Indicators of Exposure (IoEs) in Tenable Identity Exposure

Tenable Product Education
27 Mar 202303:55

Summary

TLDRTenable AD is a security tool that assesses the maturity of your Active Directory with indicators of exposure (IOEs), categorizing them by severity levels. Users can view and search IOEs, filter by domain, and access detailed views including executive summaries, related documents, and known vulnerabilities. The platform also offers recommendations for remediation and allows for querying, filtering, and managing deviant objects, including the ability to ignore or export them as a CSV file.

Takeaways

  • πŸ” Tenable AD uses Indicators of Exposure (IOEs) to measure security maturity in Active Directory environments.
  • πŸ“Š IOEs are assigned severity levels based on the flow of events monitored and analyzed by Tenable AD.
  • πŸ”‘ To access IOEs, sign into Tenable AD, expand the panel, and click on 'Indicators of Exposure'.
  • πŸ“‹ The default view shows configuration items in your environment that are potential exposure items, rated by severity.
  • πŸ”„ Clicking the toggle can show all available indicators in your Tenable AD instance.
  • 🏠 Items without a domain indicate that you do not have exposure to them.
  • πŸ”Ž You can search for indicators by typing a keyword, such as 'password', to see related indicators.
  • πŸ”Ž Clicking on an indicator provides a detailed view including an executive summary, related documents, and known attacker tools.
  • πŸ” The 'Vulnerability Details' tab offers additional information about the checks done for an IOE.
  • πŸ“‹ The 'Deviant Objects' tab lists objects and reasons triggering the exposure, with expandable details.
  • πŸ” Users can create queries using Boolean expressions or by building a query through the filter icon.
  • πŸ—“οΈ Queries can be set with specific start and end dates, domains, and can include ignored items.
  • 🚫 Objects can be ignored by selecting them and choosing 'Ignore Selected Objects', with a specified date until which they are ignored.
  • πŸ“ˆ The 'Recommendations' tab provides remediation advice for each indicator.

Q & A

  • What is the primary purpose of Tenable AD's indicators of exposure?

    -The primary purpose of Tenable AD's indicators of exposure is to measure the security maturity of your Active Directory and assign severity levels to the flow of events that it monitors and analyzes.

  • How can you access the indicators of exposure in Tenable AD?

    -You can access the indicators of exposure by signing into Tenable AD, clicking the icon on the top left to expand the panel, and then clicking 'Indicators of Exposure' on the left side.

  • What are the default view settings for indicators of exposure in Tenable AD?

    -The default view shows configuration items in your environment that are potential exposure items, rated by severity as critical, high, medium, and low.

  • How can you see all the indicators of exposure in Tenable AD?

    -You can see all the indicators by clicking the toggle to the right of 'Show All Indicators'.

  • What does it mean when an item shows 'no domain' in Tenable AD?

    -An item showing 'no domain' indicates that you do not have exposure to that item in your environment.

  • How can you view indicators for specific domains in Tenable AD?

    -You can view indicators for specific domains by clicking on the 'Domain' dropdown to the right of 'Show All Indicators' and selecting the desired domains.

  • How can you search for specific indicators in Tenable AD?

    -You can search for specific indicators by clicking 'Search an Indicator' and typing a keyword such as 'password' to see all related indicators.

  • What information is provided in the detailed view of an indicator in Tenable AD?

    -The detailed view provides an executive summary of the exposure, lists documents related to it, known attacker tools that can exploit the item, and impacted domains.

  • How can you access additional information about the checks done for an indicator in Tenable AD?

    -You can access additional information by clicking the 'Vulnerability Details' tab in the detailed view of an indicator.

  • What is the purpose of the 'Deviant Objects' tab in Tenable AD?

    -The 'Deviant Objects' tab shows a list of objects and reasons that are triggering the exposure, allowing you to understand what is causing the deviance.

  • How can you create a query in Tenable AD to filter indicators?

    -You can create a query by typing an expression and entering a Boolean query for an item, or by clicking the filter icon to the left to build a query.

  • What actions can you perform on deviant objects in Tenable AD?

    -You can ignore objects by selecting them and choosing 'Ignore Selected Objects', and you can stop ignoring them using the 'Stop Ignoring Selected Objects' option.

