to suit your organization's objectives and reach all areas of your network.

To review and analyze your data further, you can:

  1. View your scans and individual scan details.
  2. View and analyze your vulnerability and asset findings via the Findings and Assets pages.
  3. Create a dashboard to gain immediate insight and quickly analyze vulnerabilities in your network. Use interactive widgets and customizable tables to explore your data.
  4. Filter your dashboards, assets, and findings to drill into data and investigate your progress.
  5. Create recast or accept rules to recast or accept vulnerabilities discovered by scans.

  6. Create a report to share scan and vulnerability information with others in your organization.

Expand

Tenable recommends the following as best practices to keep up to date with your deployment plan and analysis workflow:

  • Conduct weekly meetings to review your organization's responses to identified vulnerabilities. Conduct weekly management meetings to oversee your teams executing the analysis workflow.
  • Review your scan results and scan coverage. You may need to modify your scan configurations to suit your organization's objectives and reach all areas of your network.
  • Consider API integrations, as described in the Tenable Vulnerability Management API Documentation.

Expand into Tenable One

Note: This requires a Tenable One license. For more information about trying Tenable One, see Tenable One.

Integrate Tenable Vulnerability Management with Tenable One and leverage the following features:

  • Review and customize your assets' ACR.

  • Create new tags either in Tenable Vulnerability Management or within Tenable Inventory to group your assets by how you want them to be reported on

  • In Lumin Exposure View, gain critical business context by getting business-aligned cyber exposure score for critical business services, processes and functions, and track delivery against SLAs. Track overall VM risk to understand the risk contribution of assets to your overall Cyber Exposure Score, including by asset class, vendor, or by tags.

    • Review the Global exposure card to understand your holistic score. Click Per Exposure to understand what factors are driving your score, and by how much.

    • Review the Computing Resources exposure card.

    • Configure the exposure view settings to set your Remediation SLA and SLA Efficiency based on your company policy.

    • Create a custom exposure card based on business context (for example, Business units, Operating Systems, Asset Criticality, Physical Location, or Application).

  • In Tenable Inventory, enhance asset intelligence by accessing deeper asset insights, including related attack paths, tags, exposure cards, users, relationships, and more. Improve risk scoring by gaining a more complete view of asset exposure, with an asset exposure score that assesses total asset risk and asset criticality.

    • Review your Tenable Vulnerability Management assets to understand the strategic nature of the interface. This should help set your expectations on what features to use within Tenable Inventory, and when.

    • Review the Tenable Queries that you can use, edit, and bookmark.

    • Familiarize yourself with the Global Search query builder and its objects and properties. Bookmark custom queries for later use.

      Tip: To get a quick view of what properties are available:
      • In the query builder, type has. A list of suggested asset properties appears.
      • Customize the list by adding a column. A list of available columns/properties appears.
    • Drill down into the asset details page to view asset properties and all associated context views.

    • (Optional) Create a tag that combines different asset classes.

  • In Attack Path Analysis, optimize risk prioritization by exposing risky attack paths that traverse the attack surface, including web apps, IT, OT, IoT, identities, ASM, and prevent material impact. Streamline mitigation by identifying choke points to disrupt attack paths with mitigation guidance, and gain deep expertise with AI insights.

    • View the Attack Path Analysis Dashboard for a high-level view of your vulnerable assets such as the number of attack paths leading to these critical assets, the number of open findings and their severity, a matrix to view paths with different source node exposure score and ACR target value combinations, and a list of trending attack paths.

      • Review the Top Attack Path Matrix and click the Top Attack Paths tile to view more information about paths leading to your “Crown Jewels”, or assets with an ACR of 7 or above.

      You can adjust these if needed to ensure you’re viewing the most critical attack path data and findings.

    • On the Findings page, view all attack techniques that exist in one or more attack paths that lead to one or more critical assets by pairing your data with advanced graph analytics and the MITRE ATT&CK® Framework to create Findings, which allow you to understand and act on the unknowns that enable and amplify threat impact on your assets and information.

    • On the Discover page, generate attack path queries to view your assets as part of potential attack paths:

      Then, you can view and interact with the Attack Path Query and Asset Query data via the query result list and the interactive graph.