Indicators of Exposure (IoEs) in Tenable Identity Exposure
Summary
TLDRTenable AD is a security tool that assesses the maturity of your Active Directory with indicators of exposure (IOEs), categorizing them by severity levels. Users can view and search IOEs, filter by domain, and access detailed views including executive summaries, related documents, and known vulnerabilities. The platform also offers recommendations for remediation and allows for querying, filtering, and managing deviant objects, including the ability to ignore or export them as a CSV file.
Takeaways
- π Tenable AD uses Indicators of Exposure (IOEs) to measure security maturity in Active Directory environments.
- π IOEs are assigned severity levels based on the flow of events monitored and analyzed by Tenable AD.
- π To access IOEs, sign into Tenable AD, expand the panel, and click on 'Indicators of Exposure'.
- π The default view shows configuration items in your environment that are potential exposure items, rated by severity.
- π Clicking the toggle can show all available indicators in your Tenable AD instance.
- π Items without a domain indicate that you do not have exposure to them.
- π You can search for indicators by typing a keyword, such as 'password', to see related indicators.
- π Clicking on an indicator provides a detailed view including an executive summary, related documents, and known attacker tools.
- π The 'Vulnerability Details' tab offers additional information about the checks done for an IOE.
- π The 'Deviant Objects' tab lists objects and reasons triggering the exposure, with expandable details.
- π Users can create queries using Boolean expressions or by building a query through the filter icon.
- ποΈ Queries can be set with specific start and end dates, domains, and can include ignored items.
- π« Objects can be ignored by selecting them and choosing 'Ignore Selected Objects', with a specified date until which they are ignored.
- π The 'Recommendations' tab provides remediation advice for each indicator.
Q & A
What is the primary purpose of Tenable AD's indicators of exposure?
-The primary purpose of Tenable AD's indicators of exposure is to measure the security maturity of your Active Directory and assign severity levels to the flow of events that it monitors and analyzes.
How can you access the indicators of exposure in Tenable AD?
-You can access the indicators of exposure by signing into Tenable AD, clicking the icon on the top left to expand the panel, and then clicking 'Indicators of Exposure' on the left side.
What are the default view settings for indicators of exposure in Tenable AD?
-The default view shows configuration items in your environment that are potential exposure items, rated by severity as critical, high, medium, and low.
How can you see all the indicators of exposure in Tenable AD?
-You can see all the indicators by clicking the toggle to the right of 'Show All Indicators'.
What does it mean when an item shows 'no domain' in Tenable AD?
-An item showing 'no domain' indicates that you do not have exposure to that item in your environment.
How can you view indicators for specific domains in Tenable AD?
-You can view indicators for specific domains by clicking on the 'Domain' dropdown to the right of 'Show All Indicators' and selecting the desired domains.
How can you search for specific indicators in Tenable AD?
-You can search for specific indicators by clicking 'Search an Indicator' and typing a keyword such as 'password' to see all related indicators.
What information is provided in the detailed view of an indicator in Tenable AD?
-The detailed view provides an executive summary of the exposure, lists documents related to it, known attacker tools that can exploit the item, and impacted domains.
How can you access additional information about the checks done for an indicator in Tenable AD?
-You can access additional information by clicking the 'Vulnerability Details' tab in the detailed view of an indicator.
What is the purpose of the 'Deviant Objects' tab in Tenable AD?
-The 'Deviant Objects' tab shows a list of objects and reasons that are triggering the exposure, allowing you to understand what is causing the deviance.
How can you create a query in Tenable AD to filter indicators?
-You can create a query by typing an expression and entering a Boolean query for an item, or by clicking the filter icon to the left to build a query.
What actions can you perform on deviant objects in Tenable AD?
-You can ignore objects by selecting them and choosing 'Ignore Selected Objects', and you can stop ignoring them using the 'Stop Ignoring Selected Objects' option.
How can you export the list of all deviant objects for an indicator in Tenable AD?
-You can export the list as a CSV file by clicking the 'Export All' button.
Where can you find recommendations for remediation in Tenable AD?
-You can find recommendations for remediation by clicking the 'Recommendations' tab in the detailed view of an indicator.