  • How can you export the list of all deviant objects for an indicator in Tenable AD?

    -You can export the list as a CSV file by clicking the 'Export All' button.

  • Where can you find recommendations for remediation in Tenable AD?

    -You can find recommendations for remediation by clicking the 'Recommendations' tab in the detailed view of an indicator.

Outlines

00:00

πŸ” Tenable AD Exposure Indicators Overview

This paragraph introduces the functionality of Tenable AD's indicators of exposure (IOEs). It explains how Tenable AD measures the security maturity of an organization's Active Directory by monitoring and analyzing events. Users can sign in to Tenable AD, navigate to the 'Indicators of Exposure' section, and view the default configuration items rated by severity levels (Critical, High, Medium, Low). The paragraph also guides users on how to view all IOEs, search for specific indicators (e.g., related to passwords), and access detailed information about each indicator, including executive summaries, related documents, known attacker tools, impacted domains, vulnerability details, and deviant objects. Additionally, it explains how to create queries, filter results, ignore objects, and export deviant objects as a CSV file.

Mindmap

Keywords

πŸ’‘Indicators of Exposure (IOEs)

Indicators of Exposure, or IOEs, are metrics used by Tenable AD to measure the security maturity of an organization's Active Directory. They are critical in identifying potential security risks within the system. In the video, IOEs are used to assign severity levels to events, helping users to prioritize their security efforts based on the potential impact of each exposure item.

πŸ’‘Severity Levels

Severity levels are classifications that denote the seriousness of a security issue, ranging from 'Critical' to 'High', 'Medium', and 'Low'. These levels help in determining the urgency of addressing the identified security concerns. In the script, severity levels are assigned to IOEs, allowing users to quickly assess the importance of each exposure item.

πŸ’‘Tenable AD

Tenable AD is a security platform designed to monitor and analyze Active Directory environments. It is the main subject of the video, which demonstrates how to use the platform to manage and mitigate security risks. The script describes various features of Tenable AD, such as its ability to show IOEs and provide recommendations for remediation.

πŸ’‘Configuration Items

Configuration items refer to the settings and parameters within an environment that can be potential sources of exposure. In the script, the default view of Tenable AD shows these items, allowing users to identify and manage the aspects of their Active Directory that may be vulnerable.

πŸ’‘Domain

In the context of the script, a domain represents a group of computers and devices that are managed as a single entity within an Active Directory. The script mentions the ability to view items by domain, which is important for organizations with multiple domains to manage.

πŸ’‘Searchable Indicators

Searchable indicators are a feature within Tenable AD that allows users to find specific IOEs by typing keywords. This functionality is highlighted in the script as a way to quickly locate IOEs related to particular concerns, such as 'password'.

πŸ’‘Executive Summary

An executive summary is a brief overview of a report or document, providing key points and findings. In the script, clicking on an indicator in Tenable AD brings up a detailed view that begins with an executive summary of the exposure, giving users a quick understanding of the issue at hand.

πŸ’‘Vulnerability Details

Vulnerability details refer to the specific checks and information related to a particular IOE. The script explains that users can click on the 'Vulnerability Details' tab to learn more about the checks performed for an IOE, which helps in understanding the nature of the exposure.

πŸ’‘Deviant Objects

Deviant objects are items within an Active Directory that are causing an exposure. The script describes how users can view a list of these objects and the reasons for their deviance, providing insight into what is triggering the exposure.

πŸ’‘Boolean Query

A Boolean query is a type of search query that uses logical operators like AND, OR, and NOT to combine keywords. In the script, users can create a query by entering a Boolean expression to filter and find specific items within Tenable AD.

πŸ’‘Remediation Recommendations

Remediation recommendations are suggestions provided by Tenable AD to help users address and fix the identified security exposures. The script mentions that users can view these recommendations by clicking on the 'Recommendations' tab, which is crucial for taking action to improve security.

Highlights

Tenable AD uses indicators of exposure to measure the security maturity of Active Directory.

Severity levels are assigned to the flow of events monitored and analyzed.

Users can sign into Tenable AD and expand the panel for navigation.

Indicators of Exposure (IOEs) can be viewed by clicking on the respective section.