Outlines
π Tenable AD Exposure Indicators Overview
This paragraph introduces the functionality of Tenable AD's indicators of exposure (IOEs). It explains how Tenable AD measures the security maturity of an organization's Active Directory by monitoring and analyzing events. Users can sign in to Tenable AD, navigate to the 'Indicators of Exposure' section, and view the default configuration items rated by severity levels (Critical, High, Medium, Low). The paragraph also guides users on how to view all IOEs, search for specific indicators (e.g., related to passwords), and access detailed information about each indicator, including executive summaries, related documents, known attacker tools, impacted domains, vulnerability details, and deviant objects. Additionally, it explains how to create queries, filter results, ignore objects, and export deviant objects as a CSV file.
Mindmap
Keywords
π‘Indicators of Exposure (IOEs)
π‘Severity Levels
π‘Tenable AD
π‘Configuration Items
π‘Domain
π‘Searchable Indicators
π‘Executive Summary
π‘Vulnerability Details
π‘Deviant Objects
π‘Boolean Query
π‘Remediation Recommendations
Highlights
Tenable AD uses indicators of exposure to measure the security maturity of Active Directory.
Severity levels are assigned to the flow of events monitored and analyzed.
Users can sign into Tenable AD and expand the panel for navigation.
Indicators of Exposure (IOEs) can be viewed by clicking on the respective section.
Default view shows configuration items that are potential exposure items, rated by severity.
A toggle allows users to show all indicators, including those without domain exposure.
Domain selection is available for environments with multiple domains.
Indicators are searchable by keywords, such as 'password'.
Clicking an indicator reveals an executive summary and related documents.
Known attacker tools that can exploit the exposure are listed.
Impacted domains are displayed for each indicator.
Vulnerability details and checks can be reviewed for each IOE.
Deviant objects and their triggering reasons are listed under a separate tab.
Objects causing deviance can be expanded for detailed examination.
Users can create queries using Boolean expressions or filters.
Objects in the list can be ignored or stopped ignoring based on user selection.
A CSV file export option is available for the list of all deviant objects.
Recommendations for remediation are provided under the recommendations tab.
Transcripts
tenable ad uses indicators of exposure
to measure the security maturity of your
active directory and assign severity
levels to the flow of events that it
monitors and analyzes
sign into tenable ad
click the icon on the top left to expand
the panel
click indicators of exposure on the left
side to see the ioes
the default view shows configuration
items in your environment that are
potential exposure items
they are rated by severity critical High
medium and low
click the toggle to the right of show
all indicators
now you can see all the indicators
available in your tenable ad instance
any item that shows no domain is an item
where you do not have that exposure
to the right of show all indicators you
can see domain
if you have multiple domains in your
environment you can click on it and
select which domains you wish to view
these items are also searchable
click search an indicator and type a
keyword such as password
and here you see all of the indicators
that are related to passwords
to see additional information about an
indicator click on it
the detailed view starts with an
executive summary of the particular
exposure and then lists documents
related to it and known attacker tools
that can expose this particular item
to the right you see impacted domains
if you click the vulnerability details
tab you can read additional information
about the checks done for this ioe
click the Deviant objects tab to see the
list of objects and reasons that are
triggering the exposure
if you expand an object in the list you
can see more details about what is
causing the deviance
to create a query click type an
expression and enter a Boolean query for
an item
you can also click the filter icon to
the left to build a query
set the start and end dates choose
domains and search for ignored items by
clicking the ignore toggle
you can hide objects in the list by
ignoring them
to do so select one or more objects and
then click select an action at the
bottom of the page
select ignore selected objects
and click ok
choose the date until which you want to
ignore the selected objects
you can stop ignoring objects the same
way using the stop ignoring selected
objects option
to export the list of all deviant
objects for this indicator as a CSV file
click the export all button
click the recommendations tab to see
recommendations regarding remediation
for this indicator
Browse More Related Video
Keep your project organized with Microsoft Loop
Getting Started with Magnet AXIOM - File System and Registry
How can I manage my SSL certificates!? Look no further!
SciSpace AI Copilot β Read and understand research with AI research reading assistant
Setting up Active Directory in Windows Server 2019 (Step By Step Guide)
Guida a Microsoft Planner: COMPLETA e gratis!
5.0 / 5 (0 votes)