Default view shows configuration items that are potential exposure items, rated by severity.

A toggle allows users to show all indicators, including those without domain exposure.

Domain selection is available for environments with multiple domains.

Indicators are searchable by keywords, such as 'password'.

Clicking an indicator reveals an executive summary and related documents.

Known attacker tools that can exploit the exposure are listed.

Impacted domains are displayed for each indicator.

Vulnerability details and checks can be reviewed for each IOE.

Deviant objects and their triggering reasons are listed under a separate tab.

Objects causing deviance can be expanded for detailed examination.

Users can create queries using Boolean expressions or filters.

Objects in the list can be ignored or stopped ignoring based on user selection.

A CSV file export option is available for the list of all deviant objects.

Recommendations for remediation are provided under the recommendations tab.

Transcripts

play00:06

tenable ad uses indicators of exposure

play00:09

to measure the security maturity of your

play00:11

active directory and assign severity

play00:14

levels to the flow of events that it

play00:16

monitors and analyzes

play00:18

sign into tenable ad

play00:22

click the icon on the top left to expand

play00:24

the panel

play00:27

click indicators of exposure on the left

play00:29

side to see the ioes

play00:34

the default view shows configuration

play00:36

items in your environment that are

play00:37

potential exposure items

play00:40

they are rated by severity critical High

play00:45

medium and low

play00:49

click the toggle to the right of show

play00:51

all indicators

play00:54

now you can see all the indicators

play00:56

available in your tenable ad instance

play00:59

any item that shows no domain is an item

play01:01

where you do not have that exposure

play01:05

to the right of show all indicators you

play01:08

can see domain

play01:10

if you have multiple domains in your

play01:12

environment you can click on it and

play01:14

select which domains you wish to view

play01:17

these items are also searchable

play01:21

click search an indicator and type a

play01:24

keyword such as password

play01:27

and here you see all of the indicators

play01:29

that are related to passwords

play01:32

to see additional information about an

play01:34

indicator click on it

play01:40

the detailed view starts with an

play01:42

executive summary of the particular

play01:43

exposure and then lists documents

play01:46

related to it and known attacker tools

play01:48

that can expose this particular item

play01:53

to the right you see impacted domains

play01:57

if you click the vulnerability details

play02:00

tab you can read additional information

play02:02

about the checks done for this ioe

play02:06

click the Deviant objects tab to see the

play02:08

list of objects and reasons that are

play02:10

triggering the exposure

play02:12

if you expand an object in the list you

play02:15

can see more details about what is

play02:17

causing the deviance

play02:19

to create a query click type an

play02:22

expression and enter a Boolean query for

play02:24

an item

play02:25

you can also click the filter icon to

play02:28

the left to build a query

play02:35

set the start and end dates choose

play02:38

domains and search for ignored items by

play02:40

clicking the ignore toggle

play02:44

you can hide objects in the list by

play02:46

ignoring them

play02:49

to do so select one or more objects and

play02:52

then click select an action at the

play02:54

bottom of the page

play02:56

select ignore selected objects

play02:59

and click ok

play03:02

choose the date until which you want to

play03:04

ignore the selected objects

play03:19

you can stop ignoring objects the same

play03:21

way using the stop ignoring selected

play03:24

objects option

play03:28

to export the list of all deviant

play03:30

objects for this indicator as a CSV file

play03:32

click the export all button

play03:39

click the recommendations tab to see

play03:41

recommendations regarding remediation

play03:43

for this indicator

Browse More Related Video

Keep your project organized with Microsoft Loop

Getting Started with Magnet AXIOM - File System and Registry

How can I manage my SSL certificates!? Look no further!

SciSpace AI Copilot β€” Read and understand research with AI research reading assistant

Setting up Active Directory in Windows Server 2019 (Step By Step Guide)

Guida a Microsoft Planner: COMPLETA e gratis!

Rate This
β˜…
β˜…
β˜…
β˜…
β˜…

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Tenable ADSecurity MaturitySeverity LevelsEvent MonitoringExposure IndicatorsConfiguration ItemsVulnerability ChecksDeviant ObjectsRemediation TipsSecurity AnalysisRisk Management